Stop Allowing Google to use its "Backdoor" script loader
Created by: ghost
I use Dan Pollock's hosts file to block Google Analytics but they found a way around it. I've seen this on the Telegram website and now I'm seeing it on Bootstrap while helping with the Hugo dev:
https://www.reddit.com/r/privacy/comments/8clrzn/google_your_backdoor_to_the_internet/
The way this works is Google uses a backdoor script loader as explained above—it's base64 encoded—the specific script Bootstrap tried to load on my machine while working doing development was this one here: https://www.google.com/js/bg/4mrRnEPnWo81qWPG8_xcGP85HCscbg1O2YUrIewxQYY.js
This script loader relies on the fact many may have explicitly blocked google analytics and it uses the technique to get around the block in a most uncouth way. If you'd like a HAR file showing the requests I will reproduce this for you—if you can commit to an investigation and fix for this cross-domain JS script loader.