Add-ons, and Opting out of Google Analytics Without Them

Recently, Google made available the “Google Analytics Opt-out Browser Add-on.” This add-on enables consumers to “indicate that information about the website visit should not be sent to Google Analytics.” We agree that making it easy for consumers to protect their privacy is good, and Internet Explorer offers a variety of features to help keep you in control of your information when visiting websites. In this post, we describe how to use some of these built in features to accomplish the same outcome without installing a Browser Helper Object and the Google Update Service.

Users of Internet Explorer 7 and 8 (and soon 9) who wish to prevent Google Analytics’ script from running can follow these steps:

1. In Internet Explorer, open the Tools menu and click Internet Options.
2. Click the Security tab and then click the Restricted Sites icon.
3. Click the Sites button.
4. In the box at the top, add *.google-analytics.com and push the Add button.
5. Click the Close button, and then the OK button to dismiss Internet Options.

After this configuration change, script from the Google Analytics website will not run on any webpage, and cookies will never be sent to the Google Analytics server.

How does this simple procedure work?  In IE7, we made a minor change to the Restricted Sites zone. IE will not run scripts that originate from sites the user places in the Restricted zone.

To protect your privacy further, IE will not send cookies to sites in the Restricted Sites zone.  In general, you can block script from any other domains by also adding those domains to the Restricted Sites zone.

Add-ons are useful and important. They are also a key cause of performance, stability, and security issues for all browsers. A more trustworthy approach involves building more functionality into the core browser and relying more on data (in the form of declarative descriptions, like XML) than code to extend the browser. For example, Accelerators in IE are XML descriptions of how to get a map, rather than arbitrary script that can get a map and possibly do more (like slow down the browser, or share more information than you’d like). Webslices are XML descriptions of parts of a webpage to show on IE’s Favorites Bar, rather than arbitrary script that can modify IE’s user interface and possibly do more than that under the hood.

In this situation, rather than install and run a lot of additional software on the machine, people can just add a web site to the Restricted Sites zone. Similarly, InPrivate Filtering in IE8 (and IE9) supports Importing and Exporting lists of sites that the user doesn’t want to exchange information with. That’s a simpler, safer, faster and more reliable approach than running more code.

Eric Lawrence
Program Manager

Comments

• Anonymous
  January 01, 2003
  The comment has been removed

• Anonymous
  August 16, 2010
  wow.

• Anonymous
  August 16, 2010
  Interesting that according a recently published article ( online.wsj.com/.../SB20001424052748703467304575383530439838568.html ), you were planning far more effective privacy measures in IE8, but got overruled because they would have harmed Microsoft's own ad revenue. I guess privacy is just a far more pressing issue when it's your competitors making cash, eh?

• Anonymous
  August 16, 2010
  Oh, and can we expect a follow up article on blocking cookies from analytics.microsoft.com, analytics.live.com and atdmt.com?

• Anonymous
  August 16, 2010
  Great info. Thanks!

• Anonymous
  August 16, 2010
  The comment has been removed

• Anonymous
  August 16, 2010
  The comment has been removed

• Anonymous
  August 16, 2010
  Blocking the Google Analytics script entirely will cause script errors on sites which use it, possibly breaking other functionality.  That's the whole point of the opt-out add-on, it keeps the script working but stops it from sending any data.

• Anonymous
  August 16, 2010
  Privacy apparently matters when it involves sticking it to Google.

• Anonymous
  August 16, 2010
  @Amtiskaw Since there is no equivalent add-on for Microsoft's analytic services, it's pretty obvious that the "bias" you are attributing to MSFT is not real. As this article describes, just add those domains to your restricted sites and it will block those as well. @Murray  The Google Analytics script is an isolated piece of code that is inserted on each page. Blocking it from running should have no affect on the page's normal user functionality. It simply, as dave mentions, would affect the data that the web site owner receives from the Google service.  As a Google Analytics user, I'm pretty sure that the script provides no functionality if it can't send/store data. So there's no reason to keep the script working but stop it from sending any data. An icon will appear in the status bar indicating a script error, but it should have no affect on the page's functionality. In fact, according to some reports (this is actively contested, however) Google Analytics may have a performance impact on some sites. If this is true, disabling it would have a performance boost in additional to the described privacy boost. @EricLaw   Doesn't Google-Analytics try to use 1st-Party cookies? If that's true, wouldn't your described method not be effective at blocking the Google Analytics cookies? See www.google.com/.../answer.py

