Event tracking similar to Google event tracking

Question

I like to implement my own event tracking (client and server) similar to Google analytic. They use java script like this:

...
_gaq.push(['_setAccount', 'UA-XXXXX-X']);
_gaq.push(['_trackEvent', 'button3', 'clicked'])
...

This code sends some data to google analytics url. Instead of _gaq I like to implement my own function that will send the requests to my server that will do something with the result. Many websites will be using the code snippet.

But anyone can see the request and make a robot or similar that will act the same way as the user is doing something on the website and triggering tracking event.

Is there a way so I can detect if the user has clicked something, or the request is sent by spammer? How google analytics event tracking is protecting from spam event tracks ?

Answer 1

GA doesn't protect anything, anybody can send crap data to a known Account ID.

GA has implemented a list of (spam)bots and crawlers that it can filter out. That's pretty much the only thing you can do when using clientside code, blacklist known combinations of IP/User Agent/etc. This will not help against actual people sending spam data, though. Adservers employ statistical models to judge which calls can't be possible come from real users, but that works only with a huge data volume (dozen or hundred of millions of clicks).

It's a bit easier if you use serverside code - then you can send a token or nonce or something that is not visible to spam bots and can't be easily faked or copied. But with a JS tracker and unauthenticated users I guess you are pretty much out of luck.