phil pearce - blackhat analytics
DESCRIPTION
Don't miss the next year of Marketing Festival Brno - http://www.marketingfestival.cz You can also buy a video of this presentation at marketingfestival.czTRANSCRIPT
![Page 1: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/1.jpg)
[photo of generla zorg]
BlackHat Analytics 2:Privacy Wars in the future
![Page 2: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/2.jpg)
#BlackhatAnalytics #MktFest
Web Analytics Exchange mentor
750 GA questions answered
Tracking protection group
(DNT)
WelcomePhil PearcePPC, Privacy and Analytics ExpertFreelancer@[email protected]/in/philpearce
![Page 3: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/3.jpg)
Summary
1.Background2.Definition3.Example Techniques4.Classifications5.Penalties6.Industry issues7.Why the imbalance?8.Class action wars9.Privacy apocalypse & Big Data10.Look at the future…11.Questions
![Page 4: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/4.jpg)
A long time ago...… in a google universe far, far away...
![Page 5: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/5.jpg)
Define: Blackhat Analytics
![Page 6: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/6.jpg)
Define: Blackhat Analytics
Define: Blackhat Analytics“0” results
![Page 7: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/7.jpg)
If you do this search now...
Define: Blackhat Analytics
![Page 8: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/8.jpg)
Me
Me
It turns out...
...I know more than Google ;)
![Page 9: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/9.jpg)
HypothesisAt some point in the future "BlackHat Analytics" or “Faking Conversions” might become more widespread. Because...
1. WA is becoming more important for business decision making.
2. Automatic performance based PPC bid management system are becoming more widely used.
3. Increase in online competitiveness & more revenue at stake.
![Page 10: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/10.jpg)
Definition
Intentional act of distorting, deleting, unethically using, or hijacking WA data using technical or
legal loopholes; with the goal of making financial gains, or obtaining a competitive advantage.
Phil Pearce 2009
![Page 11: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/11.jpg)
Evil tracking from pre-2010Referral backlink log spam (depreciated SEO technique)
GA log spam (Spider visit loading JS) Visited links CSS hack (History Sniffing)
Flash cookie respawn (Zombie Cookies)
EverCookie (all of the above+)
Ad behavioural targeting (Interest Based Stalking)Remarketing Ads (Return Visitor Stalking) - Starwars stalkerSafari 3rd party POST cookie (Preference bypassing)
NEW “Headless Browser” spam
![Page 12: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/12.jpg)
Super evil: EverCookie
![Page 13: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/13.jpg)
The EverCookie was so difficult to delete:
even NSA considered using it!
Source: http://www.slideshare.net/jonbonachon/tor-stinks
DECLASSIFIED
But they decided they did`nt need it ;)
![Page 14: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/14.jpg)
Examples from USA
![Page 15: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/15.jpg)
Classification
Intent Accidental MaliciousTarget Own website Competitors websiteData collection Purpose Same Different purposeScale Niche Mass effectImpact Data uneffected GA Account deletion
Intent Accidental Malicious
Target Own website Competitors website
Purpose of data
collectionSame
purposeDifferent purpose
Scale Niche Mass effect
Impact Data uneffected
GA Account deletion
![Page 16: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/16.jpg)
.
MalintentMalintent
Bad/Unreliable Measure Data
Good/Accurate Measure Data
Classifications
Flash Cookie Respawn
Cashback cookies (e.g Quidco)
Flash Cookie
EverCookie
CSS history sniffing
Speed checking robots
Hostname spam
Fake conversions
Google Wifi incident
Google (not provided)
Phone call logs
App error logs
Referral log spam
Unintentional or Accidental
![Page 17: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/17.jpg)
MalintentMalintentUnintentional or Accidental
Bad/Unreliable Measure Data
Good/Accurate Measure Data
Updates
More good/reliable
measure data as less
accidental data
mistakes
Speed checking robots
Hostname spam
Google Wifi incident
![Page 18: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/18.jpg)
If nasty tracking code is installed - Who is liable?
