It is against the terms of service of Google analytics to pass any PII such that you can track an event back to any particular person. On top of that, the code for Google Analytics js is available for your review, along with its network requests, such that you can hold them to their word.
The section about "personally identifiable" information in the Google Analytics Terms of Service [1] does not limit Google, but the site using GA.
Practically, I'm not sure that can even be enforced, or that Google has any incentive to enforce it. If a site uniquely tags each user via custom variables, or by sending users to a unique resource/goal/interim URL, will Google detect this and obscure/destroy the resulting data? Or is such tracking for the site's own purposes a core feature of GA?
And Google often has its own PII about the same user, from other visits to Google's own sites, anyway.
> It is against the terms of service of Google analytics to pass any PII such that you can track an event back to any particular person.
You need barely any information to construct a personally identifiable profile. The fact that you as the user of google analytics can't do it says nothing about googles ability to do it.
To manage your webserver, use your server logs. If you really think you need more information than those convey, you could get some self-hosted javascript to assist with that.
That's hardly useful though. Logs are littered with bot traffic, and several users or sessions can be hiding behind a single IP address. Also, you've absolutely no means to track segments of traffic.
Self-hosted javascript is an only vaguely better option. You then need to worry about the infrastructure needed to write the data in a reasonably scalable way as you get larger, and processing the data in a useful manner isn't necessarily something an average Joe can do.
If you need help to deal with your server logs, hire a professional.
By the time you got large enough to have to worry about scaling an infrastructure to deal with your server logs you should either have grown out of the average joe category or have enough revenue to hire a sysadmin.
The whole point of using a solution like google analytics which is free (to a certain extend) is to not have to hire a professional.
There is no way a single sysadmin (how good he think he is) could write the code required for the analytics of a high volume web site (eg. ranked in the top 1000).
Also, without analytics right from the start, I can guarantee you, your web site will never grow, at least certainly not to a high volume web site.
And here the thing that do happen when your web site have a high volume (you know, in real life and not on a fantasy island), even if you reduce your analytics sampling to 10% your web site traffic can still be bigger than the maximum allowed "for free".
So you decide "let's write our own solution" and you assign it to a team of about 5 devs and it take them a good 6 months to finally be able to track data, and then your pointy hairy boss realise he has no nice visual way to read this data (because he want basically the same thing as google analytics).
so tell me again why I/we should not use ga again ?
Server-side log-analysis solutions are not possible to block.
I assume that piwik is running client-side javascript? Then it's in the interest of the client to block it; it's not a server-side solution anymore. Of course with self-hosted js, that's a cat-and-mouse game that the clients can't win anyway, but in the short-term the mouse has won.
I agree. I understand that people have issues with being retargeted by ad platforms and hate seeing the same ad follow them around, but I don't really seem any downside to users being tracked by 3rd party platforms like Google Analytics. Platforms like GA, don't track first party information and anonymize who you are with a randomly generated ID. This is the only thing that makes your visit unique from the rest. I don't see any harm in providing that information. How do you expect businesses to get insights into what features users like or dislike in their product? I can easily see users of a tool like this complain about a change in one of their favorite products, but by preventing them from any insights how does the business figure that out?
> How do you expect businesses to get insights into what features users like or dislike in their product?
Collect the data you need yourself. If you don't want to do that (it's really easy) then the data can't be that useful/important to you. Another way would be to, you know, ask your users.
What bugs me is that people seem to think it's okay to send my data to another company (usually many, in all kinds of different jurisdictions) without even considering to ask for my consent. That's not nice, is it?
You could ask me, on first visit, if I'm okay with you sending my (anonymous) data set to Google. It's really not that hard, is it? Just ask. But you don't. Not only does nobody do that, I'm pretty sure most people don't even consider doing it. That's the most offensive part.
So what am I left with? I could stop using the WWW all together, I suppose, or, I could block Google Analytics and the likes before hand, and then, if I feel comfortable doing it, opt in to sharing my data because I like your service and I want it to improve.
You and Google don't ask for my consent, but Ghostery does. That's why I (have to) use it.
---
bhouston said: "This type of stuff should be opt-in." (blocking GA, that is)
I hope the people reading my comment can appreciate the irony.
[By the way, the hypothetical guy I'm yelling at — not you]
The reason "nobody does that" is because it's a stupid question that only a tiny minority of people actually care about.
