Tags: tracking

123

sparkline

Friday, November 25th, 2022

No To Spy Pixels

Almost no-one has given informed constent to being tracked through spy pixels in emails, and yet the practice is endemic. This is wrong. It needs to change.

Tuesday, October 11th, 2022

Bunny Fonts | Explore Faster & GDPR friendly Fonts

A drop-in replacement for Google Fonts without the tracking …but really, you should be self-hosting your font files.

Thursday, July 14th, 2022

Lou Montulli and the invention of cookie | Hidden Heroes

Steven Johnson profiles Lou Montulli, creator of the cookie, and ponders unintended consequences:

Years ago, the mathematician Edward Lorenz proposed a metaphor to describe how very small elements in a system’s initial conditions can lead to momentous changes over time. Imagining a tornado that ultimately emerges out of the tiny air perturbations caused by the flapping of a butterfly’s wings, Lorenz called it the “butterfly effect.” For better and for worse, Montulli’s cookie may be the most pronounced example of a technological butterfly effect in our time. But instead of a butterfly flapping its wings, it’s a 23-year-old programmer writing a few lines of code to make a shopping cart feature work. Almost three decades later, we’re still riding out the storm that code helped create.

Wednesday, July 13th, 2022

How normal am I?

A fascinating interactive journey through biometrics using your face.

Wednesday, March 30th, 2022

Ban Online Behavioral Advertising | Electronic Frontier Foundation

Targeted advertising based on online behavior doesn’t just hurt privacy. It also contributes to a range of other harms.

I very much agree with this call to action from the EFF.

Maybe we can finally get away from the ludicrious idea that behavioural advertising is the only possible form of effective advertising. It’s simply not true.

Saturday, February 5th, 2022

Is Momentum Shifting Toward a Ban on Behavioral Advertising? – The Markup

I really hope that Betteridge’s Law doesn’t apply to this headline.

Thursday, February 3rd, 2022

‘Like an atomic bomb’: So what now for the IAB’s GDPR fix after regulator snafu? - Digiday

Simply put, the popups asking people for consent whenever they land on a site are illegal.

Daring Fireball: Robin Berjon on ‘Topics’, Google’s Proposed Replacement for FLoC

Google Topics is the successor to Google FLoC. It seems to require collusion from your “user agent”:

I can’t see why any other browser would consider supporting Topics. Google wants to keep tracking users across the entire web in a world where users realize they don’t want to be tracked. Why help Google?

Google sees Chrome as a way to embed the entire web into an iframe on Google.com.

Saturday, January 8th, 2022

Ban embed codes

Prompted by my article on third-party code, here’s a recommendation to ditch any embeds on your website.

Monday, January 3rd, 2022

Kagi Search

A new search engine (and browser!) that will have a paid business model.

Between this and Duck Duck Go, there’s evidence of an increasing appetite for alternatives to Google’s increasingly-more-rubbish search engine.

Wednesday, December 15th, 2021

Thursday, December 9th, 2021

Ain’t no party like a third party

This was originally published on CSS Tricks in December 2021 as part of a year-end round-up of responses to the question “What is one thing people can do to make their website bettter?”

I’d like to tell you something not to do to make your website better. Don’t add any third-party scripts to your site.

That may sound extreme, but at one time it would’ve been common sense. On today’s modern web it sounds like advice from a tinfoil-hat wearing conspiracy nut. But just because I’m paranoid doesn’t mean they’re not out to get your user’s data.

All I’m asking is that we treat third-party scripts like third-party cookies. They were a mistake.

Browsers are now beginning to block third-party cookies. Chrome is dragging its heels because the same company that makes the browser also runs an advertising business. But even they can’t resist the tide. Third-party cookies are used almost exclusively for tracking. That was never the plan.

In the beginning, there was no state on the web. A client requested a resource from a server. The server responded. Then they both promptly forgot about it. That made it hard to build shopping carts or log-ins. That’s why we got cookies.

In hindsight, cookies should’ve been limited to a same-origin policy from day one. That would’ve solved the problems of authentication and commerce without opening up a huge security hole that has been exploited to track people as they moved from one website to another. The web went from having no state to having too much.

Now that vulnerability is finally being closed. But only for cookies. I would love it if third-party JavaScript got the same treatment.

When you add any third-party file to your website—an image, a style sheet, a font—it’s a potential vector for tracking. But third-party JavaScript files go one further. They can execute arbitrary code.