![Page 19: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/19.jpg)
Liability for Privacy & Security
Is the agency liable? No.
BUT agency is responsible for* Uphold professional standards (e.g. GACP status)* Pro-active client relationship
Local laws say Website Owner is responsible (not agency or Vendor)
![Page 20: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/20.jpg)
Why do people still do this bad stuff?
![Page 21: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/21.jpg)
The Lure of the Dark side is too strong!
![Page 22: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/22.jpg)
Its all about the money! £££
Affiliate networks looking to increase CPA and attract new Affiliate.
Online News website looking to retain users & sell stories (e.g. NYT)
Banner networks looking to improve CPM & reduce cookie deletion rates and overcome keywords “not provided”.
Sustained CPC bidding wars
Big data
![Page 23: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/23.jpg)
But there is a disturbance in the task force...
![Page 24: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/24.jpg)
Meet the new Matt Cutts ...
Google Privacy “Red” team soon to be hired in 2013 following FTC settlement.
Mission to discovering and prioritizing subtle, unusual, and emergent privacy & security flawshttps://www.google.com/about/jobs/locations/mountain-view/engineering/systems/data-privacy-engineer-privacy-red-team-mountain-view.html
Hired WebSpam fighter to Force quality improvements in 2000.
http://www.mattcutts.com/blog/about-me/NEW
Matt “Red team” leaderCutts
![Page 25: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/25.jpg)
“Internal” Imperial Bureau Security
New Google Product Manager of Privacy & information security
![Page 26: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/26.jpg)
F@#K - GA account deleted!
You will not collect any data that personally identifies an individual such as a:
full name email address billing information or other data which can be reasonably
linked to such information by Google
You must post a Privacy Policy which provides notice that your use of cookies is to collect traffic data.
You must not circumvent any privacy features (e.g, an opt-out) that are part of GA.
www.google.com/analytics/terms/us.html
![Page 27: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/27.jpg)
Why cant GA just remove the bad PII data?
Free WA packages unable to remove PII without deleting whole GA accounts!
Raw logs are only stored for ~30days Right to be forgotten was introduced after GA was
designed.(although this might be possible with Universal which is user-centric, not visitor-centric)
![Page 28: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/28.jpg)
“Sensitive” data also is an issue
http://en.wikipedia.org/wiki/Personal_identifier#Examples_of_PID
![Page 29: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/29.jpg)
www.yoursite.com
[email protected]://support.google.com/adwords/answer/8206?contact=1&rd=1
site:comptetitor.com inurl:"utm_content * gmail.com“http://www.google.com/#q=inurl:cz+inurl:utm_content+*+gmail&pws=0&num=100&filter=0&as_qdr=all
e.g. www.fashiondays.cz/campaigns/?cod=xxxx&[email protected]&utm_medium=email&utm_source=new_registration_pagE&utm_campaign=new_registration_page&utm_content=Layout_B
Example1: Accidental PII
![Page 30: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/30.jpg)
Solution/Counter-measure for Accidental PII
Or use temporary robots.txt fix:User-agent: *Disallow: /*utm_medium=emailDisallow: /*gmail.comNoarchive: /*utm_medium=emailNoarchive: /*gmail.com
Add exclude parameters to GWT:
eail, emailutm_source, utm_medium,
utm_campain, utm_content, utm_keyword
![Page 31: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/31.jpg)
Legal Disclaimer: The purpose of this example is to demonstrate a hole in all Analytics platforms, and how to patch this hole. It is used for TESTING purposes ONLY.
By reading this example you agree to NOT use this on a live website, and agree that I (Phil Pearce) and NOT liabilities for and damage that a website owner may suffer arising out of this example & tool.
If you are in any doubt, please seek the advice of the Google legal team www.google.com/contact/ or your local legal counsel BEFORE testing.
Note: This issue has been raised on the GACP private discussion forum 6months ago, prior to this event.
Disclaimer
![Page 32: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/32.jpg)
Example2: Do you recognise this number?
