SlideShare una empresa de Scribd logo

Blackhat Analytics 3 @ superweek - Do be evil: Force awakens

Descargar como PPTX, PDF
Phil Pearce
Phil Pearce

This document provides an overview of blackhat analytics techniques from the perspective of an analytics expert named Phil Pearce. It begins with Phil introducing himself and his background. The document then defines blackhat analytics and discusses its history, including early malicious techniques, intentional abusing of analytics systems, and accidentally abusing systems. It provides examples of light and dark tasks involving analytics and concludes with discussion questions.

Software
1 de 65
BlackHat Analytics 3: Do Be evil: Force Awakens
#SPWK @philpearce Web Analytics Exchange mentor 750 GA questions answered Tracking protection group (DNT) Welcome Phil Pearce Analytics Expert & Master of the Dark Arts Freelancer @philpearce linkedin.com/in/philpearce
Fun fact... I`m an identical Twin... #SPWK @philpearce ...He recently got married
I organised a Stag party for my Brother... As you can see - I`m the evil one ;) #SPWK @philpearce
Why was I Darth Maul... Because my uncle was... #SPWK @philpearce Darth Vader!
Blackhat Analytics Summary 1. Definition 2. History and evolution 3. Example Techniques 4. Light & Dark task 5. Questions #SPWK @philpearce
A long time ago... … in a google universe far, far away...
Define: Blackhat Analytics
Define: Blackhat Analytics Define: Blackhat Analytics “0” results
If you do this search now... Define: Blackhat Analytics
It turns out... ...I know more than Google ;) Me Me Me Me
Definition Intentional act of distorting, deleting, unethically using, or hijacking WA data using technical or legal loopholes; with the goal of making financial gains, or obtaining a competitive advantage. Phil Pearce 2009
How did we get here… 1. Intentional abusing the system. 2. Accidentally abusing the system 3. Automatically monitoring & enforcement of the system
1. Intentional Abusing the system
Early Malicious techniques/attacks Referral backlink log spam (depreciated SEO technique) These links no-followed and no longer pass pagerank
Referral backlink log spam (to get traffic from website owners) Early Malicious techniques/attacks Exclude bots GA setting Should prevent this
Early Malicious techniques/attacks GA log spam (Spider visit loading JS) Exclude Robot hits via IAB blacklist tickbox in GA
Early Malicious techniques/attacks Visited links CSS hack (History Sniffing) Browser patch rollout for link colours (method made harmless)
Early Malicious techniques/attacks Flash cookie respawn (Zombie Cookies) Chrome privacy settings integrated with Flash Winduw control panel
Early Malicious techniques/attacks EverCookie (all of the previous techniques and more!) Tor browser (anonymous browsing)
Revenue Spam
Counter-measure for Revenue Spam https://developers.google.com/analytics/devguides/collection/analyticsjs/enhanced-ecommerce#measuring-refunds Tool to manually fix… bit.ly/bigintegerfix
*edge case example: small startups like beencounter Intentional blackhat is rare and users don’t cares
2. Accidentally abusing the system
www.yoursite.com privacy@google.com https://support.google.com/adwords/answer/8206?contact=1&rd=1 site:comptetitor.com inurl:"utm_content * gmail.com“ https://www.google.com/search?q=inurl:de+inurl:utm_content+*+gmail+-blog+- google&pws=0&num=100&filter=0&as_qdr=all&cad=b&biw=1921&bih=869&dpr=1&cad=cb v&sei=qkK9VKiRHJLvat-ggbgF e.g. www.centredeformationjuridique.com/E- learning/v3/soutien/interface/index.php?page=cs.call_menu&menu_use=[ID_MENU]&email =NAME.REMOVED@gmail.com&mdp=coutcout&utm_medium=SMS&utm_source=CS_2 014&utm_campaign=ouverture_inscriptions_intensif2&utm_content=Paris Accidental email PII
Google Analytics Skip to content GOOGLE ANALYTICS TERMS OF SERVICE These Google Analytics Terms of Service (this "Agreement") are entered into by Google Inc. ("Google") and the entity executing this Agreement ("You"). This Agreement governs Your use of the standard Google Analytics (the "Service"). BY CLICKING THE "I ACCEPT" BUTTON, COMPLETING THE REGISTRATION PROCESS, OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE REVIEWED AND ACCEPT THIS AGREEMENT AND ARE AUTHORIZED TO ACT ON BEHALF OF, AND BIND TO THIS AGREEMENT, THE OWNER OF THIS ACCOUNT. In consideration of the foregoing, the parties agree as follows: 1. Definitions. "Account" refers to the billing account for the Service. All Profiles linked to a single Property will have their Hits aggregated before determining the charge for the Service for that Property. "Confidential Information" includes any proprietary data and any other information disclosed by one party to the other in writing and Google Analyses TOS Skip..
Results in… GA account deleted (if violation). You must not collect any data that personally identifies an individual such as a: 1. full name 2. email address 3. billing information GA account deleted (if violation)
Don’t worry…. PII capture is not enforced 1. Its not pro-actively (automatic) enforced 2. only re-active (manual) enforcement. The same for… You must post a link to a Privacy Policy which has an opt-out…
Validation that a privacy link is present is not automatically checked 0.24% of domains using GA are compliant! =(17000+341+36000+11000)/26416097= 0.24%
• https://ahrefs.com/site-explorer/overview/prefix/?target=www.google.com/policies/privacy/partners/ • https://ahrefs.com/site-explorer/overview/prefix/?target=tools.google.com/dlpage/gaoptout • https://ahrefs.com/site-explorer/overview/prefix/?target=www.aboutads.info/choices/ Validation that a privacy link is present is not automatically checked Est 5% German websites backlinks Link growth to this page should be increasing based on GA usage, only tiny increases.
No one pro-actively monitors because cookies are harmless
3. Automatically monitoring & enforcement of the system. aka Automatic “Health checks”
Example…
2 years reign! Infighting & disunity between Advertisers & Privacy Advocates. Definition of Tracking (DNT) still not defined! http://www.theregister.co.uk/2013/11/05/do_not_track_w3c_ads_privacy/ W3C republic
Group disbanded Peter Swire - Chief resign Jonathan Mayer – Firefox resigns Digital Advertisers Association – leaves group! Old W3C republic Key member: Thomas Roessler joins Google!
Imperial Durnt, durnt, durnt… durnt, dan ner! External Feedback mechanism
New Imperial Advertising Principles AdChoices proposed as replacement for W3C`s DNT Source: http://www.adweek.com/news/technology/daa-convene-new-do-not-track-group-updated-153023
http://www.wordstream.com/blog/ws/2014/01/22/adchoices http://www.youronlinechoices.com/hu/ http://blog.silktide.com/2013/01/the-stupid-cookie-law-is-dead-at-last/ Feedback example
