30 comments

[ 3.9 ms ] story [ 53.8 ms ] thread
I'm all for blocking surveillance but how tiring is it to block JavaScript as suggested and then watch the majority of the internet not work?
Just add the domain to your /etc/hosts as 0.0.0.0

Doing that for years

Google Tag Manager and the whole consent management platform certification business is nothing more than a shakedown. It's racketeering.
> surveillanceware

I thought the term was spyware.

Surveillanceware almost sounds like something necessary to prevent bad stuff. Is this corporate rebranding to make spyware software sound less bad?

Blocking Google Tag Manager script injection seems to have few side effects. Blocking third party cookies also seems to have few side effects. Turning off Javascript breaks too much.
Am I dumb or does this article fail to explain what does the tag manager actually do? And not just with a loaded word, such as surveillance or spying, but actually technically explain what they are selling for and why it is bad.
This may have changed, I last used Tag Manager 9-10 ago. You basically added a single Javascript snippet to you website, then you could inject other Javascript into the pages, using various rules. So rather than having to redeploy our site every time the marketing department wanted to add a new tracking or retargeting script, we could just add it in Tag Manager. I think is a great tool if you insist on doing these types of thing. You can also extract and transform variables, so all the customization required to adapt to each service could be done within Tag Manager, keeping your website simpler.

One major issue Tag Manager solved for us was that a bunch of these online marketing companies that have their own tracking pixels/scripts absolutely suck at running IT infrastructure. More than ones we experienced poorly written 3rd. party scripts would break our site. Rather than having to do a redeployment, to temporarily disable a script, I could easily pop into the Tag Manager console and disable to offending service.

Maybe Google Tag Manager has changed, but it was a good tool, if you where in the business of doing those sorts of things. I suppose it's also a clever way of blocking all tracking from a site by just stopping the Tag Manager script from loading.

> This may have changed, I last used Tag Manager 9-10 ago.

GTM from 9-10 years ago and GTM today have nothing in common.

I have an idea that another way of preventing being tracked is just massively spamming trash in the data layer object, pushing thousands of dollars worth of purchase events and such, pushing randomly generated user details and other such events. Perhaps by doing this your real data will be hard to filter out. A side effect is also that data becomes unreliable overall, helping less privacy aware people in the process.
I have a quite common name in my country and snatched firstname.lastname@gmail.com for that name many years ago. Many use it by accident somehow when registering for things. Possibly (hopefully!) half of all leaks containing my email address are for other people. Never thought of what it might do for ad profiling, but hopefully it is adding at least some noise to it.

Maybe I could manually improve a bit on that by deliberately register myself for various random services and just clicking around a bit to pretend I am interested in things I have no interest in. On the other hand with 20 years of tracking I think Google has all my interests and habits nailed down anyway.

I don't think this article makes a good case for why you should.

>The more of us who incapacitate Google's analytics products and their support mechanism, the better. Not just for the good of each individual person implementing the blocks - but in a wider sense, because if enough people block Google Analytics 4, it will go the same way as Universal Google Analytics. These products rely on gaining access to the majority of Web users. If too many people block them, they become useless and have to be withdrawn.

OK - but then also in the wider sense, if site owners can't easily assess the performance of their site relative to user behavior to make improvements, now the overall UX of the web declines. Should we go back to static pages and mining Urchin extracts, and guessing what people care about?

> if site owners can't easily assess the performance of their site

I would be more than happy to opt in to performance metrics or other reports if only I could have some level of trust that improving the UX is all it's gonna be used for. I want to live in a world where that is the everyday normal, and where the non-consensual collection and sale of personal data is a high-profile public scandal with severe legal consequences.

> Should we go back to static pages and mining Urchin extracts, and guessing what people care about?

Yes absolutely do this please.

Why even bother with the effort of analytics only to ignore the answers? I'm honestly not sure I've ever seen a website improve.

If you block Google Tag Manager, you probably also want to block Yandex Metrics and Cloudflare Insights.
That's hilarious. Do you really Google should be privacy respecting?
Is there a good way to collect basic analytics if you have a site you're hosting on GitHub pages? In such cases I'd rather not rely on Google Analytics if I don't have to.
too long to read
ugh... if you think the internet should be a "static webpage" i got bad news for you bud
The term is a little ambiguous. They're not referring to a website that is served from static files that never change (which would exclude forums like Hacker News). They're referring to websites that still work if you disable JavaScript, so Hacker News would still be included.

  >Use uBlock Origin with JavaScript disabled, as described above, but also with ALL third-party content hard-blocked. To achieve the latter, you need to add the rule ||.^$third-party to the My Filters pane.
This is a worse way to implement uBO's "Hard Mode" (except with JS blocked), which has the advantage that you can easily whitelist sites individually and set a hotkey to switch to lesser blocking modes.

https://github.com/gorhill/uBlock/wiki/Blocking-mode

https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-m...

I use:

VPN so constantly changing ip.

Tor browser for everyday browsing (has no script preinstalled). So onion provides double Vpn. Regularly closed down so history cleared.

Safari in private mode and lockdown mode for when tor won't work (tor ip blocked/hd video that is too slow to stream on tor). Safari Isolation in private mode is excellent, you can use two tabs with, say emails, and neither will know other is logged in.

Safari non private for sites I want available and in sync across devices.

Firefox in permanent private mode with ublock origin for when safari lockdown mode causes issues. (Bizarely Firefox containers doesn't work in private so no isolation across tabs).

Chromium for logged into Google stuff.

Chrome for web development.

Plus opt out for everything possible inc targeted ads.

I rarely see ads of anything I would want to buy, and VPN blocks most of it at its DNS.

Beyond that, anything else would be too much effort for me.

The advertising companies I'm sure know I am not susceptible to impulse buy on ads, I research and seek vfm so not really their target.

We had a disgusting number of tags on some of our customer pages and a few dozen of them start to have effects on page load, especially if you were still on HTTP 1.1.
Years ago, I worked on a site where we constantly had requests from the non technical side of the company to make the site load faster. We were perplexed in engineering. The site loaded and was ready for us in less than a fraction of a second.

Eventually we realized that every dev ran ubo, and tried loading the site without it. It took about 5 seconds. Marketing and other parts of the company had loaded so much crap into GTM that it just bogged everything down

This is why I generally keep a mostly-clean browser around for development (only including some dev extensions). I've wasted half an hour when I had a stray uBO filter go off on a component I was working on once (wasn't even an ad) and that taught me a valuable lesson.

If you're testing a website, you've got to test it like your customers use it. I shake my head at the incompetence of web designers every time I encounter a website filled with scroll bars because the devs on macOS haven't bothered testing any other device.

> Meanwhile, Google Tag Manager is regularly popping up on Government sites. This means not only that governments can study you in more depth - but also that Google gets to follow you into much more private spaces.

The corruption of the system knows no bounds.

How refreshing, a website that doesn’t punch me in the face with a cookie banner. Is that because they’re legit not tracking me or are they just noncompliant?
I develop software for over 30 years now.

GTM is in my top #3 list of the worst software to ever exist. And I mean it. GTM is incredibly hostile to everyone around it: to the victims, to marketing people, to software engineers.