Also, a very big danger with non-FOSS analytics and ad services is that they are all, in effect metadata for governments to sweep up. It's much easier to log a bunch of Google Analytics requests than to log someone's entire Internet stream; yet capturing analytics gives you a fairly exact view of exactly what they did online by tapping only a few services. The total bandwidth for capturing ALL global analytics requests is fairly small.
Officials can then claim with a straight face that it is only meta-data - they only need to log the request with all the data in it, not the response from the server, which is usually a transparent 43 byte GIF.
By using your own server, and modifying the default URL structure, a government has to track your site directly, which is unlikely unless your site warrants interest. And if everyone did this and had HTTPS, the NSA's job goes from cracking a handful of provider's HTTPS (Google, Adobe, etc) into cracking hundreds of thousands.
Officials can then claim with a straight face that it is only meta-data - they only need to log the request with all the data in it, not the response from the server, which is usually a transparent 43 byte GIF.
By using your own server, and modifying the default URL structure, a government has to track your site directly, which is unlikely unless your site warrants interest. And if everyone did this and had HTTPS, the NSA's job goes from cracking a handful of provider's HTTPS (Google, Adobe, etc) into cracking hundreds of thousands.