ICO cookie law investigations – did`nt happen As they got more complaints about spam text messages, so focused on this instead.
SilkTide example from UK
Are users Cookies for sale on SilkRoad Litmus test
No one cares users are not complaining hence, regulators are not enforcing.
3. Google lost market share in search now they care!
Google Adwords privacy cpc tax SSL as ranking signal SERP ranking organic bonus. Google “trusted stores” program Note: See “Privacy as a ranking factor slides” and TrustFactor video.
Practical Example…
Light Score 1. Do you have a Privacy Policy? +1 2. Do you link to Privacy Policy on global footer(or header) try.powermapper.com +1 3. HTML links on Privacy Policy: • Do you mention you use cookies OR link to “How Google uses cookie data“ www.google.com/policies/privacy/partners/ +0.25 • Do you mention the word “Do Not Track” or DNT on privacy policy +0.25 • Link to GA opt-out plugin OR GA opt-out page +0.25 • Link to DoubleClick remarketing opt-out OR Adchoices link +0.25 4. Has your Privacy Policy has been updated within the last 12months +1 5. If your using session recording (e.g. ClickTale) have you set sensitive fields to either type=password OR have relevant class: <input id="CreditCardPin" class="tracking- sensitive ClickTaleSensitive -metrika-nokeys“type="text"> +1 6. Is AnonymiseIP enabled for German Visitors +1 7. Is GTM`s 2 stage authentication login setting enabled OR similar TMS setting +1 8. Do you have a GA custom email alert for URLs containing “@” or “@gmail” +1 9. GA exclude traffic from robot setting is enabled +1 10.You have actioned atleast one GA heathcheck alert +1 Ref: www.google.com/analytics/terms/us.html [n] / 10
Force Rankings: Make a note of your Light score
Darkness and the Light - scorings 10 Yoda 6-8 Luke 3-5 Leia 0-2 Chewbacca 0 Neutral Zone - 0-2 Darth Maul - 3-5 Count Dooku - 6-8 Darth Vader - 10 Darth Sideous Light score -
Dark Score 1. 3rd party cookies are being deployed on your website -1 2. Have not enable frequency capping on Display network -1 3. UserID tracking is enabled, but not declared to users on privacy page. 4. GA`s data append via CSV upload (dimension widening) for userID as a customDimension using sensitive data (e.g. Financial grouping/status based on users postcode/address) -1 5. Using Device Signature (Android App only) -1 6. Email address stored in GA url report -1 7. Storing passwords in GA URL report -1 8. Respawn of users sessionID cookie, after the user tries to clear cookie -1 9. Using any of the techniques mentioned on evercookie -1 10.Using GA to track progress of trojan virus installations -100 [n] / 10
Force Rankings: Make a note of your Dark score
Darkness and the Light - scorings 10 Yoda 6-8 Luke 3-5 Leia 0-2 Chewbacca 0 Neutral Zone - 0-2 Darth Maul - 3-5 Count Dooku - 6-8 Darth Vader - 10 Darth Sideous Light score Dark Score - -
Now: Light Score - Dark score = Actual score
Darkness and the Light - scorings 10 Yoda 6-8 Luke 3-5 Leia 0-2 Chewbacca 0 Neutral Zone - 0-2 Darth Maul - 3-5 Count Dooku - 6-8 Darth Vader - 10 Darth Sideous Light score Dark Score Sum of both - - -
Malintent Accidental Bad Good Overall Score? -10 +10
If you got a dark score join these…  “MOA code of conduct” or “DAA code of ethics” will eventually introduce one www.digitalanalyticsassociation.org/codeofethics www.moaweb.nl/Richtlijnen/internationale-gedragscodes-en-richtlijnen/2012-09-17%20GRBN%20Code%20Comparison.pdf/view
Thanks & Questions #SPWK @philpearce
Appendix…
DISCLAIMER – I`m not a lawyer GA terms of service http://www.google.com/analytics/terms/us.html http://www.google.com/analytics/learn/privacy.html Privacy Trouble shooter http://support.google.com/bin/static.py?hl=en&ts=1291807&page=ts.cs Report a privacy concern http://www.google.com/contact/ Contact Google Analytics http://support.google.com/analytics/bin/request.py?hlrm=en&contact_type=contact_policy https://support.google.com/adwords/answer/8206?contact=1&rd=1 Report a security concern security@google.com http://www.google.com/security.html
Discussion Questions  How much is your data worth?  Can you afford to drive traffic in the dark with no insight?  Is PII or sensitive data or urls being accidentally tracked?  When was the last time you audited your WA installation?  Are you capturing data that easily allows an individual to be “linked” or “re-identified” by Google (e.g. detailed demographic data example, or Netflix.com + IMDB.com example1 or example2)
Related presentations & resources . CookieTAB virus screenshots https://www.dropbox.com/s/w0gprycb23ajguw/2011_03_18%20CookieTAB%20virus%20scr eenshots%20.pptx Effect of EU Cookie law on US businesses: https://www.dropbox.com/s/ces1m53mm7o4gmm/2012-10- 04%20GAUGE%20Boston%20- %20Effect%20of%20EU%20Cookie%20law%20on%20US%20organisations.pptx Recipe for a Cookie Law https://www.dropbox.com/s/l9n3gchusdv57bm/2011_03_18%20Recipe%20for%20a%20Co okie%20Law%20by%20Phil%20Pearce%20.pptx Cookie law Implementation Examples https://www.dropbox.com/s/7q8qfxesk44tpkc/Implimentation%20Examples%20by%20Phil %20Pearce%202012_03_18.pptx Cookie compliance Audit - Example.docx https://www.dropbox.com/s/idyrql6c1aniaw6/01%20UK%20Cookie%20compliance%20Audi t%20-%20Example.docx CookieLaw research in 90mb Dropbox: https://www.dropbox.com/s/uapu90d7rc2uxl1/2012_Cookie_Law_Resources_Folder_40mb _Download.zip
Appendix External privacy feedback mechanisms: safeharbor.export.gov/companyinfo.aspx?id=16626 feedback-form.truste.com/watchdog/request?url=www.google.com www.bbb.org/sanjose/business-reviews/internet-services/google-in-mountain-view-ca- 214105/file-a-complaint www.networkadvertising.org/contact-support/report-problem/i-would-report-violation-of-nai- code-nai-member-company-2 www.snapsurveys.com/swh/surveylogin.asp?k=133707671186 [ICO.gov.uk form] addons.mozilla.org/en-US/firefox/addon/privacy-dashboard/ [W3C feedback mechanism] www.google.com/trends/explore?hl=en#cat=0-14-54-1281&geo=US&date=today%203- m&cmpt=q [user web searches in category of “privacy” per country] Security & Privacy prize of upto £13K offered by Google for detecting holes: www.google.com/about/appsecurity/reward-program/ blog.chromium.org/2012/08/announcing-pwnium-2.html Example XSS hole in GA found in 2008: derkeiler.com/Mailing-Lists/Full-Disclosure/2008- 12/msg00200.html Open Source feedback techniques fourthparty.info/data appanalysis.org/download.html Free to check cookie databases: www.cookielaw.org/cookie-search.aspx?domain=http://www.facebook.com www.cookiecert.com/cookies-for-facebook.com privacyscore.com/score_details/2a03b4fe8d9d4eb8b4fb0ccf356cbaaa/showcase