• Anonymous
  August 16, 2010
  I'm surprised some people are in awe of this article. At Apple, Microsoft gets bashed with their bias and at Google I/O conference they bash Apple and (I believe) Microsoft.  Then, we get the whole suspicion that Google isn't going to let employers purchase computers with Microsoft OS installed on them... oh, noes!   Any rate, the whole point is.. if you think it's bias of Microsoft to post this article then so be it - but guess what? So is Google, Apple, IBM and just about every other company that's trying to stay in competition. I personally liked the article, it's nice to see them poke at Google a little since Microsoft is always getting poked.  So, give Microsoft some credit, at least their educating those who don't know how to use restrictions in IE. =)

• Anonymous
  August 16, 2010
  @Amtiskaw: If you need an article explaining how to type one domain name instead of another, you probably shouldn't be surfing the internet at all. The WSJ article is full of lies from disgruntled ex-MS advertisers and clearly demonstrates that the author doesn't understand the technological limits (auto-blocking random sites is very different than surgically blocking selected sites). And implying that this blog post somehow "hurts" Google when it merely shows how to do something Google offers an add-on to do is a bit silly. Now, had they said "Here's how to block *.doubleclick.net and *.google-syndication.com to make those pesky adverts disappear, well, THAT would have been sticking it to Google. @Murray: Clearly, you haven't bothered to try it. I've blocked ALL scripts from Google for years with no broken pages or ill-effects. The way the Google scripts are included in pages ensures that if the Google servers are down or unreachable (or blocked) there are no ill-effects. @Badger: yes, GA uses 1st party cookies, but if the script never gets run, then those 1st party cookies never get set by the script. erik's point was that no cookies get sent to google-syndication servers if they're restricted (assuming that any cookies exist to be sent).

• Anonymous
  August 16, 2010
  @Amtiskaw, "...got overruled because they would have harmed Microsoft's own ad revenue. I guess privacy is just a far more pressing issue when it's your competitors making cash, eh?" hmm... let's get the facts straight, first and foremost, Google Analytics has nothing to do with ads, and this article has not described anything about blocking ads from google, so your whole post is moot.

• Anonymous
  August 16, 2010
  The comment has been removed

• Anonymous
  August 16, 2010
  The comment has been removed

• Anonymous
  August 16, 2010
  @Michael   Google can't change the domain name. Over 50% of the web's top sites now use Google Analytics [1] and most have hard-coded the script's domain in each page's source code. If Google changed the domain they would literally break over half of the web's most trafficked sites' ability to track usage statistics. Suddenly, the world would hate them. lol [1] trends.builtwith.com/.../Google-Analytics

• Anonymous
  August 16, 2010
  I use the restricted zones to filter out a lot of web content - it really is a useful tool.  Most of my internet ads are gone, and those stupid "keyword" popup scripts that making moving a mouse near impossible over some sites are all but gone for me.  Taking back control over what your browser shows you is deifnitely a huge benefit to the internet experience.

• Anonymous
  August 16, 2010
  @EricLaw [MSFT] or another member of the IE Team: it would be nice if it were possible in IE9 to copy & paste a list of sites in the Restricted sites window, instead of having to type in one by one. Thanks!

• Anonymous
  August 16, 2010
  Restricted Sites Zone is one of the most useful features ever! Thank you to whoever had the idea to introduce it and whoever implemented it!

• Anonymous
  August 16, 2010
  @matt Why did you put the word "hurt" in quotation marks when nobody else had said it? I'm not sure you understand quoting. Or facetiousness for that matter. @wechome The blog doesn't mention ads, but it does mention privacy, as in "We agree that making it easy for consumers to protect their privacy is good, and Internet Explorer offers a variety of features to help keep you in control of your information when visiting websites." The purpose of my post(s) was to point out that Microsoft use tracking technologies themselves, and removed stronger privacy protection mechanisms from IE8. So they only agree to making it easy for consumers to protect their privacy to a certain extent, but not to the extent that it threatens their own revenue (from ads).

