Hi malware fighters,

Firefox NoScript is the handy-dandy Firefox or Flock browser add-on to block all kinds of unwanted scripts (be it malicous or unwanted otherwise (profile tracking)), but while a growing number of websites that use certain Google Analytics scripts to make their websites function, the extension can create havoc.

Google Analytics enables websites to analyze their visitors web-profiles. But it is also probable to combine a number of scripts on the functioning of a website, making that when a user clicks a certain button this is being saved in the analytical program. So the user that blocks Google Analytics in Firefox is confronted with a webpage that won’t function.

NoScript developer Giorgio Maone thought of a solution to the problem, by developing so-called “Surrogate Scripts”. In fact this is a dummy script that catches the majority of Google Analytics without ruining the website and without any information transpiring to Google or accepted from the search giant. The surrogate script is available from NoScript version 1.8.9.7 and onwards.
Re: http://hackademix.net/2009/01/25/surrogate-scripts-vs-google-analytics/

Enjoy,

polonus

Thanks for the info. Damien.
Since I have nothing to hide, I don’t really care if little old Google knows where I’ve been.
It’ll make avast!'s statistics look better. ;D

Hi bob3160 and others,

I have heard this various times now, and mostly from Americans. Why you have to rethink this argument you can read here:

Privacy and the "Nothing to Hide" Argument

Good essay: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565

In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the "nothing to hide" argument. When asked about government surveillance and data mining, many people respond by declaring: "I've got nothing to hide." According to the "nothing to hide" argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The "nothing to hide" argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the "nothing to hide" argument and exposes its faulty underpinnings.</blockquote>

polonus

As Giorgio Maone said this is unlikely to be used by any other than geeks as there is no UI, so you have to manually create a firefox about:config entry for each site/surrogate script required.

So until there is a UI this will be of very limited worth, but as Bob said you would also have to be worried about having your movement through sites with Google Analytics tracked.

I think that in big brother terms we have more to fear than Google Analytics and you won’t be able to block those as they will site between the site and the user. So this kind of blocking will be of little use.

Damien,
I don’t try to hide from my government. I participate in it.
I also use SRWare Iron as my default browser so no-script
no longer applies unless it’s made available to me and the rest of the users
of this browser.

Hi bob3160,

As you use SRWare’s Iron you are secure as you can be from Google’s preying eyes, because that browser was specifically developed to do that. Differences of Iron and Chrome:
Iron provides a solution to the privacy issues surrounding Google Chrome such as:
* Error reporting
* Client Id
* Chrome’s Omnibox

Things you have solved by using Iron in stead of GoogleChrome:

Client-ID

Chrome creates a unique ID through which a user can be theoretically identified.
does not exist in Iron

Timestamp

Chrome remembers up to the second exactly when the software was installed.
does not exist in Iron

Suggest

Depending on the configuration, each time you put something in the address line,this information is sent to Google to provide suggestions.
does not exist in Iron

Alternate Error Pages

Depending on the configuration, if you have typed a false address in the adress bar, this is sent to Google and you get an error message from Google’s servers.
does not exist in Iron

Error Reporting

Depending on the configuration, details about crashes or failures are sent Google’s servers.
does not exist in Iron

RLZ-Tracking

This Chrome-function transmits information in encoded form to Google, for example, when and where Chrome has been downloaded.
does not exist in Iron

Google Updater

Chrome installs a updater, which loads at every Windows in background.
does not exist in Iron

URL-Tracker
Calls depending on the configuration five seconds after launch the Google homepage opens in background
does not exist in Iron

What could you do further is block this with your host file:
just go here: C:\WINDOWS\system32\drivers\etc\Hosts file
and then put in these

 Google Analytics # Block Sites

127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com
127.0.0.1 www.googlesyndication.com
127.0.0.1 googlesyndication.com
127.0.0.1 www.pagead2.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 www.doubleclick.com
127.0.0.1 doubleclick.com
127.0.0.1 www.doubleclick.net
127.0.0.1 doubleclick.net
127.0.0.1 www.googleads.g.doubleclick.net
127.0.0.1 googleads.g.doubleclick.net 

A webpage that won’t work because of this being blocked is not worth my attention,

&DavidR,
There is an add-on that does that much better than NoScript can and that is RequestPolicy for privacy and security,
works for the biggest of n00b around, even grandma can allow destinations and block destinations there:
download here: http://www.requestpolicy.com/
Alas not for Bob because he uses Iron and that specific allowing and blocking has not arrived there.

polonus