Why I Changed To The Newer Google Analytics Code

Here is why i have changed to the new google analytics code and how i did it for all my websites Cyber War News, Arrest Tracker and this website CTRLBOX.

The anonymity of visitors to my websites means a lot to myself as i like to also not leave tracks and traces of everywhere i have been. It not a lie that analytics are a great thing they are very powerful when used correctly they can help a web sites developers and curators to make better choices about content, publishing times, targeted audiences and of coarse the general websites usage but recently it has dawned to me that using google analytics on my websites i was leaving all my users with unnecessary cookies and even worse all their locations were being tracked and stored by google analytics, this is no longer a problem now as i have taken the steps to enforcement IP Address randomization and anonymity.

Google has since 2010 offered various ways to anonymization the users IP Address but probably the most efficient way is to manually embed the more modern analytics.js code into your websites header just before the tag as opposed to relying on the built in services like CloudFlare offer with their app for google analytics or WordPress plugins and other content management systems that all mostly rely on an older style ga.js code which is currently being deprecated by google, you can see a heap more about merging to the newer code here.

When i first started to look into this i had realized that all my sites had been using CloudFlares google analytics application to inject the code into the site when required, this as stated above is no good if you wish to anonymoize the users addresses properly, so activating the IP Address anonymization offered by google is very simple with just a few extra bits of code need to be added with various options for doing this.

The most preferred way to accomplish this is starting of using the newer analytics.js library and then you can making the required changes to make it all work nicely for your end users. google offers a wide range of customization's for this to view all check out the full range of fields here.

How its done.

Deactivate any services that are injected this code to your website or remove any older ga.js code that may be embedded in your code still to.

Starting with the standard code as seen below

    <!-- Google Analytics -->
    <script>
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
    })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

    ga('create', 'UA-XXXXX-Y', 'auto');
    ga('send', 'pageview');
    </script>
    <!-- End Google Analytics -->

Then by appending the following code you will make IP addresses masked.

    ga('set', 'anonymizeIp', true);

below

    ga('create', 'UA-XXXXX-Y', 'auto');

Like this

    ga('create', 'UA-XXXXX-Y', 'auto');
    ga('set', 'anonymizeIp', true);

You can also embed it like this

    ga('create', 'UA-XXXXX-Y', 'auto', {
    anonymizeIp: true
    });

That is it, now all visitor IP addresses will be masked, but what about leaving cookies behind and is it really required. You can tell google analytics to not use the users browsers or devices local storage by doing the following. (note that some web applications may require this)

    ga('create', 'UA-XXXXX-Y', 'auto', {
        'storage': 'none'
    });

Another neat trick i used for local development to stop the hits coming in was the following

    if (location.hostname == 'localhost') {
        ga('set', 'sendHitTask', null);
    }

This simply tells the script to ignore the hit if it comes from localhost.

Another neat way to do this as a user, that is if you are a chrome user is to install the analytics opt-out plugin provided by Google which will stop all communication between your browser and any Google Analytics trackers it comes across, more on this here.

So that is it, enjoy and put this to use.

Lee Johnstone

Information Security Data Analyst, Web Developer, Data Scraping/Crawling Specialist.

NSW, Australia http://www.ctrlbox.com

Subscribe to Ctrlbox Information Security

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!