Recomendados

Blackhat Analyics 4: May the 25th be with you!
Blackhat Analyics 4: May the 25th be with you!Blackhat Analyics 4: May the 25th be with you!
Blackhat Analyics 4: May the 25th be with you!
Phil Pearce
 
Blackhat Analytics - DarkScore test to printout
Blackhat Analytics - DarkScore test to printoutBlackhat Analytics - DarkScore test to printout
Blackhat Analytics - DarkScore test to printout
Phil Pearce
 
SEO dataLayer 2: Entity Wars
SEO dataLayer 2: Entity WarsSEO dataLayer 2: Entity Wars
SEO dataLayer 2: Entity Wars
Phil Pearce
 
Clicktale Vendor Privacy Audit (August 2013)
Clicktale Vendor Privacy Audit (August 2013)Clicktale Vendor Privacy Audit (August 2013)
Clicktale Vendor Privacy Audit (August 2013)
Phil Pearce
 
How can a data layer help my seo
How can a data layer help my seoHow can a data layer help my seo
How can a data layer help my seo
Phil Pearce
 
29 Advanced Google Tag Manager Tips Every Marketer Should Know
29 Advanced Google Tag Manager Tips Every Marketer Should Know29 Advanced Google Tag Manager Tips Every Marketer Should Know
29 Advanced Google Tag Manager Tips Every Marketer Should Know
Mike Arnesen
 
Plan a Digital Analytics Training Strategy for an Analytics Agency
Plan a Digital Analytics Training Strategy for an Analytics AgencyPlan a Digital Analytics Training Strategy for an Analytics Agency
Plan a Digital Analytics Training Strategy for an Analytics Agency
Phil Pearce
 
Browser Tracking Protections - SuperWeek 2020
Browser Tracking Protections - SuperWeek 2020Browser Tracking Protections - SuperWeek 2020
Browser Tracking Protections - SuperWeek 2020
Simo Ahava
 

Recomendados

Blackhat Analyics 4: May the 25th be with you!
Blackhat Analyics 4: May the 25th be with you!Blackhat Analyics 4: May the 25th be with you!
Blackhat Analyics 4: May the 25th be with you!
Phil Pearce
 
Blackhat Analytics - DarkScore test to printout
Blackhat Analytics - DarkScore test to printoutBlackhat Analytics - DarkScore test to printout
Blackhat Analytics - DarkScore test to printout
Phil Pearce
 
SEO dataLayer 2: Entity Wars
SEO dataLayer 2: Entity WarsSEO dataLayer 2: Entity Wars
SEO dataLayer 2: Entity Wars
Phil Pearce
 
Clicktale Vendor Privacy Audit (August 2013)
Clicktale Vendor Privacy Audit (August 2013)Clicktale Vendor Privacy Audit (August 2013)
Clicktale Vendor Privacy Audit (August 2013)
Phil Pearce
 
How can a data layer help my seo
How can a data layer help my seoHow can a data layer help my seo
How can a data layer help my seo
Phil Pearce
 
29 Advanced Google Tag Manager Tips Every Marketer Should Know
29 Advanced Google Tag Manager Tips Every Marketer Should Know29 Advanced Google Tag Manager Tips Every Marketer Should Know
29 Advanced Google Tag Manager Tips Every Marketer Should Know
Mike Arnesen
 
Plan a Digital Analytics Training Strategy for an Analytics Agency
Plan a Digital Analytics Training Strategy for an Analytics AgencyPlan a Digital Analytics Training Strategy for an Analytics Agency
Plan a Digital Analytics Training Strategy for an Analytics Agency
Phil Pearce
 
Browser Tracking Protections - SuperWeek 2020
Browser Tracking Protections - SuperWeek 2020Browser Tracking Protections - SuperWeek 2020
Browser Tracking Protections - SuperWeek 2020
Simo Ahava
 
Analytics Tools to improve Customer Insight
Analytics Tools to improve Customer InsightAnalytics Tools to improve Customer Insight
Analytics Tools to improve Customer Insight
Phil Pearce
 
Google Analytics and Google Tag Manager for Startups
Google Analytics and Google Tag Manager for StartupsGoogle Analytics and Google Tag Manager for Startups
Google Analytics and Google Tag Manager for Startups
Joost Hoogstrate
 
Google tag manager fundamentals question and answer (june 23 and july 24, 2015)
Google tag manager fundamentals question and answer (june 23 and july 24, 2015)Google tag manager fundamentals question and answer (june 23 and july 24, 2015)
Google tag manager fundamentals question and answer (june 23 and july 24, 2015)
Mahendra Patel
 
Rationalizing Tag Management
Rationalizing Tag ManagementRationalizing Tag Management
Rationalizing Tag Management
Simo Ahava
 