-92,23,372,036,854,775,807
It is a Quintillion or “Big Integer”
![Page 33: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/33.jpg)
Intentional Data damageWARNING: Don’t Try this at Home!
javascript:_gaq.push(['_setAccount' ,'UA-xxxxxx-1'],['_addTrans','8148350','affiliation','-9223372036854775807','-9223372036854775807','0.00','-','-' ,' -' ],['_addItem','SKU00001','8148350','BIG refund' ,'-','-9223372036854775807','1'],['_trackTrans' ]);
http://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=44&utmn=393079074&utmhn=domain.com&utmt=tran&utmtid=8148350&utmtst=affi liation&utmtto=-9223372036854775807&utmttx=-9223372036854775807&utmtsp=0.00&utmtci=-&utmtrg=-&utmtco=-&utmcs=UTF-8&utmsr=1366x768&utmvp=1366x550&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.9 r900&utmdt=TITLE&utmhid=509485053&utmr=-&utmp=/&utmht=1385061484294&utmac=UA-XXXXX-1&utmcc=__utma=251194116.2116214072.1385060410.1385060410.1385060410.1; __utmz=251194116.1385060410.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qjAL~
![Page 34: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/34.jpg)
Solution/Counter-measure for intention Data Damage
Tool to manually fix… bit.ly/bigintegerfix
Legal Disclaimer: The purpose of this example is to demonstrate a hole in all Analytics platforms, and how to patch this hole. It is used for TESTING purposes ONLY.By reading this example you agree to NOT use this on a live website, and agree that I (Phil Pearce) and NOT liabilities for and damage that a website owner may suffer arising out of this example & tool.If you are in any doubt, please seek the advice of the Google legal team www.google.com/contact/ or your local legal counsel BEFORE testing.Note: This issue has been raised on the GACP private discussion forum 6months ago, prior to this event.
![Page 35: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/35.jpg)
Fine calculator
.
Fine = (No. users effected * Scale badness * Size of Brand) less
(Website Risk assessment + Vendor privacy self certification)
![Page 36: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/36.jpg)
Czech Maximum Fine is CZK 10,000,000 / £300K
(typically the fine is CZK 10,000 / £0.3K with the highest fine so far £70K to Institute
for Drug Control for unlawfully data collection & processing)
Office for Personal Data Protectionuoou.cz
Fine example of CZK 10,000 to Solus Association last month for misuse of financial datahttp://aktualne.centrum.cz/finance/penize/clanek.phtml?id=792359
No cookie fines so far.
![Page 37: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/37.jpg)
Consumers VS Advertiser
But there is still an Imbalance in the force
![Page 38: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/38.jpg)
Maturity in Advertising sector
User data allows better Ad targeting = £
MORE data better targeting = £££
Because…
![Page 39: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/39.jpg)
Data is power
We do'na the datacapt
![Page 40: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/40.jpg)
Rise of the Big Data Empire
![Page 41: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/41.jpg)
Data Greed &
Fear of losing existing user data
Dark motivations:
![Page 42: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/42.jpg)
Triggered…
![Page 43: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/43.jpg)
Group/Class Action Wars
Note: “Class” is a collective of users(e.g. “South Bohemian Mothers group” vs Temelin nuclear Power plant)
![Page 44: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/44.jpg)
Define: Class Action Prosecutor they represent the users.
Like Affiliates (i.e revenue motivated)but larger resources & clever-er
For example….
![Page 45: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/45.jpg)
US Class Action Prosecutor: Like bounty hunters, but more
… sophisticated!
![Page 46: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/46.jpg)
BIG class-action fines in US
![Page 47: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/47.jpg)
Do class action lawsuits exist in Europe or are they only in US?
Question…
![Page 48: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/48.jpg)
Class Action Prosecutors: also now active in UK!
e.g. Google UK vs Olswang Class Action (Safari 3rd party cookie bypassing on iOS)
![Page 49: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/49.jpg)
First every UK “group action” vs Google UK on Feb 2013 claiming 10m Safari users effected
www.googlelawsuit.co.uk and www.facebook.com/SafariUsersAgainstGooglesSecretTracking
UK test case, could set precedent for
EU class-action cases!