It's like the EU cookie law, the net result of which is that a handful of websites are required to post obnoxious warnings.
Great. Your solution means even more obnoxious warnings internet wide. "Hey, the person running this website wants to see what its users are doing. Allow Y/N?" This is a future I literally cannot wait to see. </s>
Do you really think it's stupid to consider asking a client whether they're okay with you sending their personal data to another company? Just assuming that only a tiny minority of them actually care seems a bit careless.
I don't like the EU cookie law either, but that's a completely different thing. The only thing they do have in common is that they make UX designer's lives a bit harder, but that's really no excuse.
Considering "their personal data" in this case consists of "what you clicked on my website", no, I don't think that should require any special permission.
I think you and I have different definitions of personal data. When I hear that phrase, I think things like addresses, income, contacts, and so forth, but not email or phone numbers (both of which are basically public info), and certainly not what you clicked on my site.
What someone clicks on websites is extremely sensitive private information. Extremely private sensitive matters of peoples' lives is directly observable in the things they click on websites.
How about asking your customers, instead of stalking them by default?
Even telephone hotlines warn you that the calls may be recorded and give you (at least) a way to opt out. No site ever gave me such an option, but my browser has it - so I'm using it indiscriminately.
If you want my trust, give me an (opt in and later opt out) button, limit your tracking as much as you can (time, do not correlate with others, personal info, etc.) and as much information about your tracking as you can and what you use it for. In fact, give me an easy way to see what you have profiled and give me an option to clea(n/r) it.
I guess that sounds like hard work. Maybe Piwik can be extended to provide such things? Does it already do some of that?
> I don't really seem any downside to users being tracked by 3rd party platforms like Google Analytics. Platforms like GA, don't track first party information and anonymize who you are with a randomly generated ID.
But thats not your call to make for your users if they happen to have a different opinion on the topic.
Google is an advertising company. It is not unreasonable to not want to tracked at all by advertising companies. Neither they nor you have any sort of right to this information.
It sucks for you that it is harder to grow your business. But since when has that ever been easy?
It's unfortunate so many people are downvoting you apparently just because they don't agree. I'm not sure I agree, but you have a totally valid and reasonable point of view.
Your user sessions should be short, preferably. If I take a long time to find what I need, you have a badly designed website (or an uninteresting one).
Unless you're trying to make a time-sink website like imgur, that is.
Blocking standard analytics on small websites who do not server ads is being dick. Now I do not know who is using my website. I can not optimize it for longer user sessions, I can not figure out which are the most popular pages, I can not record client-side errors, I can not track caching and page load time.
Basically this screws over those want to create good website experiences. Blinding us in this way is pretty useless.
This type of stuff should be opt-in. Most people install uBlock to remove Ads. But now we are making them invisible to websites at the same time, which is not what most people signed up for.
I think a fair portion of the people who are consciously blocking GA might think that beaming back a ton of information to the Google mothership is also "being dick," because they don't want ad-tracking profiles to be built for them based on their browsing habits across millions of websites.
If you want to balance the desires of your privacy-savvy users and your craving for analytics, why not use Piwik and self-host it on your own domain? No external requests, and no information back to Google.
Thanks. Knowing that, I'll probably go out of my way to whitelist 'piwik.js', etc. I'd be willing to trade some personal information to any host wanting to use a self-hosted Piwik instance over a big analytics platform.
this is unfortunate. i think anything that's same domain should be allowed through, even 2nd-level might be okay. it's third-party tracking that should be disabled because of cross-domain tracking capability.
it's completely unreasonable to expect websites not to do something as simple as tallying unique visitors or recognizing returning customers via cookies/fingerprinting on their own properties.
To be fair, "recognizing returning customers via cookies/fingerprinting" by itself doesn't require JavaScript. It's the tracking of the user's activity once the page has loaded which does.
I think the parent comment is referring to the idea that the web server, by necessity, is aware of a client connection. Webserver logs reveal a lot of information.
That might be useful for fingerprinting visitors but, perhaps ironically, it's much worse than javascript & cookies for actually seeing big picture trends on your site. There are many, many bots that request files off your server but only a relative handful execute javascript.
I don't think this is such a big issue. Only a small minority of people use uBlock. Whatever data you measure on the 90% of your visitors that don't block GA can, most likely, be extrapolated to the remaining 10% as well.
I'm a lot more concerned about the revenue I am losing due to the decrease in ad views/clicks than I am about a slight decrease in GA hits...