[Part 1] understand google search console outrankco
[Part 1] understand google search console outrankco[Part 1] understand google search console outrankco
[Part 1] understand google search console outrankco
Outrankco Pte Ltd
 
Raleigh SEO Meetup April 2018 - Dan Hinckley
Raleigh SEO Meetup April 2018 - Dan HinckleyRaleigh SEO Meetup April 2018 - Dan Hinckley
Raleigh SEO Meetup April 2018 - Dan Hinckley
Danny Hinckley
 
Bridging google analytics &amp; tag manager #melbseo meetup
Bridging google analytics &amp; tag manager #melbseo meetupBridging google analytics &amp; tag manager #melbseo meetup
Bridging google analytics &amp; tag manager #melbseo meetup
Daniel Wild
 
Google Tag Manager Can Do What
Google Tag Manager Can Do WhatGoogle Tag Manager Can Do What
Google Tag Manager Can Do What
patrickstox
 
Troubleshooting Technical SEO Problems - Patrick Stox - Raleigh SEO Meetup
Troubleshooting Technical SEO Problems - Patrick Stox - Raleigh SEO MeetupTroubleshooting Technical SEO Problems - Patrick Stox - Raleigh SEO Meetup
Troubleshooting Technical SEO Problems - Patrick Stox - Raleigh SEO Meetup
patrickstox
 
Everyone Screws Up HTTPS
Everyone Screws Up HTTPSEveryone Screws Up HTTPS
Everyone Screws Up HTTPS
patrickstox
 
Google+ platform (9-15-2011)
Google+ platform (9-15-2011)Google+ platform (9-15-2011)
Google+ platform (9-15-2011)
brada
 
Creating Custom Actions in SharePoint 2010
Creating Custom Actions in SharePoint 2010Creating Custom Actions in SharePoint 2010
Creating Custom Actions in SharePoint 2010
Geoff Varosky
 
SES Hong Kong 2013: Updating strategies: why traditional content spamming met...
SES Hong Kong 2013: Updating strategies: why traditional content spamming met...SES Hong Kong 2013: Updating strategies: why traditional content spamming met...
SES Hong Kong 2013: Updating strategies: why traditional content spamming met...
Pak Hou Cheung
 
SMX Advanced 2018 Solving Complex SEO Problems by Patrick Stox
SMX Advanced 2018 Solving Complex SEO Problems by Patrick StoxSMX Advanced 2018 Solving Complex SEO Problems by Patrick Stox
SMX Advanced 2018 Solving Complex SEO Problems by Patrick Stox
patrickstox
 
Better Safe Than Sorry with HTTPS - SMX East 2016 - Patrick Stox
Better Safe Than Sorry with HTTPS - SMX East 2016 - Patrick StoxBetter Safe Than Sorry with HTTPS - SMX East 2016 - Patrick Stox
Better Safe Than Sorry with HTTPS - SMX East 2016 - Patrick Stox
patrickstox
 
NLP Sitemap SMX 2016 Patrick Stox Latest In Advanced Technical SEO
NLP Sitemap SMX 2016 Patrick Stox Latest In Advanced Technical SEONLP Sitemap SMX 2016 Patrick Stox Latest In Advanced Technical SEO
NLP Sitemap SMX 2016 Patrick Stox Latest In Advanced Technical SEO
patrickstox
 
Benefits of Google Tag Manager
Benefits of Google Tag ManagerBenefits of Google Tag Manager
Benefits of Google Tag Manager
Phil Pearce
 
Complete Ga Power User Web
Complete Ga Power User WebComplete Ga Power User Web
Complete Ga Power User Web
Roman Zykov
 
Google's Top 3 Ranking Factors - Content, Links, and RankBrain - Raleigh SEO ...
Google's Top 3 Ranking Factors - Content, Links, and RankBrain - Raleigh SEO ...Google's Top 3 Ranking Factors - Content, Links, and RankBrain - Raleigh SEO ...
Google's Top 3 Ranking Factors - Content, Links, and RankBrain - Raleigh SEO ...
patrickstox
 
Google Search Console and controlling the spam in Analytics
Google Search Console and controlling the spam in AnalyticsGoogle Search Console and controlling the spam in Analytics
Google Search Console and controlling the spam in Analytics
Mickey Mellen
 
Blackhat Analytics 2 @ Superweek
Blackhat Analytics 2 @ SuperweekBlackhat Analytics 2 @ Superweek
Blackhat Analytics 2 @ Superweek
Phil Pearce
 
Google Policy Primer
Google Policy PrimerGoogle Policy Primer
Google Policy Primer
Irene Pollak
 

Más contenido relacionado

La actualidad más candente

Analytics Tools to improve Customer Insight
Analytics Tools to improve Customer InsightAnalytics Tools to improve Customer Insight
Analytics Tools to improve Customer Insight
Phil Pearce
 
Google+ platform (9-15-2011)
Google+ platform (9-15-2011)Google+ platform (9-15-2011)
Google+ platform (9-15-2011)
brada
 
Complete Ga Power User Web
Complete Ga Power User WebComplete Ga Power User Web
Complete Ga Power User Web
Roman Zykov
 

La actualidad más candente (20)

Analytics Tools to improve Customer Insight
Analytics Tools to improve Customer InsightAnalytics Tools to improve Customer Insight
Analytics Tools to improve Customer Insight
 
Google Analytics and Google Tag Manager for Startups
Google Analytics and Google Tag Manager for StartupsGoogle Analytics and Google Tag Manager for Startups
Google Analytics and Google Tag Manager for Startups
 
Google tag manager fundamentals question and answer (june 23 and july 24, 2015)
Google tag manager fundamentals question and answer (june 23 and july 24, 2015)Google tag manager fundamentals question and answer (june 23 and july 24, 2015)
Google tag manager fundamentals question and answer (june 23 and july 24, 2015)
 
Rationalizing Tag Management
Rationalizing Tag ManagementRationalizing Tag Management
Rationalizing Tag Management
 
[Part 1] understand google search console outrankco
[Part 1] understand google search console outrankco[Part 1] understand google search console outrankco
[Part 1] understand google search console outrankco
 
