This is just one of many reasons to use StevenBlack's Hosts [1] list to block this type of behavior. While it doesn't currently block link.wacom.com, it would have prevented the subsequent requests google analytics. It works even better when paired with a PiHole [2] to protect all devices on the network.
I mean I put Pihole on all my networks but this is at best a solution to “nice malware” that doesn’t bother to hardcode addresses or perform lookups via an attacker controlled DNS server.
You can catch slightly more aggressive malware by forcing all DNS traffic to your server at the network level but you’re now playing the role of malicious network operator. I would whitelist this to only devices you own.
I don't think anyone would make the argument that a PiHole is a replacement for following best practices in terms of computer and network security. I'm just pointing out that a PiHole can block google analytics and other common violators of privacy. Its not a security tool and isn't advertised as such.
Sadly, some of these list don't currently include google-analytics.com since some sites would otherwise break as a result. So when using one of these hosts files it's often a good idea to double check whether they include Google's domains first.
(Also sad to say that GA is so big that a lot of websites/app rely on it)
Wow, that's weird. I don't remember ever seeing one site like that. Can you point one out? I mean, GA has been blocked at my places since 2015, and I don't remember anything ever was broken, on phone or desktop.
Can't think of any specific sites, but it's happened to me a few times. It's usually because there's bad code that's waiting on the GA init function before doing anything else.
This is why some blockers like uBlock Origin stub out the Google Analytics interface.
I don't know enough about webdev, but why is google analytics request sent by the client? Wouldn't it be easier for the webhost to send a request to google "this IP with this browser connected to me requesting this content", making it impossible to block on the client side?
Microsoft has started resetting hosts files which is really annoying with Defender, can't seem to disable it either. Annoying when deving on a local server!
Hosts files are literally the devil. They break so much shit. Hostnames sometimes change behavior (like an ad server that starts hosting a redirect script for legitimate clicks), kids who are "good with computers" set them up on relatives computers over the holidays unmaintained, malware that uses them to block antivirus updates, etc.
If you want to block ads, fine. Use a content aware proxy or browser extension.
Using browser extensions to block ads is much higher risk than doing DNS blocking. Most ad blockers have full access to all web pages, which essentially means they could trivially scrape your usernames/passwords for your email/banks/etc or perform actions on your behalf.
There's room for this to go bad (AdBlocker dev turns bad, or sells extension to a bad guy for a wad of cash, or extension has security vulnerabilities, or keys for publishing extension are not propery secured) so while DNS-level blocking might not work as well, it's definitely not an obviously-worse solution.
(though FIWI PiHole in the past had some really agressive default lists which stopped my from using it - though I set it up again recently and it's been much better - I haven't had any broken websites besides Amazon's own sponsored product links at the top of their own search results pages).
[1] https://github.com/StevenBlack/hosts
[2] https://pi-hole.net/