>> Whatever data you measure on the 90% of your visitors that don't block GA can, most likely, be extrapolated to the remaining 10% as well.
Agreed.
I think we as tech people tend to assume everybody is as tech savy as we are - when in fact, it's not even close. Also, when you talk about an aging baby boomer population who didn't grow up with Facebook and Instagram, they could care less about being tracked.
Most small adverticers see it the opposite way. We don't want to pay you money to show the ads to someone that is not interested in our products anyway and never will click the link. Or even worse, click the link just to support you, stealing money from us instead. There are always two sides to a coin.
I think it's a mistake to think that people who visit your site somehow 'owe you' and should permit third-party tracking code from your site to run in their browser. I understand your points about wanting metrics to learn from, but when you bring in a third party all bets are off and individual visitors (like me) will choose not to run that tracking code.
Don't forget there are other ways of achieving what you want too - you can use something simple like GoAccess[0] or even run a Piwik install off your server logs[1] for a nice pretty GUI experience if you prefer.
As more and more people become privacy-conscious I hope you will see this as an opportunity to learn how to do more yourself and outsource less to Google. They don't even give you all the data they collect from site visitors, you are giving them free data for little in return!
The Piwik use-case I was referring to is to run it from your imported logs, not the default JS tracking. Because the visitors can't circumvent server logging, you get analytics and also boost page speed.
Once upon a time people and web hosting companies knew how to parse access logs into beautiful analytics systems with software like JAWStats (http://www.jawstats.com/).
It's really a shame that Google Analytics has become the only way to handle traffic analysis.
Parsing access logs in 2015? Really? You mean those logs that are cluttered with bot traffic and that only have IP addresses instead of real user sessions, and do not contain valuable information about for instance exit pages, banner clicks, page load times, and so on?
There isn't always enough entropy to uniquely identify a user - you can't rely on that to provide accurate tracking. If people are coming from a corporate environment using terminal servers then every single browser will identify as one user by that method.
Most browsers are now taking steps to stop the CSS custom styles hack working - for example this doesn't work in Chrome anymore. The website can show you which websites you've visited with the change in colour for the link state however it can no lonqer query it.
it would be as accurate as the server logs, the only difference is I don't need to analyse those logs I can keep using google analytics.
that's my whole point: "yadda yadda yadda ublock or adblock or whatever block ga.js on the client side haha you can not track the visitors anymore"
nope I can still track them and I don't need to even bother analysing the server logs
server side:
1. I can detect if there is a _ga cookie
2. if not, I can generate a UUID based on the user-agent and IP
3. and I send my pageview from the server side
it is not perfect, I would certainly not use that UUID to identify a login session but it does work without me having to stop using google analytics.
> "There isn't always enough entropy to uniquely identify a user"
there is, read the EFF link it explains all that nicely
TL;DR
- you can not send tracking client side anymore
- OK, I can send tracking server side, go ahead try to ublock that
Sure you can. Quit using Google. You think they are the only with a tool that provides these answers? Also, I think you are wrong: If people understood how FB, Twitter and Google can track your moves across websites, then I believe most WOULD want this.
Sure you can. All you need to manage your site's performance is in your server's log file. There are many free tools for analyzing those logs. If you're getting client-side errors, run a site analyzer to check your site for dead links and such.
I've used ad blockers since ad started to appears on the web because ads are annoying sure but the real reason is that it is a severe privacy intrusion. This is exactly why I installed µBlock as soon as I heard about it, because contrary to ad blockers it states clearly that it is about privacy and shows that the author actually gets it.
I could not care less about stupid justification for spying on me and sending all this data about me to google, either use piwik or learn to apply analytics to your web server logs.
Anyways I was already invisible to you because I have js disabled by default, and a few extension dedicated to blocking trackers and google spefically, with fanboy's lists to block trackers.
> I can not optimize it for longer user sessions, I can not figure out which are the most popular pages, I can not record client-side errors, I can not track caching and page load time.
Sure you can. You can do all of those things still.
Little nitpick - the line linked to is /googleanalytics.js, which I believe in most situations will do absolutely nothing. It's the lines referring to "analytics.js" and "ga.js" that actually matter.
EDIT: For clarification, analytics.js and ga.js are in indeed listed, as are many other analytics services, bugsnag and kissmetrics to name a few.