Raleigh SEO Meetup April 2018 - Dan Hinckley
Raleigh SEO Meetup April 2018 - Dan HinckleyRaleigh SEO Meetup April 2018 - Dan Hinckley
Raleigh SEO Meetup April 2018 - Dan Hinckley
 
Bridging google analytics &amp; tag manager #melbseo meetup
Bridging google analytics &amp; tag manager #melbseo meetupBridging google analytics &amp; tag manager #melbseo meetup
Bridging google analytics &amp; tag manager #melbseo meetup
 
Google Tag Manager Can Do What
Google Tag Manager Can Do WhatGoogle Tag Manager Can Do What
Google Tag Manager Can Do What
 
Troubleshooting Technical SEO Problems - Patrick Stox - Raleigh SEO Meetup
Troubleshooting Technical SEO Problems - Patrick Stox - Raleigh SEO MeetupTroubleshooting Technical SEO Problems - Patrick Stox - Raleigh SEO Meetup
Troubleshooting Technical SEO Problems - Patrick Stox - Raleigh SEO Meetup
 
Everyone Screws Up HTTPS
Everyone Screws Up HTTPSEveryone Screws Up HTTPS
Everyone Screws Up HTTPS
 
Google+ platform (9-15-2011)
Google+ platform (9-15-2011)Google+ platform (9-15-2011)
Google+ platform (9-15-2011)
 
Creating Custom Actions in SharePoint 2010
Creating Custom Actions in SharePoint 2010Creating Custom Actions in SharePoint 2010
Creating Custom Actions in SharePoint 2010
 
SES Hong Kong 2013: Updating strategies: why traditional content spamming met...
SES Hong Kong 2013: Updating strategies: why traditional content spamming met...SES Hong Kong 2013: Updating strategies: why traditional content spamming met...
SES Hong Kong 2013: Updating strategies: why traditional content spamming met...
 
SMX Advanced 2018 Solving Complex SEO Problems by Patrick Stox
SMX Advanced 2018 Solving Complex SEO Problems by Patrick StoxSMX Advanced 2018 Solving Complex SEO Problems by Patrick Stox
SMX Advanced 2018 Solving Complex SEO Problems by Patrick Stox
 
Better Safe Than Sorry with HTTPS - SMX East 2016 - Patrick Stox
Better Safe Than Sorry with HTTPS - SMX East 2016 - Patrick StoxBetter Safe Than Sorry with HTTPS - SMX East 2016 - Patrick Stox
Better Safe Than Sorry with HTTPS - SMX East 2016 - Patrick Stox
 
NLP Sitemap SMX 2016 Patrick Stox Latest In Advanced Technical SEO
NLP Sitemap SMX 2016 Patrick Stox Latest In Advanced Technical SEONLP Sitemap SMX 2016 Patrick Stox Latest In Advanced Technical SEO
NLP Sitemap SMX 2016 Patrick Stox Latest In Advanced Technical SEO
 
Benefits of Google Tag Manager
Benefits of Google Tag ManagerBenefits of Google Tag Manager
Benefits of Google Tag Manager
 
Complete Ga Power User Web
Complete Ga Power User WebComplete Ga Power User Web
Complete Ga Power User Web
 
Google's Top 3 Ranking Factors - Content, Links, and RankBrain - Raleigh SEO ...
Google's Top 3 Ranking Factors - Content, Links, and RankBrain - Raleigh SEO ...Google's Top 3 Ranking Factors - Content, Links, and RankBrain - Raleigh SEO ...
Google's Top 3 Ranking Factors - Content, Links, and RankBrain - Raleigh SEO ...
 
Google Search Console and controlling the spam in Analytics
Google Search Console and controlling the spam in AnalyticsGoogle Search Console and controlling the spam in Analytics
Google Search Console and controlling the spam in Analytics
 

Similar a Blackhat Analytics 3 @ superweek - Do be evil: Force awakens

Potential Advantages Of An Insider Attack
Potential Advantages Of An Insider AttackPotential Advantages Of An Insider Attack
Potential Advantages Of An Insider Attack
Susan Kennedy
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 
SPS Utah 2016 - Unlock your big data with analytics and BI on Office 365
SPS Utah 2016 - Unlock your big data with analytics and BI on Office 365SPS Utah 2016 - Unlock your big data with analytics and BI on Office 365
SPS Utah 2016 - Unlock your big data with analytics and BI on Office 365
Brian Culver
 
SPT 104 Unlock your big data with analytics and BI on Office 365
SPT 104 Unlock your big data with analytics and BI on Office 365SPT 104 Unlock your big data with analytics and BI on Office 365
SPT 104 Unlock your big data with analytics and BI on Office 365
Brian Culver
 

Similar a Blackhat Analytics 3 @ superweek - Do be evil: Force awakens (20)

Blackhat Analytics 2 @ Superweek
Blackhat Analytics 2 @ SuperweekBlackhat Analytics 2 @ Superweek
Blackhat Analytics 2 @ Superweek
 
Google Policy Primer
Google Policy PrimerGoogle Policy Primer
Google Policy Primer
 
Phil Pearce - Blackhat analytics
Phil Pearce - Blackhat analyticsPhil Pearce - Blackhat analytics
Phil Pearce - Blackhat analytics
 
GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty
 
Evolution or Extinction: Survive and Thrive with New Google Analytics Features
Evolution or Extinction: Survive and Thrive with New Google Analytics FeaturesEvolution or Extinction: Survive and Thrive with New Google Analytics Features
Evolution or Extinction: Survive and Thrive with New Google Analytics Features
 
Designing for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teamsDesigning for privacy: 3 essential UX habits for product teams
Designing for privacy: 3 essential UX habits for product teams
 
Google Analytics with an Intro to Google Tag Manager for Austin WordPress Meetup
Google Analytics with an Intro to Google Tag Manager for Austin WordPress MeetupGoogle Analytics with an Intro to Google Tag Manager for Austin WordPress Meetup
Google Analytics with an Intro to Google Tag Manager for Austin WordPress Meetup
 
GDPR - What You Need To Know
GDPR - What You Need To KnowGDPR - What You Need To Know
GDPR - What You Need To Know
 
Google Analytics location data visualised with CARTO & BigQuery
Google Analytics location data visualised with CARTO & BigQueryGoogle Analytics location data visualised with CARTO & BigQuery
Google Analytics location data visualised with CARTO & BigQuery
 