• Anonymous
  August 16, 2010
  So where does it say how we block Microsofts ad services? Pathetic and childish post if you ask me

• Anonymous
  August 16, 2010
  @Sander: Analytics do not equal ad services. They are different things.

• Anonymous
  August 16, 2010
  The comment has been removed

• Anonymous
  August 17, 2010
  @Shaw    While I agree with most of what you said, it's not correct to say they didn't ""remove"" stronger prviacy mechanisms from IE8. They removed InPrivate Subscriptions. However, IE8 still offers more privacy protection features than any other browser. So I don't understand what the big deal is about that WSJ article.

• Anonymous
  August 17, 2010
  The comment has been removed

• Anonymous
  August 17, 2010
  If you want to block ads use an ad-blocker like Simple-adblock. That is more effective than having to update the restricted zones list (or even the hosts file) as it uses an internet based list (easylist) that is frequently updated) and has more effective blocking methods. An addon like this Google addon example that has the same valuue as only one single entry is the restricted zone 's list however isn't worth downloading especially if you get some unwanted updater software included with it.

• Anonymous
  August 17, 2010
  The comment has been removed

• Anonymous
  August 17, 2010

1. It's amazingly cool that Google writes a plug-in to opt-out of GA.
2. @Murray raises a valid concern that the approach described here will cause errors. Luckily, this won't happen. If you use the old, slow snippet ( code.google.com/.../gaTrackingOverview.html ) the code is wrapped in a try-catch. The new, fast snippet ( code.google.com/.../asyncTracking.html ) only executes code if/when the script is loaded.
3. Building more functionality into the browser is great. But browsers also need to do more work on reducing the security and performance issues of add-ons. Add-ons are critical to the growth and personalization of the Web. Browsers are working on making add-ons more robust, but we still need more work here.

• Anonymous
  August 17, 2010
  If everybody blocked all ads, non-commercial sites wouldn't be able to afford hosting.  Some sites completely overdo advertising and deserve to have theirs blocked (or maybe just complain and then stop using their site?), but many other sites just have one or two well placed ads that help them pay for everything.  If you just block all advertising sites then you're hurting a lot of innocent websites =/  The restricted zone should let you block certain websites from accessing other websites.

• Anonymous
  August 17, 2010
  Yay Steve Souders for making our websites faster!   Drafted and re-drafted this but then I realized IETeam is listening, but not listening that closely, so I should just spit it out: IE should really have an alternate extension model someday.  Not all Chrome and Safari extensions have access to every page, and they don't all run blocking code on tab creation.  Not native code.  Easy to write.  Portable between browsers with similar extension models.  Even a binary extension model with more asynchrony and sandboxing (out-of-process add-ons?) would be a step up. You wouldn't have to can the existing model (or you could can it in the distant future).  You'd just have to give the user the right tools to manage all their add-ons, like warnings about the permissions they're giving to extensions, an offer to uninstall really slow ones, and so forth.  Developers would naturally gravitate to the new model because there'd (rightly) be less-dire warnings up front and less chance the extension gets uninstalled later.   EricLaw's suggestion that the antidote to extensions is avoiding code leaves out a lot; not all code is blocking, un-sandboxed, native code.  It wouldn't surprise me if there are great debaters at internally Microsoft who have convinced folks that Apple and Google just don't know how to design software and that the way forward is minor tweaks to IE's existing model.  I don't agree; I think Apple/Google's extension ecosystem clearly isn't done yet but they're on to something.