Fake traffic? I have access to a few mid/high-traffic sites on GA. We do a lot of event tracking, so unless these are very sophisticated bots I imagine I would pick up on a lot of bot traffic.
Mind expanding on the fake traffic you're getting?
1. host the analytic js on your own domain
2. and/or rename it
at the very worst you can do the analytic tracking server side, I know that because I had to do it to track RESTful API usage as json/xml can not allow you to embed the ga.js
eg.
1. read a _ga cookie, if it does not exists create it
2. not fan of it but you can make it more persistent with a session (I know, opposite to the idea of stateless with REST)
3. and use the measurement protocol (universal analytics) server side which is trivial to implement
The Panopticon approach of "I am entitled to everything about you and your browsing activity because I technically CAN get it" is very troublesome and I'm glad that µblock takes a small step to revert that.
If some guy followed you around a store with a clipboard literally writing down microsecond-level details of your time spent in the store, you wouldn't be OK with that just because "I promise I didn't write down your name!" There's no reason to suffer LESS privacy online.
uBlock's philosophy is to, by default, block crash reporters (bugsnag, newrelic) and all forms of analytics (customer.io, optimizely, kissmetrics, mixpanel, newrelic, pingdom, piwik) because it can.
This is a stupid policy that hurts independent website developers because now I have to write my own version of these tools because if I use third-party services they will be listed in uBlock and blocked by default.
It is stupid but these are not used to run ad-networks, but rather improve the quality of the website you are on.
uBlock is going to become very very popular. It isn't just going to be a small percentage of users. It is going to be the majority of tech savvy users. That is the problem.
ublock isn't Ghostery or NoScript. It is being sold to most has an ad blocker, but really it blocks everything.
"to cause to be accepted, especially generally or widely"
And it is, especially when all comparisons are with AdBlock Plus -- people are being told by you that uBlock is a faster, more efficient alternative to ABP:
Are any of these blocked services self-hosted? I sort-of agree with you if that is the case, but otherwise I'd say that it's entirely fair that a user use uBlock to keep these third parties from tracking their behavior.
Thanks for finally convincing me giving uBlock a try. And for those crying web developers here -- if you respect your visitors, learn how to use server side analysing and profiling without a use of 3rd party tools by companies known to use privacy violations as a part of business model.
89 comments
[ 3.1 ms ] story [ 169 ms ] threadhttps://github.com/gorhill/uBlock/blob/e6707fe8b155cc92da1cb...
This screws my efforts to try to optimize my site for increased traffic and to work towards longer user sessions. This hurts my website.
Practically, I'm not sure that can even be enforced, or that Google has any incentive to enforce it. If a site uniquely tags each user via custom variables, or by sending users to a unique resource/goal/interim URL, will Google detect this and obscure/destroy the resulting data? Or is such tracking for the site's own purposes a core feature of GA?
And Google often has its own PII about the same user, from other visits to Google's own sites, anyway.
[1] http://www.google.com/analytics/terms/us.html - section 7 "Privacy"
https://developers.google.com/analytics/devguides/collection...
You need barely any information to construct a personally identifiable profile. The fact that you as the user of google analytics can't do it says nothing about googles ability to do it.
http://arstechnica.com/tech-policy/2009/09/your-secrets-live...
To manage your webserver, use your server logs. If you really think you need more information than those convey, you could get some self-hosted javascript to assist with that.
You need nothing else.
That's hardly useful though. Logs are littered with bot traffic, and several users or sessions can be hiding behind a single IP address. Also, you've absolutely no means to track segments of traffic.
Self-hosted javascript is an only vaguely better option. You then need to worry about the infrastructure needed to write the data in a reasonably scalable way as you get larger, and processing the data in a useful manner isn't necessarily something an average Joe can do.
By the time you got large enough to have to worry about scaling an infrastructure to deal with your server logs you should either have grown out of the average joe category or have enough revenue to hire a sysadmin.
There is no way a single sysadmin (how good he think he is) could write the code required for the analytics of a high volume web site (eg. ranked in the top 1000).
Also, without analytics right from the start, I can guarantee you, your web site will never grow, at least certainly not to a high volume web site.
And here the thing that do happen when your web site have a high volume (you know, in real life and not on a fantasy island), even if you reduce your analytics sampling to 10% your web site traffic can still be bigger than the maximum allowed "for free".
