Unknown Trackers Still Run Rampant on a Wide Range of Websites

• Read original article here

The rallying cry for transparency in ad tech has been intensifying across the industry, but it looks like the programmatic stacks deployed by many publishers are more opaque than many would hope.

A recent report by Canadian security firm Feroot looked at monitoring software on more than 1 million webpages and found that in many instances, audience data was passed on to third parties, often without the publisher’s knowledge.

The study examined the data transfer of roughly 270,000 web trackers and tracking pixels across 1.1 million webpages and discovered that on average, each site loaded 20 trackers. In some cases, these trackers transferred user data across borders to third- and fourth-party servers around the globe.

Websites examined in the study ranged from news publishers to international government agencies, which often contained snippets of JavaScript used to target ads, deliver content and track conversions, completely independent of the cookies that a user can accept or reject upon visiting the site.

As Feroot’s CEO Ivan Tsarynny pointed out, while publishers can have relationships with these vendors, it’s not uncommon for ad-tech companies to nest JavaScript code. This nested JavaScript could potentially loop in an untold number of other tools from other vendors. That in turn could result in a domino effect leading to dozens of trackers populating a publisher’s site.

This issue doesn’t just affect the publishing industry. “It’s everywhere, on ordinary brand websites, too,” said Don Marti, a strategist at the privacy-focused tech organization Mozilla.

“You might have an employee with the bright idea of doing user-data collection or A/B testing, and they stuck some scripts on a page to test that out. What they don’t realize is that it’s slowing down everyone browsing your company’s catalogue and you don’t realize that some former vendor is still seeing your internal usage data,” Marti said.

The news industry is the worst culprit of all, according to Feroot’s report, which found that major news sites, including USA Today and MSNBC, had on average 40 third-party trackers running. These trackers can traffic in sensitive intel, including data about political beliefs and audiences, according to Tsarynny.

There’s no doubt that “sensitive profiling information” like this can be used to “influence public opinion,” he wrote, a phrase that rings truer than ever in a post-Cambridge Analytica world.

It shouldn’t be shocking that news publishers are doubly trafficked. A 2018 report from the World Association of Newspapers and News Publishers found the industry’s overall revenue contracted by nearly 2% from 2016 to 2017, noting that publishers’ primary revenue streams—print—are facing “increasing pressure.”

Meanwhile, a study out of the University of North Carolina’s School of Media and Journalism published that same year found more than 1,000 U.S. communities had lost local news coverage.

Not only is the news media being squeezed but their websites are at the tail end of an ad-tech supply chain that’s constantly skimming profits off media buyers’ budgets as part of the so-called “ad-tech tax,” leaving sites like Forbes and the BBC with just a fraction of every ad dollar.

Keeping on top of these trackers often takes up time, money and ad-tech expertise that smaller publishers just don’t have in 2019.

“Advertising deals bring third parties in with them,” Marti said. “So you’ll have somebody insist that some third-party script be dropped into your site, and if you don’t start running that script, then you don’t get that ad deal. These publishers are playing a terrible game, and it’s completely rigged against them.”