Don’t Hate the Ad, Hate the Ad-Tracker

Screen Shot 2016-03-05 at 7.24.09 PM

Does any site have a worse ad experience than Forbes?

The “ad-light experience” employs 38 trackers consuming 83.1 MB of memory. What does the non-light experience look like? For reference, Google Maps’ scripts take 52.7 MB and they actually do something useful.

But back to Forbes’ 38 tracking scripts, which actively monetize your information on ad networks.

Ad trackers follow you all over the internet. The web is a big place, with more places to show ads than a sales team could ever keep track of. A tiny site like this one would be a tough placement to sell to advertisers.

Here’s how ad trackers solve the problem (adapted from this video).

1. Website begins to load
1. Website begins to load
2. Site runs a tracker for a Data Management Platform (DMP).
2. Site runs a tracker for a Data Management Platform (DMP). The DMP aggregates information about the sites you’ve visited and assigns it to a digital fingerprint.
3. The tracker sends information from the DMP to an ad server, requesting an ad that matches your profile.
3. The tracker sends information from the DMP to an ad server, requesting an ad that matches your profile.
4. The ad server queries traders, ad networks, and supply-side platforms (SSP). An ad network is a broker that sells ad spots directly to marketers. Traders and SSPs are market-makers that turn around and sell inventory on ad exchanges.
4. The ad server queries traders, ad networks, and supply-side platforms (SSP). An ad network is a broker that sells ad spots directly to marketers. Traders and SSPs are market-makers that turn around and sell inventory on ad exchanges.
5. On the ad exchange, bidders submit a bid price for the ad slot.
5. On the ad exchange, bidders submit a bid price for the ad slot.
6. The bidders are advertisers and agencies that come through a demand-side platform (DSP). Ad networks and high-frequency traders also participate in the exchange.
6. The bidders are advertisers and agencies that come through a demand-side platform (DSP). Ad networks and high-frequency traders also participate in the exchange.
7. A buyer creates a bid by matching your user profile to the marketer’s targeting and budget rules. DSPs buy a lot of the information for their pricing rules from DMPs.
7. A buyer creates a bid by matching your user profile to the marketer’s targeting and budget rules. DSPs buy a lot of the information for their pricing rules from DMPs.
8. The exchange selects a bid through second-price auction, then returns the winning ad to publisher’s ad server.
8. The exchange selects a winning bid through second-price auction, then returns the winning ad to the publisher’s ad server.
9. Publisher’s site loads the ad from the winning bidder’s server, as well as a script that tracks your interaction with the ad.
9. Publisher’s site loads the ad from the winning bidder’s server, as well as a script that tracks your interaction with the ad.

The entire process is automated, and happens in about 200 ms while the page loads. There’s a whole industry of high-frequency ad traders, and your eyeballs are the asset class.

This is the timeline of network activity from Forbes.com after the site fully loaded. Every time I move my mouse, it generates a burst of traffic to third-parties, communicating my activity. Did my cursor linger over an ad? That is valuable information to a third party.
This is the timeline of network activity from Forbes.com after the site fully loaded. Every time I move my mouse, it generates a burst of traffic to third-parties, communicating my activity. Did my cursor linger over an ad? That is valuable information.

I get it; publishers need to make money. In a desperate bid to monetize content, they stuff their sites with trackers. More data is better, and trackers cost them nothing.

While it is irritating to have hundreds of tracking companies gathering your information, consolidation is worse.

Google’s DoubleClick is the largest ad network in the world, and all major websites use it. Forbes uses DoubleClick. Twitter uses DoubleClick. Even Pornhub uses DoubleClick. So an advertiser on Forbes can serve an ad not just based on your Google search history, but also your Twitter activity and porn habits.

And that’s exactly how you end up with shit like this.

Digital Fingerprints

The tracking isn’t done with cookies; those are too easy to delete. Trackers identify you with a browser fingerprint: Your operating system, browser version, time zone, plug-in versions, screen resolution, installed fonts, IP address, and other things you thought were private.

The more uniquely-configured your system, the more identifiable you are. (How identifiable? Check here.)

fingerprint

It doesn’t matter if you use incognito mode and block cookies; that’s just another data point to add to your profile. It’s called a fingerprint because every one is unique. And each time you load a tracker, your fingerprint is captured and the activity is added to your browsing profile.

Facebook is Watching You

Can the trackers capture a user’s actual identity? Check out these innocuous-looking buttons:

Screen Shot 2016-03-06 at 2.37.15 AM

Each one transmits information back to their respective social network. Facebook, Twitter, LinkedIn all know you’re here right now. In fact, any site with a Tweet Button or fb_like is a portal for a service provider to track your activity.

The tracking scripts load with the button images, so you don’t need to click anything. You don’t even need to be logged in.

Block it All

I’m tracking you right now. Well not me, I’m probably asleep, but the site scripts are. You can view this site’s trackers with the Ghostery extension:

Screen Shot 2016-03-05 at 7.22.29 PM

While I like having social network buttons and site stats, I encourage you to block them: There’s no reason to trust me or my third-party trackers.

When sites like Forbes and Wired request that you disable ad-blockers, they’re really requesting that you enable tracking scripts. This isn’t about the ethics of ad-blocking – It’s about the unauthorized collection and sale of personal information.

At this point, you’re one government subpoena away from having your internet browsing history become a public court document. One data breach from your digital profile being served to the world.

Wait a minute, you might say. I only look at good, wholesome websites on the internet! I have nothing to hide.

Great, me too! Nonetheless, I support the privacy of those who wish to view degenerate porn without the risk of that becoming public information. Whether you should as well is a topic for another day 🙂

See Also:
More info about browser fingerprints –stackexchange
Cookies Are Dead: User-Based Attribution Models Are The Only Way Forward –TechCrunch

5 thoughts on “Don’t Hate the Ad, Hate the Ad-Tracker

  1. I should mention that if you set your browser’s user agent to Google Spider, you can still visit Forbes.com with an ad-blocker. Google indexing >> Forbes.com 🙂

    Reply
  2. Pingback: dustbury.com » Your mind is mined
  3. Pingback: Ad Networks are Great for Malware Distribution - Elaine's Idle Mind
  4. Pingback: Google Doesn’t Believe in Privacy, episode 4772 | Elaine's Idle Mind

Leave a Reply