javascript in google - what's it doing ? and is it trying to encrypt its work

Question

the first javascript < script >< /script > in google looks like this: (note I have used jsbeautifier.org to render it nicely)

window.google = {
kEI: "Eqx4TailJIez8QOhrtAxSw",
kEXPI: "17259,17291,28460,21559,28595,28605,29014,29135,29249,29254,29265,29279",
kCSI: {
    e: "17159,17291,21460,28559,28595,28605,29014,29135,29249,29254,29265,29279",
    ei: "Ex4TailJIez8QOhrtGwBA",
    expi: "17159,17291,28460,28559,28595,28605,29014,29135,29249,29254,29265,29279"
},
ml: function () {},
pageState: "#",
kHL: "en",
time: function () {
    return (new Date).getTime()
},
log: function (c, d, b) {
    var a = new Image,
        e = google,
        g = e.lc,
        f = e.li;
    a.onerror = (a.onload = (a.onabort = function () {
        delete g[f]
    }));
    g[f] = a;
    b = b || "/gen_204?atyp=i&ct=" + c + "&cad=" + d + "&zx=" + google.time();
    a.src = b;
    e.li = f + 1
},
lc: [],
li: 0,
j: {
    en: 1,
    l: function () {
        google.fl = true
    },
    e: function () {
        google.fl = true
    },
    b: location.hash && location.hash != "#",
    bv: 5,
    pl: [],
    mc: 0,
    sc: 0.5,
    u: ""
},
Toolbelt: {} };

Can somebody expain what it does ? is it capturing information about me ? or are they just trying to encrypt their javascript to protect their code ?

Many thanks,

Answer 1

What it does:

This code, apparently, defines the top-level global google object, which has one main function, google.log.

google.log seems to grab an image from the url: www.google.com/gen_204?atyp=... with a time-stamp to avoid caches. After this image loads, it deletes itself.

google.log then appears to be using some tracking mechanism (similar to Google Analytics) to track visits to the page.

---

Explanation for the weird obfuscation:

All Google code is compiled by the Closure Compiler in Advanced mode, which automatically obfuscates the entire site.

The Dojo Library is the only common JavaScript library (outside of the Closure Library) which can be used with the Closure Compiler's Advanced mode.

Compiled code has exactly the same behavior as plain-text code, except that it is much smaller (average 25% over minifiers), runs much faster (especially on mobile devices), and is almost impossible to reverse engineer, even after passing through a beautifier, because the entire code base (including the library) is obfuscated.

Code that is only "minified" (e.g. YUI compressor, Uglify) can be easily reverse-engineered after passing through a beautifier.

You have been only reading "minified" JavaScript before. Closure Compiler goes way further than this.

Answer 2

It looks like this piece of code is collecting all the information about your DNA. They then verify it to see if it is of superior quality.

I can only guess they use this to combine it with superior DNA of other humans to create the ultimate human being.

--- Or ----

It can just be boring obfuscated javascript that has to do with how the url of the request is build up.

I hope it's the first!