[PrivacyBadger] second party web site responsibilities on third party trackers

Don Marti dmarti at zgp.org
Sun Sep 3 16:56:05 PDT 2017


begin R. Jason Cronk via PrivacyBadger quotation of Sun, Sep 03, 2017 at 11:55:17AM -0400:
> 
> I agree.
> 
> It is exceedingly difficult for small operators, especially those without
> technical skill, to know what's going with the services they use. Consider a
> non-profit hosting a WordPress site on a hosting provider. The provider
> installs Google analytics for them to track visitors. They add a theme to
> the WordPress site, which uses Google fonts and perhaps some additional
> widgets that are provided by third party trackers. They add social media
> buttons for visitors to like or tweet their page. They have no clue what's
> going on under the hood.

I agree.  Even worse for those small operators: the
tricky part is when you start to make site decisions
based on your 3rd-party analytics.  Which means
that fraudbots get influence that they shouldn't and
your legit users who happen to be using a tracking
protection tool don't get counted.  (and if you don't
think Google Analytics (GA) has bots, set it up and
look at all the referer and "events" spam you get.
That's not human users. GA is bot city.  Google
probably has to let more bots through into the GA you
see than into its own systems, because otherwise GA
would be too good of a bot QA tool.  But that doesn't
help the webmaster who is getting confused by bot
data and absence of data on tracking-protected users.)

It turns out that you _can_ measure how much
tracking protection your users have (I got 31%)
https://blog.zgp.org/how-is-everyone-s-tracking-protection-working-an-update/
but you need the real web logs which not all hosts
give you (GitHub Pages doesn't.)

In the long run...

 * measure tracking protection among your users
   https://blog.zgp.org/welcome-how-is-everyone-s-tracking-protection-working/

 * if there are enough protected users to skew the
   numbers, use 1st-party analytics as a sanity check

 * look for opportunities to increase your
   tracking-protected audience, because your
   competition is still being led astray by bot data
   (and probably "pivoting to video" or doing some
   other dumbass thing as a result)

Don



> Jason
> 
> 
> 
> 
> 
> On 2017-09-03 11:24, Tomas Nordin via PrivacyBadger wrote:
> > Hi Privacy Badgers
> > 
> > I have a somewhat fuzzy question I guess. I use privacy badger at all
> > times and I think it's great, thanks for your hard work.
> > 
> > Reading the information on trackers [1], most of the text discuss third
> > party trackers being bad for privacy and that it ought to be wrong that
> > companies that you had no intention to visit or request something from
> > get to track the user.
> > 
> > But I would just like to hear your opinion on the second party web
> > site's responsibility. I guess that sometimes it is not easy for the web
> > site I visit to know that trackers sneak in among the services they are
> > using for their web site. Still, somehow I feel that the third party
> > tracking opportunity starts with how the second party web site is
> > designed.
> > 
> > For example, it is not rare that I visit some site that seems to be some
> > sort of non-profit .org site, seemingly free from ads, yet there is a
> > long list of trackers blocked by privacy badger. In such a case, what
> > should I think about the ethics on that site (the site I am visiting).
> > Is this just happening out of their control, or should I understand that
> > as if they are selling ads in some sneaky way, as compared to clearly
> > displaying ads to the user, advertising through tracking?
> > 
> > [1] https://www.eff.org/privacybadger#faq-What-is-a-third-party-tracker?
> > _______________________________________________
> > PrivacyBadger mailing list
> > PrivacyBadger at lists.eff.org
> > https://lists.eff.org/mailman/listinfo/privacybadger
> 
> -- 
> R. Jason Cronk, JD
> IAPP Fellow of Information Privacy
> CIPM, CIPT, CIPP/US, PbD Ambassador
> PRIVACY AND TRUST CONSULTANT
> Enterprivacy Consulting Group
> 
> [Upcoming Advanced Privacy by Design Workshops in October: Atlanta]
> _______________________________________________
> PrivacyBadger mailing list
> PrivacyBadger at lists.eff.org
> https://lists.eff.org/mailman/listinfo/privacybadger

-- 
Don Marti <dmarti at zgp.org>                   
http://zgp.org/~dmarti/
Are you safe from 3rd-party web tracking?  http://www.aloodo.org/test/


More information about the PrivacyBadger mailing list