Just take a minute to consider the implications of that: any third-party script on your site is allowing someone else to execute code on your web pages. That’s astonishingly unsafe.

It gets better. One of the pieces of code that this invited intruder can execute is the ability to pull in other third-party scripts.

You might think there’s no harm in adding that one little analytics script. Or that one little Google Tag Manager snippet. It’s such a small piece of code, after all. But in doing that, you’ve handed over your keys to a stranger. And now they’re welcoming in all their shady acquaintances.

Request Map Generator is a great tool for visualizing the resources being loaded on any web page. Try pasting in the URL of an interesting article from a news outlet or magazine that someone sent you recently. Then marvel at the sheer size and number of third-party scripts that sneak in via one tiny script element on the original page.

That’s why I recommend that the one thing people can do to make their website better is to not add third-party scripts.

Easier said than done, right? Especially if you’re working on a site that currently relies on third-party tracking for its business model. But that exploitative business model won’t change unless people like us are willing to engage in a campaign of passive resistance.

I know, I know. If you refuse to add that third-party script, your boss will probably say, “Fine, I’ll get someone else to do it. Also, you’re fired.”

This tactic will only work if everyone agrees to do what’s right. We need to have one another’s backs. We need to support one another. The way people support one another in the workplace is through a union.

So I think I’d like to change my answer to the question that’s been posed.

The one thing people can do to make their website better is to unionize.

Saturday, December 4th, 2021

Jacques Corby-Tuech - Marketers are Addicted to Bad Data

We’ve got click rates, impressions, conversion rates, open rates, ROAS, pageviews, bounces rates, ROI, CPM, CPC, impression share, average position, sessions, channels, landing pages, KPI after never ending KPI.

That’d be fine if all this shit meant something and we knew how to interpret it. But it doesn’t and we don’t.

The reality is much simpler, and therefore much more complex. Most of us don’t understand how data is collected, how these mechanisms work and most importantly where and how they don’t work.

Ain’t No Party Like a Third Party - CSS-Tricks

Chris is doing another end-of-year roundup. This time the prompt is “What is one thing people can do to make their website bettter?”

This is my response.

I’d like to tell you something not to do to make your website better. Don’t add any third-party scripts to your site.

Monday, November 29th, 2021

Google, Facebook hiding behind skirts of small business

While the dream of “personalized” ads has turned out to be mostly a nightmare, adtech has built some of the wealthiest companies in the world based on tracking us. It’s no surprise to me that as Members of the European Parliament contemplate tackling these many harms, Big Tech is throwing millions of Euros behind a “necessary evil” PR defense for its business model.

But tracking is an unnecessary evil.

Yes! This!

Even in today’s tracking-obsessed digital ecosystem it’s perfectly possible to target ads successfully without placing people under surveillance. In fact right now, some of the most effective and highly valued online advertising is contextual — based on search terms, other non-tracking based data, and the context of websites rather than intrusive, dangerous surveillance.

Let’s be clear. Advertising is essential for small and medium size businesses, but tracking is not.

Rather than creating advertising that is more relevant, more timely and more likable we are creating advertising that is more annoying, more disliked, and more avoided.

I promise you, the minute tracking is outlawed, Facebook, Google and the rest of the adtech giants will claim that their new targeting mechanisms (whatever they turn out to be) are superior to tracking.

UK ICO: surveillance advertising is dead

Behavioral ads are only more profitable than context ads if all the costs of surveillance – the emotional burden of being watched; the risk of breach, identity-theft and fraud; the potential for government seizure of surveillance data – is pushed onto internet users. If companies have to bear those costs, behavioral ads are a total failure, because no one in the history of the human race would actually grant consent to all the things that gets done with our data.

Tuesday, November 23rd, 2021

Email Tracking and Paperless Banking – Dan Q

Even if you can somehow justify using tracking technologies (which don’t work reliably) to make general, statistical decisions (“fewer people open our emails when the subject contains the word ‘overdraft’!”), you can’t make individual decisions based on them. That’s just wrong.

On User Tracking and Industry Standards on Privacy | CSS-Tricks

Prompted by my post on tracking, Chris does some soul searching about his own use of tracking.

I’m interested not just in the ethical concerns and my long-time complacency with industry norms, but also as someone who very literally sells advertising.

He brings up the point that advertisers expect to know how many people opened a particular email and how many people clicked on a particular link. I’m sure that’s right, but it’s also beside the point: what matters is how the receiver of the email feels about having that information tracked. If they haven’t given you permission to do it, you can’t just assume they’re okay with it.