Hacker News new | ask | show | jobs
by troydavis 3038 days ago
Most larger ad networks track post-view conversion - that is, someone viewed an ad but didn't click on it, and then later visited the advertiser's site anyway - using a "conversion pixel." The ad network provides each advertiser with a HTML or JS snippet that loads an 1x1 pixel image or makes a similar small HTTP request to the ad network.

The ad network records a post-view conversion if either:

1. The ad network cookie that was set when the ad was served is still present, or

2. A user was logged in to the publisher's site (Google, Twitter, etc) when they viewed the ad, and is also logged in when they visit the advertiser's site.

#2 is also how most cross-device tracking occurs. For example, if you're logged in to Twitter on your phone and see a Twitter ad, then type in the advertiser's URL on your desktop where you're also logged in to Twitter (and the advertiser has Twitter's conversion pixel on their site), Twitter will record a cross-device post-view conversion.

Here are examples:

Twitter: https://business.twitter.com/en/advertising/campaign-types/i...

AdWords (for YouTube impressions): https://support.google.com/adwords/answer/2375431?hl=en

Facebook: https://www.facebook.com/business/a/performance-marketing-st...

Aside from blocking the ads, uBlock Origin blocks the conversion pixels/requests for the largest ad networks.

Often a conversion pixel snippet is used alongside retargeting/remarketing. Some ad networks use #2 above to do quite sophisticated retargeting, not just targeting those who viewed a specific page. For example, Google lets advertisers retarget AdWords ads to those who liked a video in the advertiser's YouTube channel: https://support.google.com/adwords/answer/2545661?hl=en&ref_...
1 comments
apricot 3038 days ago
Very interesting. Now, suppose I interpret this kind of action as spying on me, and I want to stop it, are there ways around it? Is not logging on to Google etc. and using the Privacy Badger extension enough, or do I have to ramp up the arms race further?
link
Feniks 3038 days ago
https://github.com/kkapsner/CanvasBlocker/releases

All ads and tracking can be blocked if you want them to. Its a arms race.

link
bpicolo 3038 days ago
Adblocking extensions like uBlock Origin. Privacy Badger is a good tool that looks to specifically aim to block things like conversion pixels, so that should be protecting you already from this class of things.
link
troydavis 3038 days ago
uBlock Origin with EasyList and EasyPrivacy (https://easylist.to/) enabled blocks nearly everything that’s practical to block. Note that EasyPrivacy may need to be manually enabled in uBlock extension settings.

Disabling third-party cookies (desktop and mobile) is also easy to do. The only thing I’ve seen this break is inline support chat widgets. Enough clients have third-party cookies disabled (Safari defaults to disabled) that the chat widgets usually test for it and show an explicit message.

It’s much harder to block anything based on being logged in to a site (Google, Twitter, Facebook, etc), because:

* for retargeting based on intentional actions done while logged in (such as liking a YouTube channel): these can always get recorded, since the requests must succeed in order to complete the action you wanted.

* for conversion tracking: the hostname and even path of the conversion request can be very similar to that of an intentional request (like to login with SSO or to show content inline). The filter list entry is more brittle.

* for retargeting based on something done on a mobile device: you’ll need an ad blocker on the mobile device as well.

uBlock Origin with EasyList and EasyPrivacy gets as close as any other simple approach, though.

If you’re significantly more motivated, don’t browse while logged in to Google, Twitter, LinkedIn, or Facebook (and set their cookie duration short, like the current session). For most people, this is past the point of diminishing returns. If you change only 1, make it Google; it has the largest market share of advertisers, has the most services to target based on, and has the largest inventory.

Otherwise, put your money where your preferences are: move to FastMail or the like. Not because there’s anything wrong with Gmail (there’s not), or because they’re unethical (I have no reason to think they are), but because their product choices don’t meet your privacy preferences.

Hopefully anyone reading this far has already done it, but if not, pause everything on Google Activity Control: https://myaccount.google.com/activitycontrols

link