Tracking across sites - third party access - linking user details

[Bowlofbabelfish]

Hi. In the Ts and Cs for the site it mentions MN tracking you across other sites while you’re logged in. I have a few questions on this.

1. Does this happen even if you’ve set your browser to not track across sites?
2. What level of tracking detail? Simply the top domain (ie BBC website) or individual pages? Or clicks within pages? Or keystrokes? Or login data for other pages?
3. What level of tracking detail? We’ve seen reports this week in the news of apps that track like full visual playback. Is that happening?
4. What third party providers see our data? 5. What do they see? I’m particularly concerned about any providers who can hoover user details from across the web and link them (in the light of the poster on the breach thread who says youve contacted her with an email she’s never used for you.)

I guess I just want to be absolutely sure that a user cannot be identified by a third party data user. I’ve looked through the ones you use and one in particular is capable of linking user data across platforms to gain contact details.

bump
hope MN don't forget this one

Hello, thanks for your patience. We wanted to avoid any jargon in our clarification (and this is not an area where plain English abounds).

"The provider list I'm looking at is the one in the privacy settings where you can toggle cookie permissions on and off."

The software that we use for this is provided by a technology company called Quantcast.

The software is called a "Consent Management Platform" or "CMP". The CMP allows you to change your permission for Mumsnet to automatically tell advertising buyers you are willing to share your cookie data for these buyers to show you ads they think might be relevant to you. This is called a "consent flag".

If you toggle to "off" in both the Mumsnet "Ad selection, delivery, reporting" section and the 3rd Party "Ad selection, delivery, reporting", then you will be shown generic ads - this means the ads you see won't be targeted to you based on assumptions made about your browsing behaviour using cookies.

"Does this happen even if you've set your browser to not track across sites?"

Do Not Track is functionality that is integrated into Chrome and Safari, unfortunately it isn't as widely adopted as the current versions of CMPs which adhere to the Internet Advertising Bureau (IAB) framework - some 3rd party technology vendors recognise it, and some don't.

The CMP also allows you to manage your cookie permissions for "Third Party Vendors" by selecting "Reject all", toggling "off" for classes such as "Measurement", or managing companies individually.

Third Party Vendors are companies such as Rubicon, which sells ads, or Google Analytics which is used by publishers to report on their traffic. We work with some of those on the list, but not all of them.

We do not pass your email address to Third Party Vendors. We think the ability to manage your permissions with them for any website is a useful additional service.

" What level of tracking detail? Simply the top domain (ie BBC website) or individual pages? Or clicks within pages? Or keystrokes? Or login data for other pages?"

Each 3rd party vendor has their own privacy policy, but we don't pass 3rd parties data like your email address, passwords, things that you write on MN or your account details. Some 3rd party vendors may be interested in which pages you are reading to help them personalise what they show you. They may be able to detect what the page is about. If you don't feel reassured by this explanation and this is something you are still concerned about we'd advise you to select 'Reject all' on permissions for 3rd party vendors in the CMP.

What third party providers see our data? Our Privacy Policy shows the vendors we work with directly, but they in turn work with other vendors. Within the CMP you can select 'See Full Vendor List' and this lists all potential global vendors - we don't work with them all.

"What do they see? I'm particularly concerned about any providers who can hoover user details from across the web and link them (in the light of the poster on the breach thread who says you've contacted her with an email she's never used for you.)"

It isn't possible to hoover or scrape email addresses in this way.

"I guess I just want to be absolutely sure that a user cannot be identified by a third party data user. I've looked through the ones you use and one in particular is capable of linking user data across platforms to gain contact details."

If you are concerned about what 3rd parties can track across the web, we recommend selecting to reject all 3rd party permissions via the CMP. You can see the privacy setting toggle at any time at the bottom right of your account settings page.

"Second, many analytics companies have capacity to link information. What does 'device linking' and 'precise geographical information' mean in screen shot 2? More importantly, what does matching data to offline sources mean? (Screen shot 2.) What data? What offline sources? Where is the information collected? For what? Who uses it?"

In case it's useful, here's an explanation of the terms you have asked about that these Third Party Vendors use:

• "Device linking" means, for example, linking data about the pages you've browsed in desktop with data about the pages you've browsed on your mobile, to create a fuller picture of your interests.
• "Precise geographical information" means your location.
• "Matching data to offline sources" may mean, for example, linking your cookies and the pages you have browsed to items you have purchased in a shopping basket or in a store.

As mentioned above, if you are concerned about what 3rd parties can track across the web (pages you have viewed), we recommend selecting to reject all 3rd party permissions via the CMP. You can see the privacy setting toggle at any time at the bottom right of your account settings page.

@JanineMumsnet

Following your last paragraph above, I have had a closer look at the privacy settings.

In relation to my posts and question earlier in this thread, I can now see that AcuityAds, is indeed a service you use.

As I have had no email of explanation yet from @NellMumsnet, can you kindly confer with her, and let me know why, despite my settings being 'reject all', when visiting Mumsnet your site repeatedly attempts to access their, I believe, associated company, l2.visible.measures.com, causing numerous DNS name resolution errors on my home Hub?

I want these errors to stop, as they are clogging up my router, but as it would seem the access attempt is coming via Mumsnet, it looks to be your Server/s that need the visiblemeasures.com address cleared from their cache.

