• Posted on March 29, 2017

Bypass Google Analytics Opt-Out Extension

Google Analytics allows you to opt-out of being tracked by using a web browser extension. Besides the issue with having to install software to opt-out of being tracked, their opt-out extension can easily be bypassed by web developers who want to continue to track you. I personally don’t condone developers bypassing the opt-out extension (and it’s most likely against Analytics’ terms of service) but it’s important for people to know that the opt-out extension doesn’t work and the true method to block Google Analytics is to create a firewall rule, a fake DNS entry, or use any of these other methods mentioned in our earlier post.

The method Google Analytics uses to prevent tracking your actions is really basic. The extension adds a line of JavaScript to every web-page you visit that tells the Analytics code to not track you. This is done by setting the variable of window["_gaUserPrefs"].ioo to a function that returns false. A better method would be for Google to intercept traffic using the webRequest API for Chrome Extensions and block all traffic routed to Google Analytics. I’m not sure how this will translate to other web browser extensions, which is why Google’s developers may of went with the method they currently use.

Now for how to actually bypass the opt-out extension. The comment of Analytics Tracking Code Here is where you would paste your existing Analytics tracking code. Since this code varies depending on what version of the tracking code you are using, I opted to add a placeholder instead.

<script>
	window.addEventListener("load", loaded);

	function loaded() {
		window["_gaUserPrefs"] = {};

		// Analytics Tracking Code Here
	}
</script>

The code above waits for the page to load before sending a tracking request. We add this delay to be sure the extension has already added the opt-out code to our page. The extension adds the opt-out code at document_start, which should add it before the JavaScript event DOMContentLoaded, but to be safe I am using the load event. Once the page has loaded, I overwrite the variable for window["_gaUserPrefs"] to an empty object which gets rid of the function that the Analytics code checks to verify if you are opted out or not.

And that’s all there is to it. This post boils down to a few lines of JavaScript. I’m very disappointed with Google and how they created their opt-out extension. There are many different methods that are a lot more difficult to bypass, such as setting an opt-out cookie that wouldn’t even require installing an extension. Then have the extension as an optional download that will add the cookie after you clear your browser’s cookies allowing you to remain opted out without remembering to opt-out again. If there are issues with cookies in other countries, there are still other methods available.