![Page 50: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/50.jpg)
BUT… Group-action picked the “Wrong Google” when the case was submitted, doh!
They accidently selected “Google Inc” not “Google UK”http://www.infosecurity-magazine.com/view/34033/google-responds-to-british-lawsuit-uk-privacy-laws-dont-apply/
![Page 51: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/51.jpg)
Successful class action raids in US…
Settlement funds 50:50 between users and Class Action Lawyers. Previous settlements 70:30, thus smaller % cut for Class Action Lawyers, but huge volume claim.
£13million hit
£10per user
£6.5million
![Page 52: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/52.jpg)
W3C republic – A new hope for Truce
Must be UNSET by default
DNT user signal
![Page 53: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/53.jpg)
Browser ignore the W3C consensus
Firefox: Talk`s about a blockade of 3rd party cookies
MS: Windows8 IE10 rollsout DNT=1 which is UNSET by default!
![Page 54: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/54.jpg)
Firefox Lost battle: Too many False positive
Firefox says its Han`s are tied for a few month on
3rd party cookies
Dark Side too powerful ;)
![Page 55: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/55.jpg)
MS IE10 DNT=1 browser signal
ON by default…
http://www.ypolicyblog.com/policyblog/2012/10/26/dnt/
http://www.admonsters.com/article/apache-ignores-ie10-dnt-signal
…IE10 DNT signalgrounded
…Both Apache & Yahoo threaten to ignore DNT=1 from IE10…
![Page 56: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/56.jpg)
Allow “Good” cookies
Alternative Cookie Clearinghouse proposed (like stopbad malware list)
Block “Bad” Cookie`s
![Page 57: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/57.jpg)
W3C republic 2 years reign – disunity rules!
Peter Swire - Chief resignJonathan Mayer – Firefox resignThomas Roessler - Joins Google
http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0550.html
![Page 58: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/58.jpg)
Advertising Principles (AdChoices) proposed as alternative principles to
W3C`s DNT
![Page 59: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/59.jpg)
Privacy in the Universe restored!
Users have choice & freedom within the Global Galactic Empire
![Page 60: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/60.jpg)
But… The secret arms race
![Page 61: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/61.jpg)
BIG Data Centre…with ability to process:Device signaturesUserID respawnCustom Remarketing
Also affiliate networks start building Device Signature conversion tracking tools:We (tradedoubler.com) are looking at options such as device recognition, using non-personally identifiable information that is freely available from a user’s device. Using advanced matching algorithms a single device can be recognized at the point of impression/click and conversion without the use of cookies. http://www.tradedoubler.com/uk-en/blog/firefox-22-cookies/
The Dark Star
![Page 62: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/62.jpg)
Plans for Device Signatures leaked
Belgiumadvanced
scanner study (by KU Leuven University)
![Page 63: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/63.jpg)
War for Anonymity (aka War of Shadows)
![Page 64: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/64.jpg)
Browser (excluding Chrome) secretly move to anonymise device signatures
Thus… destroying any
shadow tracking
So that all customised devices extensions look the same!
![Page 65: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/65.jpg)
Facebook(Borg) & Google(Empire) forced browser push DNT=0 on user login
![Page 66: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/66.jpg)
Prism Tracker
Unexpected “Snow den monster”
Enforcers/regulators get a boost of user support
Ed
![Page 67: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/67.jpg)
Headless Browser robotic crawler causing havok in GA data!
Impossible to differentiate from a real user!www.webmasterworld.com/search_engine_spiders/4619880.htm
nodejsmodules.org/new/tags/spider
Examples of Headless Browsers:• Zombie.js• Phantom.js• HtmlUnit
Definition: A headless browser is a web browser WITHOUT a user interface.
