|
|
|
|
|
|
by ThePhysicist
1942 days ago
|
|
|
It's interesting that even analytics solutions which list respecting user privacy as their main USP (i.e. simpleanalytics.com, plausible.io) support this kind of concealement scheme. I find it at least questionable since a user that employs a specific extension to block tracking requests has clearly expressed an intent to not be tracked, so circumventing this block with some clever DNS scheme is very privacy-unfriendly and invasive. The security aspect is valid too, though I'm not sure if it's much worse than allowing a third party to put arbitrary Javascript on your website in the first place (as almost none of the trackers support integrity tags or self-hosting of analytics scripts). Of course those scripts don't get access to HTTPOnly cookies, which the server API will get when using such a CNAME script. A solution would be to have your website on a subdomain itself (e.g. www), which was best practice for a while but got abandoned for the sake of brevity with most sites. |
|
|
That's because you're confusing tracking, which is e.g. Google tracking your behaviour across different websites to decide what you like and what adds you might click, and website analytics, which is making statistics on what type of people ( location, language, browser, mobile/PC, from where) visit your website. Privacy concious analytics doesn't track it, it only aggregates who you are so that the website owner can make decisions ( the mobile version is useless because all users come from PCs, optimising for Safari isn't needed since no users use Apple devices, etc.). It's unfortunate for your average site owner that you lose that data from people not wanting to be tracked, because that's really not the same thing, they're just a drive-by casualty.