Potential Advantages Of An Insider Attack
Potential Advantages Of An Insider AttackPotential Advantages Of An Insider Attack
Potential Advantages Of An Insider Attack
 
Bi social vet_ga_day_1
Bi social vet_ga_day_1Bi social vet_ga_day_1
Bi social vet_ga_day_1
 
eBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardseBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
 
Unlock your Big Data with Analytics and BI on Office 365
Unlock your Big Data with Analytics and BI on Office 365Unlock your Big Data with Analytics and BI on Office 365
Unlock your Big Data with Analytics and BI on Office 365
 
6 advance tracking features of google analytics
6 advance tracking features of google analytics6 advance tracking features of google analytics
6 advance tracking features of google analytics
 
Google Analytics Training Seminar - Vorian Agency
Google Analytics Training Seminar - Vorian AgencyGoogle Analytics Training Seminar - Vorian Agency
Google Analytics Training Seminar - Vorian Agency
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
SPS Utah 2016 - Unlock your big data with analytics and BI on Office 365
SPS Utah 2016 - Unlock your big data with analytics and BI on Office 365SPS Utah 2016 - Unlock your big data with analytics and BI on Office 365
SPS Utah 2016 - Unlock your big data with analytics and BI on Office 365
 
SPT 104 Unlock your big data with analytics and BI on Office 365
SPT 104 Unlock your big data with analytics and BI on Office 365SPT 104 Unlock your big data with analytics and BI on Office 365
SPT 104 Unlock your big data with analytics and BI on Office 365
 
Tracking across devices
Tracking across devices Tracking across devices
Tracking across devices
 

Más de Phil Pearce

Más de Phil Pearce (20)

GTM container positions: a summary of best & worst
GTM container positions: a summary of best & worstGTM container positions: a summary of best & worst
GTM container positions: a summary of best & worst
 
Digital Analytic & SEO Acceleration
Digital Analytic & SEO AccelerationDigital Analytic & SEO Acceleration
Digital Analytic & SEO Acceleration
 
Photos of LaserBowling @ MeasureCamp Cardiff 2
Photos of LaserBowling @ MeasureCamp Cardiff 2Photos of LaserBowling @ MeasureCamp Cardiff 2
Photos of LaserBowling @ MeasureCamp Cardiff 2
 
Measurebowling Nerdshirts 2017-06-08
Measurebowling Nerdshirts 2017-06-08Measurebowling Nerdshirts 2017-06-08
Measurebowling Nerdshirts 2017-06-08
 
Morphing GA into an Affiliate Analytics Monster
Morphing GA into an Affiliate Analytics MonsterMorphing GA into an Affiliate Analytics Monster
Morphing GA into an Affiliate Analytics Monster
 
The Kamasutra of GTM container positions
The Kamasutra of GTM container positionsThe Kamasutra of GTM container positions
The Kamasutra of GTM container positions
 
Common mistakes with media tagging (utm tags) and how to fix them!
Common mistakes with media tagging (utm tags) and how to fix them!Common mistakes with media tagging (utm tags) and how to fix them!
Common mistakes with media tagging (utm tags) and how to fix them!
 
QR code uses cases & Digital Marketing podcasts
QR code uses cases & Digital Marketing podcastsQR code uses cases & Digital Marketing podcasts
QR code uses cases & Digital Marketing podcasts
 
Analytics Crystal maze
Analytics Crystal mazeAnalytics Crystal maze
Analytics Crystal maze
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!
 
GTM Tools Checklist
GTM Tools ChecklistGTM Tools Checklist
GTM Tools Checklist
 
Google Data Studio - First impressions @ Measurecamp
Google Data Studio - First impressions @ MeasurecampGoogle Data Studio - First impressions @ Measurecamp
Google Data Studio - First impressions @ Measurecamp
 
Supercharging your Organic CTR
Supercharging your Organic CTRSupercharging your Organic CTR
Supercharging your Organic CTR
 
Example cookie compliance audit
Example cookie compliance auditExample cookie compliance audit
Example cookie compliance audit
 
Example SEO audit
Example SEO auditExample SEO audit
Example SEO audit
 
SEO analytics: How to report & improve performance
SEO analytics: How to report & improve performanceSEO analytics: How to report & improve performance
SEO analytics: How to report & improve performance
 
CRO analytics - How to Continually Optimise
CRO analytics - How to Continually OptimiseCRO analytics - How to Continually Optimise
CRO analytics - How to Continually Optimise
 
"Taster Slides" for Most advanced GTM implementation
"Taster Slides" for Most advanced GTM implementation"Taster Slides" for Most advanced GTM implementation
"Taster Slides" for Most advanced GTM implementation
 
Analytics & Optimisation for University sites
Analytics & Optimisation for University sitesAnalytics & Optimisation for University sites
Analytics & Optimisation for University sites
 
Digital analytics upskilling & career tips
Digital analytics upskilling & career tipsDigital analytics upskilling & career tips
Digital analytics upskilling & career tips
 