So you decide "let's write our own solution" and you assign it to a team of about 5 devs and it take them a good 6 months to finally be able to track data, and then your pointy hairy boss realise he has no nice visual way to read this data (because he want basically the same thing as google analytics).
so tell me again why I/we should not use ga again ?
So great to see what we're sacrificing upon the dubious privacy altar...
I assume that piwik is running client-side javascript? Then it's in the interest of the client to block it; it's not a server-side solution anymore. Of course with self-hosted js, that's a cat-and-mouse game that the clients can't win anyway, but in the short-term the mouse has won.
Collect the data you need yourself. If you don't want to do that (it's really easy) then the data can't be that useful/important to you. Another way would be to, you know, ask your users.
What bugs me is that people seem to think it's okay to send my data to another company (usually many, in all kinds of different jurisdictions) without even considering to ask for my consent. That's not nice, is it?
You could ask me, on first visit, if I'm okay with you sending my (anonymous) data set to Google. It's really not that hard, is it? Just ask. But you don't. Not only does nobody do that, I'm pretty sure most people don't even consider doing it. That's the most offensive part.
So what am I left with? I could stop using the WWW all together, I suppose, or, I could block Google Analytics and the likes before hand, and then, if I feel comfortable doing it, opt in to sharing my data because I like your service and I want it to improve.
You and Google don't ask for my consent, but Ghostery does. That's why I (have to) use it.
---
bhouston said: "This type of stuff should be opt-in." (blocking GA, that is)
I hope the people reading my comment can appreciate the irony.
[By the way, the hypothetical guy I'm yelling at — not you]
---
One hour later. Can't make this up.
https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-p...
https://news.ycombinator.com/item?id=8920294
It's like the EU cookie law, the net result of which is that a handful of websites are required to post obnoxious warnings.
Great. Your solution means even more obnoxious warnings internet wide. "Hey, the person running this website wants to see what its users are doing. Allow Y/N?" This is a future I literally cannot wait to see. </s>
I don't like the EU cookie law either, but that's a completely different thing. The only thing they do have in common is that they make UX designer's lives a bit harder, but that's really no excuse.
I think you and I have different definitions of personal data. When I hear that phrase, I think things like addresses, income, contacts, and so forth, but not email or phone numbers (both of which are basically public info), and certainly not what you clicked on my site.
Even telephone hotlines warn you that the calls may be recorded and give you (at least) a way to opt out. No site ever gave me such an option, but my browser has it - so I'm using it indiscriminately.
If you want my trust, give me an (opt in and later opt out) button, limit your tracking as much as you can (time, do not correlate with others, personal info, etc.) and as much information about your tracking as you can and what you use it for. In fact, give me an easy way to see what you have profiled and give me an option to clea(n/r) it.
I guess that sounds like hard work. Maybe Piwik can be extended to provide such things? Does it already do some of that?
But thats not your call to make for your users if they happen to have a different opinion on the topic.
Google is an advertising company. It is not unreasonable to not want to tracked at all by advertising companies. Neither they nor you have any sort of right to this information.
It sucks for you that it is harder to grow your business. But since when has that ever been easy?
Unless you're trying to make a time-sink website like imgur, that is.
Basically this screws over those want to create good website experiences. Blinding us in this way is pretty useless.
This type of stuff should be opt-in. Most people install uBlock to remove Ads. But now we are making them invisible to websites at the same time, which is not what most people signed up for.
If you want to balance the desires of your privacy-savvy users and your craving for analytics, why not use Piwik and self-host it on your own domain? No external requests, and no information back to Google.
it's completely unreasonable to expect websites not to do something as simple as tallying unique visitors or recognizing returning customers via cookies/fingerprinting on their own properties.
It blocks the piwik.js. When you check the statistics and hover the red filter symbol for the Piwik line you will see which rule blocked it.
I'm a lot more concerned about the revenue I am losing due to the decrease in ad views/clicks than I am about a slight decrease in GA hits...
Agreed.
I think we as tech people tend to assume everybody is as tech savy as we are - when in fact, it's not even close. Also, when you talk about an aging baby boomer population who didn't grow up with Facebook and Instagram, they could care less about being tracked.
Don't forget there are other ways of achieving what you want too - you can use something simple like GoAccess[0] or even run a Piwik install off your server logs[1] for a nice pretty GUI experience if you prefer.
As more and more people become privacy-conscious I hope you will see this as an opportunity to learn how to do more yourself and outsource less to Google. They don't even give you all the data they collect from site visitors, you are giving them free data for little in return!
