ID=A123 ID=B678 ID=C789 A.com C.com B.com 37
ID=A123 ID=B678 ID=C789 request + cookie A.com C.com B.com 37
A.com request + cookie ID=A123 redirect b.com?aid=A123 B.com ID=B678 ID=C789 C.com 37
A.com request + cookie ID=A123 redirect b.com?aid=A123 Request aid=A123 + cookie B.com ID=B678 ID=C789 C.com 37
A.com request + cookie ID=A123 redirect b.com?aid=A123 Request aid=A123 + cookie B.com ID=B678 Redirect c.com?aid=A123&bid=B678 ID=C789 C.com 37
A.com request + cookie ID=A123 redirect b.com?aid=A123 Request aid=A123 + cookie B.com ID=B678 Redirect c.com?aid=A123&bid=B678 R e q u e s t a i d = 1 2 3 & ID=C789 b i d = B 6 7 C.com 8 + c o o k i e 37
A.com request + cookie ID=A123 redirect b.com?aid=A123 Request aid=A123 + cookie B.com ID=B678 Redirect c.com?aid=A123&bid=B678 R e q u e s t a i d = 1 2 3 A123 = B678 = C789 & ID=C789 b C.com now knows: i d = B 6 7 C.com 8 + c o o k i e 37
Once cookies are synced • Companies can exchange data about users behind the scenes, merge profiles 38
Once cookies are synced • Companies can exchange data about users behind the scenes, merge profiles 38
Identifiers beyond cookies • IP address • Cache mechanisms • Storage associated with – ETags browser pluggins – Pixel hack (unique ID stored as a colored – Local Shared Object pixel) (LSO) • Javascript mechanisms – Silverlight Isolated Storage – History sniffing • HTML5 DOM storage – Browser fingerprinting 39
Browser fingerprinting • Combination of device and browser characteristics forms a fairly unique fingerprint – Fonts – Timezone – Screen size and color depth – Browser plugins – … 40
41
Your browser fingerprint appears to be unique among the 186,338 tested so far 42
Mobile device & location tracking • Mobile device • Apps may collect advertising IDs location and send to advertisers – used to target, retarget, and frequency cap ads – Multiple ways to obtain served through mobile location, sometimes apps without notifying user – Can be reset by user • Retail tracking based – Limit ad tracking setting on MAC addresses limits ad targeting when mobile devices – Apple: IDFA search for wifi – Google: AAID 43
Cross-device tracking • Link a user’s activity across their devices – Seamless user experience – Allow users to pickup where they left off on another device – Develop a user’s profile across devices – Target ads across devices – Measure success of ad campaigns across devices • Deterministic – user logs in or provides consistent identifier • Probabilistic – infer user identity from IP address, location, browsing patterns, etc. – Websites may share hashed email addresses with ad networks to enable linking without transmitting PII 44
Audio beacons • Ultrasonic inaudible sounds played by an ad • Software in app activates microphone and listens for beacon sound played by another device in vicinity • Identifies devices likely owned by same person • Allows advertisements on mobile device to relate to programming user is watching on TV 45
Data matching • Matching offline and online data • Allows marketers to see whether online ad results in offline purchase • Hashed email address or other identifiers compared 46
Opt-out cookies • Some third-party trackers allow you to opt-out of tracking by setting an opt-out cookie • Opt-out cookie is used only to signal that you don’t want to be tracked • Deleting the cookie removes the opt-out • Industry association websites let you set opt- out cookies for dozens of sites in one place – Aboutads.info 47
48
Recommend
More recommend
