Interesting, do you know if they rely on the same principle of using several domains, making it harder to block?

I'm not sure, it uses your own domain, thus www.google-analytics.com becomes yourdomain.com/analytics.js. Not all requests are proxied, only the ones blocked by adblockers.

Taking this further, you could have your server send an event to GA when /index.html is requested, this can even be from tail -f access_log. No one will know GA was requested.

In general, you wouldn't be able to access third-party cookies this way, though.