You'd think, wouldn't you. Or instead simply blacklist Baidu's analytics code completely. That will only hurt Chinese businesses using Baidu's product, and no-one else.

It would also hurt american, or european, or any nationality of business that uses baidu to get more insight into chinese visitors.

Baidu is certainly most popular within china, but not exclusive to them.

Google Analytics does all that, no worries

Google Analytics is, sometimes, blocked by the GFW – so, if you already sell out your users to Google, using Baidu wouldn’t be an unrealistic use case anymore.

Except when it decides to ddos github

I agree and I even think that this will be unavoidable, if that kind of abuse keeps going on.

Government influence aside, Baidu would be free to host their analytics callbacks for the outside world outside of the GFW. If they stay accomplice to this kind of attack, no matter if forced or willingly, they will suffer.

Given the amount of ad bourne malvertising that is floating around, a content based blacklist of javascript would be a good thing.

and is called "Ghostery"

We could revoke their certificates, that would prevent any HTTPS request from accessing them. It wouldn't solve the issue completely, but it would be a start.

there's lots of China company/sites, you can't block all of them.