-
Oh boy, it looks like Vodaphone is actively attaching unique user IDs based at the SIM-card level to subscriber network requests. trustpid.com/Permalink On twitter.com
♻️ 52 Retweets
❤️ 85 Favorites
Mood +2 🙂
-
Are people transacting on this? Dunno, but uhhh it is in Prebid now - docs.prebid.org/dev-docs/modules/userId.html#trustpidPermalink On twitter.com
♻️ 1 Retweets
❤️ 7 Favorites
Mood 0
-
johnnyryan Curious if you've seen this already and if you think this works under GDPR with the way they are describing the opt out process?Permalink On twitter.com
❤️ 6 Favorites
Mood +1 🙂
-
I hate this thing ad tech companies are doing now where they position themselves as "saviors of the free/open internet". The internet isn't free and open if you can't choose to surf it privately.Permalink On twitter.com
♻️ 11 Retweets
❤️ 37 Favorites
Mood -3 🙁
-
Ad Tech going full Team America these days. If you want to use the internet you gotta pay your buck o'five worth of user data. youtu.be/tzW2ybYFboQPermalink On twitter.com
♻️ 1 Retweets
❤️ 6 Favorites
Mood +2 🙂
-
I'm very interested by the process implied by some of the Prebid settings. Something is happening on the page that is looking into localStorage? Something is putting the ID in localStorage? It's not just on the HTTP header?Permalink On twitter.com
♻️ 1 Retweets
❤️ 7 Favorites
Mood +2 🙂
-
And there's a *delay*? I'm assuming a mechanism for putting it in storage is provided because most sites are not prepared to take action off of HTTP headers so there is a methodology that handles it for them...Permalink On twitter.com
❤️ 4 Favorites
Mood -2 🙁
-
Looks like Vodaphone is indeed putting it in local storage somehow? github.com/prebid/Prebid.js/blob/997961fe1c10ac8e647b1ba019a1b189983daf9d/modules/trustpidSystem.js#L82Permalink On twitter.com
♻️ 1 Retweets
❤️ 5 Favorites
Mood +2 🙂
-
Even more interesting... it isn't just Vodaphone's domain listed as a participant! Apparently other domains that service Trustpid (somehow) include German T-Mobile and massive French telecom Orange, (which is >20% owned by the French state) github.com/prebid/Prebid.js/blob/997961fe1c10ac8e647b1ba019a1b189983daf9d/modules/trustpidSystem.js#L46Permalink On twitter.com
♻️ 4 Retweets
❤️ 7 Favorites
Mood +2 🙂
-
In case you were wondering... it *is* supported by Index github.com/prebid/Prebid.js/blob/3f99fa7b0b253c4730faf145d7f542c181a7b158/modules/ixBidAdapter.js#L78Permalink On twitter.com
❤️ 3 Favorites
Mood +2 🙂
-
Permalink On twitter.com
❤️ 3 Favorites
Mood 0
-
Curious about browsers & extensions interested in preserving their privacy promises in this equation. Do they start blocklisting the localStorage keys? How do you deal with the telecom provider doing this?Permalink On twitter.com
❤️ 4 Favorites
Mood +4 🙂
-
Worth noting that Trustpid's per-site compliance mechanism appears to be working with CMPs which means that you could deny consent for Trustpid to be used on the page but the nature of TCF means that the ID will still be sent but with a string saying 'hey, don't use this'.On twitter.com
❤️ 3 Favorites
Mood +2 🙂
-
Looking at how the code executes on Trustpid's site when I try to verify my nonexistent ID, it appears to be putting operational data on the window object that includes an API call to get your ID, perhaps the ID is not visible except to the API which delivers it to local storage?Permalink On twitter.com
❤️ 1 Favorite
Mood 0
-
Not sure how secure that is, presumably they are depending on the headers on the network request to their API to give them the ID and to return it back. Interestingly it looks like revealing the ID may not be the only thing the ID does...Permalink On twitter.com
❤️ 2 Favorites
Mood +4 🙂
-
It looks like Trustpid is set up to also sync with some Facebook API and the "Floodlight ID" which is the cross-site process Google has for doing conversion tracking (not the new more private proposed process, the old one - support.google.com/searchads/answer/7298761?hl=en )Permalink On twitter.com
♻️ 4 Retweets
❤️ 8 Favorites
Mood +2 🙂
-
The implication here is that the process to reveal the ID by requesting it from the Trustpid API may not just give the ID to the site that requests it, but also may synchronize other user data across multiple platforms.Permalink On twitter.com
❤️ 4 Favorites
Mood 0
-
Permalink On twitter.com
❤️ 2 Favorites
Mood 0
-
Anyway, don't forget that T-Mobile is already doing this in the US and is only opt-out. vox.com/recode/22325420/t-mobile-verizon-att-ad-targeting-data 9to5mac.com/2021/03/09/t-mobile-ad-tracking-program-opt-out/ t-mobile.com/privacy-center/education-and-resources/advertising-analytics I can't find anyone who has written about how that works technically, but would be interested in reading.Permalink On twitter.com
❤️ 14 Favorites
Mood +3 🙂