Keep in mind, that if you run a browser, made by Google (e.g. latest versions of Chromium), it will connect to Google analytic servers even if you block them with your
hosts file.
They use directly hardcoded IP addresses (no name resolution needed). Moreover, to make the blocking harder, they require to use some of those servers to sign in into Google online accounts too... So, if you block those IP with firewall on your router, you'll not be able to sign in to your accounts. Bastards... :(
Need an example? Here it is -
74.125.129.106. Try to block it and then sign in.
BTW, to add extra confusion they assign different direct and reverse name resolutions (watch for
74.125.129.106):
D:\>nslookup google-analytics.com
...
Name: google-analytics.com
Addresses: 74.125.129.106, 74.125.129.105, 74.125.129.147, 74.125.129.99
74.125.129.104, 74.125.129.103
Then check the
74.125.129.106 IP for it's name:
D:\>nslookup 74.125.129.106
...
Name: pd-in-f106.1e100.net
Address: 74.125.129.106
And this time the IP comes with a different name -
pd-in-f106.1e100.netThat's why if you want to block analytics servers from unsolicited tracking connections you have to make your own special build and remove those hardcoded IP's (quite big subset actually) directly from the browser or simply use Iron browser instead of Chromium/Chrome...