Último

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 

Último (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 

Blackhat Analytics 3 @ superweek - Do be evil: Force awakens

  • 1. BlackHat Analytics 3: Do Be evil: Force Awakens
  • 2. #SPWK @philpearce Web Analytics Exchange mentor 750 GA questions answered Tracking protection group (DNT) Welcome Phil Pearce Analytics Expert & Master of the Dark Arts Freelancer @philpearce linkedin.com/in/philpearce
  • 3. Fun fact... I`m an identical Twin... #SPWK @philpearce ...He recently got married
  • 4. I organised a Stag party for my Brother... As you can see - I`m the evil one ;) #SPWK @philpearce
  • 5. Why was I Darth Maul... Because my uncle was... #SPWK @philpearce Darth Vader!
  • 6. Blackhat Analytics Summary 1. Definition 2. History and evolution 3. Example Techniques 4. Light & Dark task 5. Questions #SPWK @philpearce
  • 7. A long time ago... … in a google universe far, far away...
  • 9. Define: Blackhat Analytics Define: Blackhat Analytics “0” results
  • 10. If you do this search now... Define: Blackhat Analytics
  • 11. It turns out... ...I know more than Google ;) Me Me Me Me
  • 12. Definition Intentional act of distorting, deleting, unethically using, or hijacking WA data using technical or legal loopholes; with the goal of making financial gains, or obtaining a competitive advantage. Phil Pearce 2009
  • 13. How did we get here… 1. Intentional abusing the system. 2. Accidentally abusing the system 3. Automatically monitoring & enforcement of the system
  • 15. Early Malicious techniques/attacks Referral backlink log spam (depreciated SEO technique) These links no-followed and no longer pass pagerank
  • 16. Referral backlink log spam (to get traffic from website owners) Early Malicious techniques/attacks Exclude bots GA setting Should prevent this
  • 17. Early Malicious techniques/attacks GA log spam (Spider visit loading JS) Exclude Robot hits via IAB blacklist tickbox in GA
  • 18. Early Malicious techniques/attacks Visited links CSS hack (History Sniffing) Browser patch rollout for link colours (method made harmless)
  • 19. Early Malicious techniques/attacks Flash cookie respawn (Zombie Cookies) Chrome privacy settings integrated with Flash Winduw control panel
  • 20. Early Malicious techniques/attacks EverCookie (all of the previous techniques and more!) Tor browser (anonymous browsing)
  • 22. Counter-measure for Revenue Spam https://developers.google.com/analytics/devguides/collection/analyticsjs/enhanced-ecommerce#measuring-refunds Tool to manually fix… bit.ly/bigintegerfix
  • 23. *edge case example: small startups like beencounter Intentional blackhat is rare and users don’t cares
  • 24.
  • 26. www.yoursite.com privacy@google.com https://support.google.com/adwords/answer/8206?contact=1&rd=1 site:comptetitor.com inurl:"utm_content * gmail.com“ https://www.google.com/search?q=inurl:de+inurl:utm_content+*+gmail+-blog+- google&pws=0&num=100&filter=0&as_qdr=all&cad=b&biw=1921&bih=869&dpr=1&cad=cb v&sei=qkK9VKiRHJLvat-ggbgF e.g. www.centredeformationjuridique.com/E- learning/v3/soutien/interface/index.php?page=cs.call_menu&menu_use=[ID_MENU]&email =NAME.REMOVED@gmail.com&mdp=coutcout&utm_medium=SMS&utm_source=CS_2 014&utm_campaign=ouverture_inscriptions_intensif2&utm_content=Paris Accidental email PII
  • 27. Google Analytics Skip to content GOOGLE ANALYTICS TERMS OF SERVICE These Google Analytics Terms of Service (this "Agreement") are entered into by Google Inc. ("Google") and the entity executing this Agreement ("You"). This Agreement governs Your use of the standard Google Analytics (the "Service"). BY CLICKING THE "I ACCEPT" BUTTON, COMPLETING THE REGISTRATION PROCESS, OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE REVIEWED AND ACCEPT THIS AGREEMENT AND ARE AUTHORIZED TO ACT ON BEHALF OF, AND BIND TO THIS AGREEMENT, THE OWNER OF THIS ACCOUNT. In consideration of the foregoing, the parties agree as follows: 1. Definitions. "Account" refers to the billing account for the Service. All Profiles linked to a single Property will have their Hits aggregated before determining the charge for the Service for that Property. "Confidential Information" includes any proprietary data and any other information disclosed by one party to the other in writing and Google Analyses TOS Skip..
  • 28. Results in… GA account deleted (if violation). You must not collect any data that personally identifies an individual such as a: 1. full name 2. email address 3. billing information GA account deleted (if violation)
  • 29. Don’t worry…. PII capture is not enforced 1. Its not pro-actively (automatic) enforced 2. only re-active (manual) enforcement. The same for… You must post a link to a Privacy Policy which has an opt-out…
  • 30. Validation that a privacy link is present is not automatically checked 0.24% of domains using GA are compliant! =(17000+341+36000+11000)/26416097= 0.24%
  • 31. • https://ahrefs.com/site-explorer/overview/prefix/?target=www.google.com/policies/privacy/partners/ • https://ahrefs.com/site-explorer/overview/prefix/?target=tools.google.com/dlpage/gaoptout • https://ahrefs.com/site-explorer/overview/prefix/?target=www.aboutads.info/choices/ Validation that a privacy link is present is not automatically checked Est 5% German websites backlinks Link growth to this page should be increasing based on GA usage, only tiny increases.
  • 32. No one pro-actively monitors because cookies are harmless
  • 33.
  • 34. 3. Automatically monitoring & enforcement of the system. aka Automatic “Health checks”
  • 36. 2 years reign! Infighting & disunity between Advertisers & Privacy Advocates. Definition of Tracking (DNT) still not defined! http://www.theregister.co.uk/2013/11/05/do_not_track_w3c_ads_privacy/ W3C republic
  • 37. Group disbanded Peter Swire - Chief resign Jonathan Mayer – Firefox resigns Digital Advertisers Association – leaves group! Old W3C republic Key member: Thomas Roessler joins Google!
  • 38. Imperial Durnt, durnt, durnt… durnt, dan ner! External Feedback mechanism
  • 39. New Imperial Advertising Principles AdChoices proposed as replacement for W3C`s DNT Source: http://www.adweek.com/news/technology/daa-convene-new-do-not-track-group-updated-153023
  • 41. ICO cookie law investigations – did`nt happen As they got more complaints about spam text messages, so focused on this instead.
  • 43. Are users Cookies for sale on SilkRoad Litmus test