Thanks for the detailed reply.

Just a couple more questions if that’s OK.

Precise geographical information" means your location. - is that just IP address or road address or ‘swindon’ or specific postcode? How precise? My iPhone can use location to pinpoint my exact address. That is very identifying information.

• "Matching data to offline sources" may mean, for example, linking your cookies and the pages you have browsed to items you have purchased in a shopping basket or in a store.* but doesn’t that link to me as a person too? If it’s able to see I’ve bought a widget off amazon, it’s seen my shopping cart, which is linked to my name.

Are there two places I need to toggle reject all on? I am accessing via iPhone mobile and I only see via the privacy policy and vendor list.

its not possible to hoover or scrape email addresses like that.

Are you sure?

it isn't possible to hoover or scrape email addresses like that. - Really?

Am watching with interest.

Hi @butterflymum, sorry you didn't get our email about your issue -- we sent it on Monday and it will be from "[email protected]".
We looked at the log detail you posted. That server is not one that Mumsnet connects to directly. It may be part of an ad network code and we will reach out to our ad partners to inform them.

@bowlofbabelfish on iPhone mobile site selecting "reject all" at the top will toggle off everything, you don't need to scroll down or select anything else.

That's odd, @NellMumsnet, because other Mumsnet emails have been arriving just fine (on 8th, 9th and today), and I have checked Spam each day this week, and it wasn't there either.

Anyhow, whether or not Mumsnet connects to l2.visible.measures.com directly or not, your site is attempting a connection to it each time I visit Mumsnet, and this cannot continue.

Reaching out to your ad partners to 'inform them', does not solve the problem. May I respectfully request that you instead ask your ad partners, most likely AcuityAds, as they seem to be linked with visiblemeasures, to resolve this issue as soon as possible, and notify you that they have done so, so you can in turn assure me it will cease happening.

That it happens is bad enough, that it continues happening with 'reject all' selected is worrying.

Re above, Mumsnet is the only tab currently open, and yet again:

www.mumsnet.com/Talk/site_stuff/3504778-Powered-by-Quantcast-cookies-consent-pop-up?watched=1&msgid=84924035#84924035

Cross referencing current issues.

Hi @butterflymum in reference to your above post:

"let me know why, despite my settings being 'reject all', when visiting Mumsnet your site repeatedly attempts to access their, I believe, associated company, l2.visible.measures.com, causing numerous DNS name resolution errors on my home Hub?"

Firstly, by selecting 'Reject all' you are choosing to reject ad personalisation through the use of cookies, this doesn't mean you are rejecting ads all together. We can still work with 3rd party vendors to display advertising. These ads should not be tailored to your browsing behaviours, but should instead be 'contextual' - these are just based on the content of our website.

However, the issue is the logs showing up errors is an issue, and we have located the error here. Our developers are working on this, and we will keep you updated when we've fixed this.

Just to clarify, have you still not received the email from Nell from the other day?

@JustineBMumsnet

Thanks for the update and glad to hear you have now located an error at your side. Hopefully it can be fixed soon and the l2.visible.measures.com attempts to connect will cease (my router Hub will appreciate this too).

No email arrived from Nell. Emails from Mumsnet are not blocked, and one arrived this am saying I had been @ mentioned on this thread. Just in case it's relevant, I haven't been receiving emails from Mumsnet, either, re the issues raised on the Zodus thread (other than the original trial emails and reminder re trial emails, I've had no acknowledgement email from insight team re my opting out on 15th January, nor to the reminder I sent them the other week). I check Spam regularly before deleting, and nothing has popped up there either. i did change email address recently, but as said, I've received Mumsnet emails at the new one since, so no apparent problem with it.)

"What do they see? I'm particularly concerned about any providers who can hoover user details from across the web and link them (in the light of the poster on the breach thread who says you've contacted her with an email she's never used for you.)"

It isn't possible to hoover or scrape email addresses in this way

It really is - wordpress has a plugin for it, there are plenty of marketing platforms that you import email/username lists into for email marketing, and plenty of tools that let you export user's details.

Sure, scraping isn't done so much any more, but if you admin a site you can get a list of your users with no problem.

Marketing tools then let you import bulk lists - eg Salesforce or Zendesk, or any one of 100 others.

This is quite an interesting site to visit if you want to find out what any website MN can see about you on every visit:

www.maxa-tools.com/cookie-privacy.php

@ItsAllGoingToBeFine

thank you

I am not computer savvy enough to know exactly what this means, but what I have been doing - since this post - is making sure I don't log in to anything if I am logged in to MN on the same computer. From looking at your page, I'm guessing that's the right thing to do, because MN will see what I'm logged into otherwise - and goodness knows what else can be seen?

Thanks.

to clarify, I mean since the OP posted.

I love MN but increasingly I think I should just browse. I've had to install ad blocker and now feel nervous about using the site when doing anything else on the computer!

@JustineBMumsnet

I've been avoiding visiting Mumsnet when I remember not to (which is a shame, as I've been a member for many moons and then some), in the hope that when I returned, the issue would be resolved. It doesn't look to have been, as having just arrived this morning, the errors are still appearing. See screenshot.