• Anonymous
  August 17, 2010
  The Restricted Sites zone is a great feature and I use it to block certain types of pop-ups and "Active adverts" (any generated using an ActiveX plug-in) myself. However I wish this feature allowed syntax like " advert.com " to block any website that has the word "advert" in any part of it's domain name structure (but not in a the page part of the URL). Sadly, good as the Restricted Sites zone is it also doesn't filter out animated GIFs nor background music (MIDI or otherwise).  Would be good if the Zone settings were updated with the options "Allow images" and "Allow background music".  Or, alternatively, how about a new Zone called "Banned Sites" where no interaction is permitted whatsoever, instead of allowing interaction and just filtering specific parts.  (I know the HOSTS file can do this but as it doesn't accept wildcards you have to add a LOT of servers...) Also, my thumbs down for the dumping of the InPrivate Subscriptions.  It's still mentioned on Wikipedia as being an active feature, though, oddly.  One website does offer an XML-import version of all the websites the AddBlock add-on contains so you can block them using InPrivate Filtering.  Studying the format I was excited and wanted to move away from Restricted Sites and put the entries into InPrivate instead--though, sadly, InPrivate Filtering will only block elements, not entire domains it seems.

• Anonymous
  August 17, 2010
  Why do you use the InPrivate filter?

• Anonymous
  August 17, 2010
  @dave: most of the informations you want can be found with a log analyzer, like awstats. And I think you can add a script on each page to get more informations in awstats (like screen size,...). Others log analyzers probably have the same features.

• Anonymous
  August 17, 2010
  @InPrivate filter Because the InPrivate Filtering feature can block animated GIFs that appear on a certain number of websites, something the Restricted Sites zone can't do.  Sadly, as the Restricted Sites zone can block certain content on an entire domain (which InPrivate can't, only specific elements) a mixture of the two are required to achieve better ad-blocking.

• Anonymous
  August 18, 2010
  @EveryoneQuestioningWhyThisArticleRefersToGoogle Google's tracking services are one of the most popular if not THE most. When you have an article related to that, it makes sense to use them as an example. If you want to write an article about searching the internet, would you prefer Google or Bing? THEN you wouldn't complain would ya? :P @Amtiskaw .. LOL.. If you want a follow up article like this for each domain, you better go and sit in a class and learn about redundancy. The articles clearly says you can add any domain to any zone. As to why Google's was used as an example, please see above.

• Anonymous
  August 19, 2010
  Becaus Google posted an add-on about how to block stuff. Turns out that add-ons have issues. The post offers a way to do what Google offered but without running more code (like, the Google Update Service?? really? I need that?).

• Anonymous
  August 19, 2010
  And how do I opt out of having non-microsoft ads showing up on my live applications and GOSH even THIS PAGE????  Don't you realize this is a WORK computer and I don't want corporate ads showing up AT ALL.

• Anonymous
  August 19, 2010
  Ollie, websites don't care if you visit them from work or home. Your boss does. @Souders, it's amazing that Google collects all this information, and no consumer or government agency has flipped out.

• Anonymous
  August 19, 2010
  It's hard to tell whether Steve Souder's "amazingly cool" comment was tongue-in-cheek or not. For peeps who don't pay attention to such things, it may be worth keeping in mind that Souders works for Google.

• Anonymous
  August 25, 2010
  @Eric Lawrence When a site/domain is added to the restricted zone, why do I still see Fiddler trying to connect to the site and get a response?  In this scenario we know that we are just going to throw the response away... thus it seems rather strange that we even attempt to get it?  Is this just to try and fool "evil" servers that naive users picked up malicious files even though they didn't? Performance Optimizing 101 would suggest to me that if the file isn't going to be used - don't bother doing anything once you discover the path of the file is in the restricted zone.

• Anonymous
  August 25, 2010
  @Dan: Generally speaking, that's a reasonable optimization (and something you get out of the HOSTS or InPrivate Filtering features). However, it's more complicated than it looks-- the Restricted Zone isn't a "blackhole zone" and certain types of content (e.g. plain images, CSS) can run when downloaded from that Zone. We could apply a specialization to attempt to abort the download for the case of the script tag. In the case of Google Analytics, it's not a significant optimization, insofar as ga.js is cached on the client for 24 hours and is only 10k and delivered via worldwide CDNs.

• Anonymous
  August 25, 2010
  Thanks Eric - I was fairly sure there would be a reason for it but I couldn't put my finger on it.  Knowing that "restricted" doesn't mean "completely block" clarifies what is going on. That said, scripts normally block rendering when they are encountered I guess IE is smart enough in this case that since it isn't going to do anything with the content that it doesn't bother waiting and skips ahead? or is IE still going to wait for the HTTPResponse before continuing?