  • 44. No one cares users are not complaining hence, regulators are not enforcing.
  • 45.
  • 46. 3. Google lost market share in search now they care!
  • 47. Google Adwords privacy cpc tax SSL as ranking signal SERP ranking organic bonus. Google “trusted stores” program Note: See “Privacy as a ranking factor slides” and TrustFactor video.
  • 48.
  • 50. Light Score 1. Do you have a Privacy Policy? +1 2. Do you link to Privacy Policy on global footer(or header) try.powermapper.com +1 3. HTML links on Privacy Policy: • Do you mention you use cookies OR link to “How Google uses cookie data“ www.google.com/policies/privacy/partners/ +0.25 • Do you mention the word “Do Not Track” or DNT on privacy policy +0.25 • Link to GA opt-out plugin OR GA opt-out page +0.25 • Link to DoubleClick remarketing opt-out OR Adchoices link +0.25 4. Has your Privacy Policy has been updated within the last 12months +1 5. If your using session recording (e.g. ClickTale) have you set sensitive fields to either type=password OR have relevant class: <input id="CreditCardPin" class="tracking- sensitive ClickTaleSensitive -metrika-nokeys“type="text"> +1 6. Is AnonymiseIP enabled for German Visitors +1 7. Is GTM`s 2 stage authentication login setting enabled OR similar TMS setting +1 8. Do you have a GA custom email alert for URLs containing “@” or “@gmail” +1 9. GA exclude traffic from robot setting is enabled +1 10.You have actioned atleast one GA heathcheck alert +1 Ref: www.google.com/analytics/terms/us.html [n] / 10
  • 51. Force Rankings: Make a note of your Light score
  • 52. Darkness and the Light - scorings 10 Yoda 6-8 Luke 3-5 Leia 0-2 Chewbacca 0 Neutral Zone - 0-2 Darth Maul - 3-5 Count Dooku - 6-8 Darth Vader - 10 Darth Sideous Light score -
  • 53. Dark Score 1. 3rd party cookies are being deployed on your website -1 2. Have not enable frequency capping on Display network -1 3. UserID tracking is enabled, but not declared to users on privacy page. 4. GA`s data append via CSV upload (dimension widening) for userID as a customDimension using sensitive data (e.g. Financial grouping/status based on users postcode/address) -1 5. Using Device Signature (Android App only) -1 6. Email address stored in GA url report -1 7. Storing passwords in GA URL report -1 8. Respawn of users sessionID cookie, after the user tries to clear cookie -1 9. Using any of the techniques mentioned on evercookie -1 10.Using GA to track progress of trojan virus installations -100 [n] / 10
  • 54. Force Rankings: Make a note of your Dark score
  • 55. Darkness and the Light - scorings 10 Yoda 6-8 Luke 3-5 Leia 0-2 Chewbacca 0 Neutral Zone - 0-2 Darth Maul - 3-5 Count Dooku - 6-8 Darth Vader - 10 Darth Sideous Light score Dark Score - -
  • 56. Now: Light Score - Dark score = Actual score
  • 57. Darkness and the Light - scorings 10 Yoda 6-8 Luke 3-5 Leia 0-2 Chewbacca 0 Neutral Zone - 0-2 Darth Maul - 3-5 Count Dooku - 6-8 Darth Vader - 10 Darth Sideous Light score Dark Score Sum of both - - -
  • 59. If you got a dark score join these…  “MOA code of conduct” or “DAA code of ethics” will eventually introduce one www.digitalanalyticsassociation.org/codeofethics www.moaweb.nl/Richtlijnen/internationale-gedragscodes-en-richtlijnen/2012-09-17%20GRBN%20Code%20Comparison.pdf/view
  • 62. DISCLAIMER – I`m not a lawyer GA terms of service http://www.google.com/analytics/terms/us.html http://www.google.com/analytics/learn/privacy.html Privacy Trouble shooter http://support.google.com/bin/static.py?hl=en&ts=1291807&page=ts.cs Report a privacy concern http://www.google.com/contact/ Contact Google Analytics http://support.google.com/analytics/bin/request.py?hlrm=en&contact_type=contact_policy https://support.google.com/adwords/answer/8206?contact=1&rd=1 Report a security concern security@google.com http://www.google.com/security.html
  • 63. Discussion Questions  How much is your data worth?  Can you afford to drive traffic in the dark with no insight?  Is PII or sensitive data or urls being accidentally tracked?  When was the last time you audited your WA installation?  Are you capturing data that easily allows an individual to be “linked” or “re-identified” by Google (e.g. detailed demographic data example, or Netflix.com + IMDB.com example1 or example2)
  • 64. Related presentations & resources . CookieTAB virus screenshots https://www.dropbox.com/s/w0gprycb23ajguw/2011_03_18%20CookieTAB%20virus%20scr eenshots%20.pptx Effect of EU Cookie law on US businesses: https://www.dropbox.com/s/ces1m53mm7o4gmm/2012-10- 04%20GAUGE%20Boston%20- %20Effect%20of%20EU%20Cookie%20law%20on%20US%20organisations.pptx Recipe for a Cookie Law https://www.dropbox.com/s/l9n3gchusdv57bm/2011_03_18%20Recipe%20for%20a%20Co okie%20Law%20by%20Phil%20Pearce%20.pptx Cookie law Implementation Examples https://www.dropbox.com/s/7q8qfxesk44tpkc/Implimentation%20Examples%20by%20Phil %20Pearce%202012_03_18.pptx Cookie compliance Audit - Example.docx https://www.dropbox.com/s/idyrql6c1aniaw6/01%20UK%20Cookie%20compliance%20Audi t%20-%20Example.docx CookieLaw research in 90mb Dropbox: https://www.dropbox.com/s/uapu90d7rc2uxl1/2012_Cookie_Law_Resources_Folder_40mb _Download.zip
  • 65. Appendix External privacy feedback mechanisms: safeharbor.export.gov/companyinfo.aspx?id=16626 feedback-form.truste.com/watchdog/request?url=www.google.com www.bbb.org/sanjose/business-reviews/internet-services/google-in-mountain-view-ca- 214105/file-a-complaint www.networkadvertising.org/contact-support/report-problem/i-would-report-violation-of-nai- code-nai-member-company-2 www.snapsurveys.com/swh/surveylogin.asp?k=133707671186 [ICO.gov.uk form] addons.mozilla.org/en-US/firefox/addon/privacy-dashboard/ [W3C feedback mechanism] www.google.com/trends/explore?hl=en#cat=0-14-54-1281&geo=US&date=today%203- m&cmpt=q [user web searches in category of “privacy” per country] Security & Privacy prize of upto £13K offered by Google for detecting holes: www.google.com/about/appsecurity/reward-program/ blog.chromium.org/2012/08/announcing-pwnium-2.html Example XSS hole in GA found in 2008: derkeiler.com/Mailing-Lists/Full-Disclosure/2008- 12/msg00200.html Open Source feedback techniques fourthparty.info/data appanalysis.org/download.html Free to check cookie databases: www.cookielaw.org/cookie-search.aspx?domain=http://www.facebook.com www.cookiecert.com/cookies-for-facebook.com privacyscore.com/score_details/2a03b4fe8d9d4eb8b4fb0ccf356cbaaa/showcase