![Page 68: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/68.jpg)
Authenticate/Logged-in user tracking might be the only method of prevention
![Page 69: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/69.jpg)
Jedi Strike
2014 invasion of Privacy officers
Forced 2% global revenue power
University Research divisions expand the use of Taint Droids
Note: Anti-train droid link:http://gsbabil.github.io/AntiTaintDroid/
![Page 70: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/70.jpg)
Polarisation:
Dark get darker (e.g. IE fav icon 3rd party cookies bypassing hole)
White get Whiter (e.g. duckduckgo.com & ixquick.com)
![Page 71: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/71.jpg)
Fines/Lawsuits
Low Chance of Blackhat Detection
High Chance of Blackhat Detection
Balance of Power
Ad Revenue
Class Action Prosecutors
Jedi Enforcers
Google Data Empire
Facebook Borg
Browsers (in the middle)
Affiliates
![Page 72: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/72.jpg)
…HAS CAUSED USER CONFUSION
& A MUDDLE
Because…
LITTLE MISS INFORMATI
ON
![Page 73: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/73.jpg)
Data Dealer video
http://www.youtube.com/watch?v=x2eCAgQ1DTo&list=PL45AABD8BB96D3785&index=7
![Page 74: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/74.jpg)
THIS HAS CAUSED USER CONFUSION
& A MUDDLE
![Page 75: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/75.jpg)
So… Are we the bad guys?
![Page 76: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/76.jpg)
In the eyes of the user… YES!!
![Page 77: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/77.jpg)
…How do WE prevent big corporations (and niche bad players)
misusing user data/power?
![Page 78: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/78.jpg)
With Great Data comes Great responsibility
![Page 79: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/79.jpg)
Industry need to govern & enforce itself!
Look to the future…
![Page 80: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/80.jpg)
That’s means YOU need to agree not break the analytics code of honour
AND make sure no one else abuses the system!
Good Bad Report any thing that
looks a bit “Grey”
![Page 81: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/81.jpg)
Standards & Self regulation
• Vendor built-in privacy & miss-use protection• Adwords & Adsense ToS levels• Affiliate network guidelines
• WAA Code of Conduct• GA qualified individual• GAP certified partner• WAA Certified Ethical Analyst• Risk assessment / Compliance audit• Third party reviews & compliance automated monitoring
![Page 82: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/82.jpg)
Please look out for U.i.O
User Intent Override
![Page 83: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/83.jpg)
Is this a User Intent Override?
UIO?
![Page 84: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/84.jpg)
Need for Industry standards and Honey pots / seeds tests.
Forced Training & Accreditation (e.g. Certified Analyst or MOWA member)
Google Adwords privacy cpc tax and Google organic SERP ranking bonus
![Page 85: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/85.jpg)
Fixes (GA profile filters) GA profile filters:
Hostname include filter: (^|\.)yourdomain.com$
ISP location exclude Ask.com bot: ^(inktomi corporation|iac search and media europe ltd|iac search media inc|yahoo\! inc\.|facebook inc\.|stumbleupon inc\.|dub6 ec2|site confidence test agent servers|site ?confidence|apache ltd\.|nielsen netratings|affinity internet inc|microsoft corp)$
Top content report - Contains box: (email|add|postcode|zipcode|tel) or [?&](.+)=(.*)gmail\.com
Weekly scheduled report to check for the above Check data stored in
utm_content, User-defined, CustomFields & Event fields
Check all GA profiles including Raw Data profile for PII`s, and add exclude parameters where necessary.
![Page 86: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/86.jpg)
Fixes (process changes) Account protection
Training for developers and marketers Check Scheduled reports not sending to
unknown users. Limit number of Number of Admin users Enable 2 stage authentication if possible. Looks for unusual variances of data spikes in
GA (especially new visits to homepage) CPA audits (GA vs Affiliate report)
![Page 87: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/87.jpg)
Back to the present day…
![Page 88: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/88.jpg)
Expected soon
Yikes… are they Disabling Tracking??
…California DNT track law Sept 2013
![Page 89: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/89.jpg)
I`ll be track-ed (still)
California just asks for DNT visibility(i.e. Does your server see the DNT signal?)
