[simpss]

> we don't want to track individuals - we just want to measure if the ads we paid for led to sales

well. if your goal isn't tracking individuals, then why are you attaching unique ID's (in cookies) to track individuals on your website?

And I'm not talking about third-party cookies disguised as first-party.

logglytrackingsession (lifetime: session)

notion_experiment_device_id (lifetime: 1 year)

Both are unique to a specific user and are used to identify a single individual. The first one is short-lived, but obviously meant for tracking and the second one can be used for tracking, identifies a single individual and is long-lived.

edit: turning off my adblocker, some more appear.

_ga, _ga_4GMCF7E1GC, intercom-id-gpfdrxfd, notion_browser_id, amp_af43d4

none of these are listed or explained in your privacy policy.[1]

[1] - https://shared-crater-f3a.notion.site/Sticky-Privacy-Policy-...

[alanlammiman]

Yes like the peer reply said that's Notion, not us. But good point, another thing to keep in mind if you try to use the "Share to the web" notion feature.

[simpss]

the _ga stuff isn't Notion, but the rest is, yes.

My real point is, if you use a service to provide your own service, you give them your blessing to do whatever they want with your brand. This includes facebook and their tracking scripts.

Thus we need to audit what our service providers are doing and limit their impact once we've completed the evaluation, making sure they don't alter the deal later.

Also tracking ad conversions is as simple as using a unique parameter per campaign, when buying the add. Just append `?campaign=facebook_campaign-name_202202` to your link and that's enough to measure the ads effectiveness. No need to attach unique ID's to users, sessions etc... Aggregates keep the users anonymous and give you enough actionable insight.

[alanlammiman]

While I agree with the sentiment of your first point, in practice if each small business were expected to audit every one of their inputs, it would be hard to get any business done.

As for your second point, yes, that is precisely what I referred to in my original post - that we could deal with the end of IDFA / that we just want to make sure ads are effective - SKAN which provides aggregated statistics is mostly ok for us.

[simpss]

> in practice if each small business were expected to audit every one of their inputs, it would be hard to get any business done.

While I agree, that a full audit would be difficult for smaller operations, it took me 2-5 minutes to do a quick check on what is being stored client-side and to come to a logical conclusion if individual users are being tracked or not.

It's a decision, one that you can (probably) make. For me, in the EU, it's no longer a choice and I personally think regulation(GDPR) was needed because, without it, no one took user-privacy seriously.

> As for your second point, yes, that is precisely what I referred to in my original post - that we could deal with the end of IDFA / that we just want to make sure ads are effective - SKAN which provides aggregated statistics is mostly ok for us.

GDPR would also apply here. If there's an option to process less data and achieve a similar result, one should use that option and using a more invasive method(identifying individuals) for tracking would be illegal. It's called "the data minimisation principle"

[sa1]

One could choose a better host than Notion, but that's Notion's fault.

[alanlammiman]

Yes, agree, we wanted to try it out for this because we like it for work and it was quick to write up and publish and we thought it might be more flexible for writing up documentation, linking, etc. But we are not satisfied either: Very slow to load, formatting is fiddly and imperfect. We will have to use something else.