Show HN: Bypassing ad blockers for Google Analytics

Those who would consider doing this deserve a special place in hell right next to devs who don't respect user privacy and the crooks in the advertising industry who turn a blind eye to the fact they're distributing malware. By installing an adblocker I've made a conscious decision to not have your BS running inside my browser. Forcing it on me will at the very least result in me disabling JavaScript on all your pages.

Meh.<p>If you&#x27;re using GA to prove your site&#x27;s worth, e.g. in some M&amp;A deal, this is useless - your proxying means that you can fudge numbers and thus is no better than anything else you say. (This is a significant use case among looking-for-exit startups).<p>If you&#x27;re using GA to get insight about your website, it would be somewhat useful, but not really - because GA would not be able to correlate the cookies to figure out the demographics, etc (and I don&#x27;t know how much it would trust Via &#x2F; Proxy-for headers, so other statistics it gives you are also limited).<p>Also, if you have non trivial traction, you&#x27;re going to get flagged by their fraud filters.<p>You&#x27;re probably better off running a local Piwik or whatever it&#x27;s called these days.

This is akin to bypassing antimalware protection by hosting the malware on your own reputable site.<p>What are you trying to achieve here? Your entire domain will just end up blocked if you do this at scale, not to mention Google themselves would ban your reverse proxy’s IP because of too many queries (since you’ll be proxying all your visitors’ requests from a single IP).

If you&#x27;re hosting the analytics on your own domain, is it really even something an ad blocker should be blocking? It&#x27;s not coming from a known third-party service domain (for ads or tracking or otherwise) so there&#x27;s no real reason a blocker should be blocking it. It&#x27;s first-party analytics on your own website. The fact that you&#x27;re implementing it via reverse proxying is kind of an implementation detail, because at any point it could stop being Google Analytics, or an existing first-party analytics solution on a website could become GA.<p>It is kind of unfortunate that third-party tracking can &#x27;hide&#x27; this way but in this case there&#x27;s not really much you can do if the content author is going out of their way to pull a fast one...

Nice try but doesn&#x27;t work on Kiwi Browser ;) Shows &quot;This content should be overriden by GTM&quot;. This is because an heuristic is used instead of a blacklist. So to answer, yes this can be blocked easily.

Since it goes through a reverse proxy, wouldn&#x27;t it <i>not</i> leak personal data the way using it directly would? If using GA directly, the browser uses my google-session data which GA can track between sites&#x2F;domains. But here the proxy only gets the unique session for this proxy, so it doesn&#x27;t know who I am. Or?

It&#x27;s an ongoing cat-and-mouse game. This is like the inverse of people using VPNs and proxies to get around filtered Internet, except it&#x27;s now the <i>server</i> that does the tunneling instead of the client.<p>Personally, I&#x27;ve found that JS off and all the GA&#x2F;GTM domains (along with many others) blacklisted is sufficient in daily use; no JS gets rid of most of the crap, and the blocked domains clean up the rest. My goal is not to become completely untrackable (I believe that&#x27;s next to impossible), but just to stop slow-loading pages full of junk I don&#x27;t care about (which is what I suspect most people using <i>ad</i>-blockers are aiming for.)

&gt; Hello from Google Tag Manager. This text is being added by a tag running from GTM.<p>One should note that this inclusion, without an opt-in consent banner for instance, is not GDPR compliant. The URL <a href="https:&#x2F;&#x2F;analytics-bypassing-adblockers.netlify.com&#x2F;proxy&#x2F;https:&#x2F;&#x2F;www.google-analytics.com&#x2F;r&#x2F;collect?.." rel="nofollow">https:&#x2F;&#x2F;analytics-bypassing-adblockers.netlify.com&#x2F;proxy&#x2F;htt...</a>. sends personal data to a third party (Google) without my explicit consent. See Article 7 and Recital 32 of the GDPR:<p>&gt; Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

I remember when modern telemetry gathering practices were labeled a malware&#x2F;adware..

<a href="https:&#x2F;&#x2F;rrregain.com" rel="nofollow">https:&#x2F;&#x2F;rrregain.com</a> does this as a service. There are others as well but most do not use your own domain.

I implemented something like this on a site visited almost exclusively by developers, assuming that developers must have amongst the highest adblock usage, and that my real visitor numbers according to GA would be much higher.<p>I saw a boost of about 7-8%. Remember, most adblockers (like Adblock Plus) don&#x27;t block Google Analytics. uBlock and Ghostery are probably the 2 main GA adblockers, but as a % of adblockers as a whole they&#x27;re not that large.<p>It&#x27;s probably not worth it.

This is unfortunate, but it simply means that we have three options:<p>- Block entire domains - Prevent javascript from running - Use the internet less, read books, use your local library.<p>Happily, I was able to get my browser from the default message: Hello from Google Tag Manager. This text is being added by a tag running from GTM.<p>To the blocked message: This content should be overridden by GTM.<p>But, how far will this game of cat and mouse go?

No personal offence intended, but I hope this project dies on its arse.<p>It&#x27;s malicious software, circumventing the protections afforded to me by my ad&#x2F;tracker blocking software.<p>I&#x27;ll contribute in any way I can to adblocking tech, and to any impotency of this kind of technology.

Would like to know, does Google Analytics actually use data for tracking&#x2F;ad targeting? I thought it would only track users if they embedded the AdWords script. If so, why is it blocked by UBO and Ghostery?

I blocked GTM and GA with Little Snitch... your bypass doesn&#x27;t work

:popcorn:

&gt; [ This content should be overridden by GTM. ]<p>lol... pages look better if you send the actual document instead of <i>assuming</i> you have permission to run software in my browser.