![Page 90: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/90.jpg)
Prevention Use a tag management system, that is configured with
digitalData layer privacy features enabled (see appendix)
Try to use POST request rather than GET request where possible, or a form action=/thankyoupage.html
Keep pdf reader, flash & java updated
Lockdown FTP to fixed set of static IP`s, and use 2stage Authentifcaiton for GTM write-access.
![Page 91: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/91.jpg)
This is how things should be…Closing Remarks
Google acts even more responsibly
Facebook introduces a more human privacy interface
Users should not needing to relying on despicable class action lawyers
Enforcers just watchers not needing to intervene
![Page 92: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/92.jpg)
May the Marketing Force be with you!
Party!Party Tonight:19:30 NVMERI 20:10 MyCool King + DJ Trush 21:00 Charlie Straight22:15 midi lidi
![Page 93: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/93.jpg)
Questions
![Page 94: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/94.jpg)
Appendix…
![Page 95: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/95.jpg)
Small Favour http://www.digitalanalyticsassociation.org/?page=codeofethics Google for “DAA code of ethics” Please Sign!
Also see UK institute of analysts code of conduct.
![Page 96: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/96.jpg)
DISCLAIMER – I`m not a lawyerGA terms of servicehttp://www.google.com/analytics/terms/us.htmlhttp://www.google.com/analytics/learn/privacy.html
Privacy Trouble shooterhttp://support.google.com/bin/static.py?hl=en&ts=1291807&page=ts.cs
Report a privacy concernhttp://www.google.com/contact/
Contact Google Analyticshttp://support.google.com/analytics/bin/request.py?hlrm=en&contact_type=contact_policyhttps://support.google.com/adwords/answer/8206?contact=1&rd=1
Report a security [email protected]://www.google.com/security.html
![Page 97: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/97.jpg)
Discussion Questions How much is your data worth? Can you afford to drive traffic in the dark with no
insight? Is PII or sensitive data or urls being accidentally
tracked? Can competitors detect that PII data is being sent
into GA? Are you in a very competitive industry? When was the last time you audited your WA
installation? Are you capturing data that easily allows an
individual to be “linked” or “re-identified” by Google (e.g. detailed demographic data example, or Netflix.com + IMDB.com example1 or example2)
![Page 98: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/98.jpg)
Related presentations & resources
.
CookieTAB virus screenshotshttps://www.dropbox.com/s/w0gprycb23ajguw/2011_03_18%20CookieTAB%20virus%20screenshots%20.pptx
Effect of EU Cookie law on US businesses: https://www.dropbox.com/s/ces1m53mm7o4gmm/2012-10-04%20GAUGE%20Boston%20-%20Effect%20of%20EU%20Cookie%20law%20on%20US%20organisations.pptx
Recipe for a Cookie Lawhttps://www.dropbox.com/s/l9n3gchusdv57bm/2011_03_18%20Recipe%20for%20a%20Cookie%20Law%20by%20Phil%20Pearce%20.pptx
Cookie law Implementation Exampleshttps://www.dropbox.com/s/7q8qfxesk44tpkc/Implimentation%20Examples%20by%20Phil%20Pearce%202012_03_18.pptx
Cookie compliance Audit - Example.docxhttps://www.dropbox.com/s/idyrql6c1aniaw6/01%20UK%20Cookie%20compliance%20Audit%20-%20Example.docx
CookieLaw research in 90mb Dropbox: https://www.dropbox.com/s/uapu90d7rc2uxl1/2012_Cookie_Law_Resources_Folder_40mb_Download.zip
![Page 99: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/99.jpg)