[0] http://goaccess.io/ [1] http://piwik.org/log-analytics/
It's really a shame that Google Analytics has become the only way to handle traffic analysis.
Also, server logs are the only tracking system that can't be disabled by visitors.
With user-agent header, ip address, etc. you can uniquely identify a user because there is enough entropy, see https://www.eff.org/deeplinks/2010/01/primer-information-the...
and that basically allows you to emulate a session id without cookies and without appending it to the URL
You can also use the cache to know if the user already visited some content or not, explained here http://joshduck.com/blog/2010/01/29/abusing-the-cache-tracki...
And finally, you can use CSS custom styles to know if the user already visited some web sites or not, see spyjax http://davidwalsh.name/ajax-evil-spyjax
granted, the user can disable JS, change the user-agent, but I would argue they are still trackable
Most browsers are now taking steps to stop the CSS custom styles hack working - for example this doesn't work in Chrome anymore. The website can show you which websites you've visited with the change in colour for the link state however it can no lonqer query it.
that's my whole point: "yadda yadda yadda ublock or adblock or whatever block ga.js on the client side haha you can not track the visitors anymore"
nope I can still track them and I don't need to even bother analysing the server logs
server side:
it is not perfect, I would certainly not use that UUID to identify a login session but it does work without me having to stop using google analytics.> "There isn't always enough entropy to uniquely identify a user"
there is, read the EFF link it explains all that nicely
TL;DR
You don't need Google for any of this.
https://www.google.co.uk/search?client=ubuntu&channel=fs&q=l...
with bing:
http://www.bing.com/search?q=log+analyzer&qs=AS&sk=AS4&pq=lo...
or with duckduckgo:
https://duckduckgo.com/?q=log+analyzer
:D
I could not care less about stupid justification for spying on me and sending all this data about me to google, either use piwik or learn to apply analytics to your web server logs.
Anyways I was already invisible to you because I have js disabled by default, and a few extension dedicated to blocking trackers and google spefically, with fanboy's lists to block trackers.
Sure you can. You can do all of those things still.
EDIT: For clarification, analytics.js and ga.js are in indeed listed, as are many other analytics services, bugsnag and kissmetrics to name a few.
It's just doing what it's supposed to do.
Mind expanding on the fake traffic you're getting?
Basically referrer spam.
The one that does the job is Peter Lowe's [2]
I wish you would see how convoluted is your suggestion "to let users opt-in to not be tracked by Google Analytics". (paraphrased) [3]
[1] https://www.diffchecker.com/r7v1cq6x
[2] https://github.com/gorhill/uBlock/blob/master/assets/thirdpa...
[3] https://github.com/gorhill/uBlock/issues/564
Edit: "being" => "be"
eg.
here an example in PHP http://pastebin.com/PQCRcJXqIf some guy followed you around a store with a clipboard literally writing down microsecond-level details of your time spent in the store, you wouldn't be OK with that just because "I promise I didn't write down your name!" There's no reason to suffer LESS privacy online.
This is a stupid policy that hurts independent website developers because now I have to write my own version of these tools because if I use third-party services they will be listed in uBlock and blocked by default.
It is stupid but these are not used to run ad-networks, but rather improve the quality of the website you are on.
Does missing out on the few people who use these tools actually have a meaningful effect on your ability to run your business?
I understand how the crash reporters help you but do you really need Optimizely/Analytics/MixPanel etc. running on 100% of your client browsers?
ublock isn't Ghostery or NoScript. It is being sold to most has an ad blocker, but really it blocks everything.
IF you want to track my data you should be asking me.
This is the first sentence on the project page:
> µBlock is not an ad blocker; it's a general-purpose blocker.
And toward the end:
> Free. Open source. For users by users. No donations sought.
It's not "being sold".
> It's not "being sold".
See definition #7 here of "sold": http://dictionary.reference.com/browse/sold
"to cause to be accepted, especially generally or widely"
And it is, especially when all comparisons are with AdBlock Plus -- people are being told by you that uBlock is a faster, more efficient alternative to ABP:
https://github.com/gorhill/uBlock/wiki/%C2%B5Block-vs.-ABP:-...
I appreciate the fact that this is blocking everything about my usage to spying companies/individuals.
I've long wished firefox would actually block ads and trackers by default, but it seems they'd rather make money instead.
[1] : https://github.com/erikvold/no-ga