Implementing And Testing Google Analytics IP-Anonymization – Classic Analytics ga.js (Legacy)

This blog post deals with an outdated version of Google Analytics. You can find the new version on GDPR-compliant IP anonymization here!

Not a new topic, yet relevant again: Google Analytics and the data privacy compliant integration of the GA-Tracker.
According to a news report, 13 000 Websites in Bavaria have lately been audited and exhorted – with sobering results.

Anonymizing IP Addresses in Google Analytics

For some time now, Google Analytics provides anonymizing functionality (specifically: deletion of the last octet of the IP-Address prior to storage).
Typically, the relevant piece of code looks like this:

 var _gaq = _gaq || []; _gaq.push (['_setAccount', 'UA-XXXXXXX-YY']); _gaq.push (['_gat._anonymizeIp']); _gaq.push (['_trackPageview']); 

(Source)

The only thing to bear in mind is that the anonymizeIp-function  must be placed in the GA queue before trackPageview.

Testing Google Analytics IP-Address-Anonymization

How can you easily check after implementation, whether IP-Anonymization is active?

The easiest way is to start one of the powerful Browser developer tools like Firebug and check the GA tracking pixel request for whether a request parameter named aip=1 is set:
With Chrome’s developer tools the quick check looks like this:

Summary

The implementation and validation of IP-Address anonymization is a 5 minute task. By using the _anonymizeIP-function, Google masks the last 8-bit before storage and processing – not transfer.

Therefore the masked IP can no longer be assigned directly to a single person (256 IP-Addresses share the same masked IP-Address).