AppendixExternal privacy feedback mechanisms:safeharbor.export.gov/companyinfo.aspx?id=16626feedback-form.truste.com/watchdog/request?url=www.google.comwww.bbb.org/sanjose/business-reviews/internet-services/google-in-mountain-view-ca-214105/file-a-complaintwww.networkadvertising.org/contact-support/report-problem/i-would-report-violation-of-nai-code-nai-member-company-2www.snapsurveys.com/swh/surveylogin.asp?k=133707671186 [ICO.gov.uk form]addons.mozilla.org/en-US/firefox/addon/privacy-dashboard/ [W3C feedback mechanism]www.google.com/trends/explore?hl=en#cat=0-14-54-1281&geo=US&date=today%203-m&cmpt=q [user web searches in category of “privacy” per country]
Security & Privacy prize of upto £13K offered by Google for detecting holes:www.google.com/about/appsecurity/reward-program/blog.chromium.org/2012/08/announcing-pwnium-2.htmlExample XSS hole in GA found in 2008: derkeiler.com/Mailing-Lists/Full-Disclosure/2008-12/msg00200.html
Open Source feedback techniques fourthparty.info/dataappanalysis.org/download.html
Free to check cookie databases:www.cookielaw.org/cookie-search.aspx?domain=http://www.facebook.comwww.cookiecert.com/cookies-for-facebook.comprivacyscore.com/score_details/2a03b4fe8d9d4eb8b4fb0ccf356cbaaa/showcase
![Page 100: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/100.jpg)
Privacy by Design: Client-side valuesSourced from customer experience digitalData Privacy sub-group on JavaScript objects with Privacy meta data
digitalData.privacy.mapping = [ "page" : "public", // describes the page itself "product" : "public", // further describes the product associated with the page "cart" : "identifiable", "transaction" : "sensitive", "transaction total" : "private @analytics", // defined as private, but we make an exception for our analytics tools "event" : "public", "privacy" : "public", // everyone should be able to see the general privacy definitions and policy "privacy mapping" : "@system", // in this example, we decide we don't want to expose the exact policy mapping "user" : "identifiable", "user segment" : "public"];
// PP: Proposed digitalData layer privacy object for VISITORdigitalData = { "visitor": { "returningStatus": "new", // new or returning visitor: used to only trigger consent message for new visitors "preferenceForDNT": window.navigator.doNotTrack, // yes|no|"not specified". MUST defaulted to "not specified" "anonymizeIp": false, // hash last 3 characters of IP address in GA. Defaulted to off/false. "geoplugin_status": geoplugin_status, // 403 error, 200 is look-up ok "geoIPcountryCode": geoplugin_countryCode, // geo-plugin JS variable "geoIPcontinentCode": geoplugin_continentCode // geo-plugin JS variable }, {// Server-side USER values on login or registration "user": { "profile": { "auth_isSignedIn": true, "auth_isNewRegistration": true, // used to only trigger consent message on first registration "auth_userIDtoSessionIDoveride": false, "profileID": 12345 } } } }
![Page 101: Phil Pearce - Blackhat analytics](https://reader033.vdocument.in/reader033/viewer/2022061103/5400a0558d7f7289408b48eb/html5/thumbnails/101.jpg)
Privacy by Design: Server ResponseEffectively this is saying… serverResponseForDNT = obeyDNT|ignoresDNT|inprogressDNT|"not specified"
// From DNT Preference Expression Spec: http://www.w3.org/TR/tracking-dnt/#status-representationhttp://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#status-representation
{ "targeting": "yes", // IsOnlineBehaviouralTargeting for Publishers OR onsite remarketing for Advertisers enabled? "tracking": "yes", // Is AudienceMeasurementTracking enabled "qualifiers": "afc", // external "A"udit + "F"raud prevention + ad-frequency "C"apping "controller": "http://www.yourdomain.com/privacy.html", "same-party": [{ "google-analytics.com", "stats.g.doubleclick.net", "api.youtube.com" }], "third-party": [{ "googleadservices.com" "ads.doubleclick.net", }], "audit": [{ "http://policy.cookiereports.com/caf4f823-en-gb.html" // e.g. w3.org/P3P/validator.html }], "policy": "/privacy.html#cookies", "edit": "http://www.yourdomain.com/user-dashboard/edit-your-data"}