Chronotope’s avatarChronotope’s Twitter Archive—№ 148,860

              1. Oh boy, it looks like Vodaphone is actively attaching unique user IDs based at the SIM-card level to subscriber network requests. trustpid.com/
                OpenGraph image for trustpid.com/
                Permalink On twitter.com Twitter logo Chronotope’s avatar ♻️ 52 Retweets ❤️ 85 Favorites Mood +2 🙂
            1. …in reply to @Chronotope
              Are people transacting on this? Dunno, but uhhh it is in Prebid now - docs.prebid.org/dev-docs/modules/userId.html#trustpid
              OpenGraph image for docs.prebid.org/dev-docs/modules/userId.html#trustpid
              Permalink On twitter.com Twitter logo Chronotope’s avatar ♻️ 1 Retweets ❤️ 7 Favorites Mood 0
          1. …in reply to @Chronotope
            johnnyryan Curious if you've seen this already and if you think this works under GDPR with the way they are describing the opt out process?
            Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 6 Favorites Mood +1 🙂
        1. …in reply to @Chronotope
          I hate this thing ad tech companies are doing now where they position themselves as "saviors of the free/open internet". The internet isn't free and open if you can't choose to surf it privately.
          oh my god twitter doesn’t include alt text from images in their API
          Permalink On twitter.com Twitter logo Chronotope’s avatar ♻️ 11 Retweets ❤️ 37 Favorites Mood -3 🙁
      1. …in reply to @Chronotope
        Ad Tech going full Team America these days. If you want to use the internet you gotta pay your buck o'five worth of user data. youtu.be/tzW2ybYFboQ
        OpenGraph image for youtu.be/tzW2ybYFboQ
        Permalink On twitter.com Twitter logo Chronotope’s avatar ♻️ 1 Retweets ❤️ 6 Favorites Mood +2 🙂
    1. …in reply to @Chronotope
      I'm very interested by the process implied by some of the Prebid settings. Something is happening on the page that is looking into localStorage? Something is putting the ID in localStorage? It's not just on the HTTP header?
      oh my god twitter doesn’t include alt text from images in their API
      Permalink On twitter.com Twitter logo Chronotope’s avatar ♻️ 1 Retweets ❤️ 7 Favorites Mood +2 🙂
  1. …in reply to @Chronotope
    And there's a *delay*? I'm assuming a mechanism for putting it in storage is provided because most sites are not prepared to take action off of HTTP headers so there is a methodology that handles it for them...
    On twitter.com Twitter logo Chronotope’s avatar ❤️ 4 Favorites Mood -2 🙁
    1. …in reply to @Chronotope
      Looks like Vodaphone is indeed putting it in local storage somehow? github.com/prebid/Prebid.js/blob/997961fe1c10ac8e647b1ba019a1b189983daf9d/modules/trustpidSystem.js#L82
      OpenGraph image for github.com/prebid/Prebid.js/blob/997961fe1c10ac8e647b1ba019a1b189983daf9d/modules/trustpidSystem.js#L82
      Permalink On twitter.com Twitter logo Chronotope’s avatar ♻️ 1 Retweets ❤️ 5 Favorites Mood +2 🙂
      1. …in reply to @Chronotope
        Even more interesting... it isn't just Vodaphone's domain listed as a participant! Apparently other domains that service Trustpid (somehow) include German T-Mobile and massive French telecom Orange, (which is >20% owned by the French state) github.com/prebid/Prebid.js/blob/997961fe1c10ac8e647b1ba019a1b189983daf9d/modules/trustpidSystem.js#L46
        OpenGraph image for github.com/prebid/Prebid.js/blob/997961fe1c10ac8e647b1ba019a1b189983daf9d/modules/trustpidSystem.js#L46
        Permalink On twitter.com Twitter logo Chronotope’s avatar ♻️ 4 Retweets ❤️ 7 Favorites Mood +2 🙂
        1. …in reply to @Chronotope
          In case you were wondering... it *is* supported by Index github.com/prebid/Prebid.js/blob/3f99fa7b0b253c4730faf145d7f542c181a7b158/modules/ixBidAdapter.js#L78
          OpenGraph image for github.com/prebid/Prebid.js/blob/3f99fa7b0b253c4730faf145d7f542c181a7b158/modules/ixBidAdapter.js#L78
          Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 3 Favorites Mood +2 🙂
          1. …in reply to @Chronotope
            Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 3 Favorites Mood 0
            1. …in reply to @Chronotope
              Curious about browsers & extensions interested in preserving their privacy promises in this equation. Do they start blocklisting the localStorage keys? How do you deal with the telecom provider doing this?
              Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 4 Favorites Mood +4 🙂
              1. …in reply to @Chronotope
                Worth noting that Trustpid's per-site compliance mechanism appears to be working with CMPs which means that you could deny consent for Trustpid to be used on the page but the nature of TCF means that the ID will still be sent but with a string saying 'hey, don't use this'.
                Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 3 Favorites Mood +2 🙂
                1. …in reply to @Chronotope
                  Looking at how the code executes on Trustpid's site when I try to verify my nonexistent ID, it appears to be putting operational data on the window object that includes an API call to get your ID, perhaps the ID is not visible except to the API which delivers it to local storage?
                  Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 1 Favorite Mood 0
                  1. …in reply to @Chronotope
                    Not sure how secure that is, presumably they are depending on the headers on the network request to their API to give them the ID and to return it back. Interestingly it looks like revealing the ID may not be the only thing the ID does...
                    Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 2 Favorites Mood +4 🙂
                    1. …in reply to @Chronotope
                      It looks like Trustpid is set up to also sync with some Facebook API and the "Floodlight ID" which is the cross-site process Google has for doing conversion tracking (not the new more private proposed process, the old one - support.google.com/searchads/answer/7298761?hl=en )
                      OpenGraph image for support.google.com/searchads/answer/7298761?hl=enoh my god twitter doesn’t include alt text from images in their API
                      Permalink On twitter.com Twitter logo Chronotope’s avatar ♻️ 4 Retweets ❤️ 8 Favorites Mood +2 🙂
                      1. …in reply to @Chronotope
                        The implication here is that the process to reveal the ID by requesting it from the Trustpid API may not just give the ID to the site that requests it, but also may synchronize other user data across multiple platforms.
                        Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 4 Favorites Mood 0
                        1. …in reply to @Chronotope
                          Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 2 Favorites Mood 0
                          1. …in reply to @Chronotope
                            Anyway, don't forget that T-Mobile is already doing this in the US and is only opt-out. vox.com/recode/22325420/t-mobile-verizon-att-ad-targeting-data 9to5mac.com/2021/03/09/t-mobile-ad-tracking-program-opt-out/ t-mobile.com/privacy-center/education-and-resources/advertising-analytics I can't find anyone who has written about how that works technically, but would be interested in reading.
                            OpenGraph image for vox.com/recode/22325420/t-mobile-verizon-att-ad-targeting-dataOpenGraph image for 9to5mac.com/2021/03/09/t-mobile-ad-tracking-program-opt-out/OpenGraph image for t-mobile.com/privacy-center/education-and-resources/advertising-analytics
                            Permalink On twitter.com Twitter logo Chronotope’s avatar ❤️ 14 Favorites Mood +3 🙂

Search tweets' text