Revert "Don't run Google Analytics locally. (#28384)

[mdo]

Reverts #28384.

Second of two PRs to supersede #28486.

[mdo]

Currently doing some light reading into GDPR and GA. #28351 was opened by a deleted account and while the motivation for that issue is in question, there do seem to be some things we should audit and consider. Hence, this PR.

[XhmikosR]

I don't this really solves anything hence the revert.

If we want to care about GDPR we should do it properly in another PR.

[mdo]

Having reviewed our GA settings, the data retention period looks good and no data is being shared with Google's advertising or any other partner (thus, no need for consent to sharing data as I understand it). Whatever GA collects stays in GA.

Will revisit and confirm Carbon separately.

[XhmikosR]

Just so we are on the same side, GDPR isn't about that. We need to inform every visitor their data is being collected and get their consent.

That being said, we can at least anonymize the IPs in GA. I will make a PR for this tomorrow.

[mdo]

I understand GDPR is about both—collection and sharing. My last comment was from reading multiple articles that has that guidance for GA as it relates to sharing though. Still reading more about it though and will see what we need to do for the pure collection aspect.

I'm no expert, so keep me honest. Just sharing what I'm learning along the way.

That being said, we can at least anonymize the IPs in GA. I will make a PR for this tomorrow.

Awesome, thanks for that!

[mdo]

Actually while reviewing our GA settings, realized we're on an old script and we can anonymize from that new one. See first stab at #28491 before getting going @XhmikosR.

[bardiharborow]

This wasn't about GDPR, but rather that local users should not have their information beamed to GA (because local files don't match the domain, I think GA rejects their pings anyway). The references to ga in onclick handlers need to be made conditional on .Site.IsServer as well and then this won't throw errors.