I am trying to make web tracking referral system, i learn a many ways to do that, such as cookies, web beacon, and web fingerprinting, but i don't find satisfying answer about difference of cookies and web beacon. So what is the difference between web beacon and cookies?
Web beacons, which are also known as clear GIFs, Web bugs or pixel
tags, are often used in combination with cookies. They are images
(often transparent) that are part of Web pages. At Monster, Web
beacons allow us to count users who have visited certain pages and to
generate statistics about how our site is used. They are not used to
access personally identifiable information.
Unlike cookies, you cannot decline Web beacons. However, setting your
browser to decline cookies or to prompt you for a response will keep
Web beacons from tracking your activity.
Check this link: What You Need to Know About Cookies and Web Beacons.
Your question is so general. I suggest you check these link and then go for more ask more specific questions if you has some:
Cookies and Web Beacons
Cookie & Web Beacon Policy
COOKIES, WEB BEACONS AND OTHER TECHNOLOGIES
5 Things You Need to Know About Beacon Technology
Related
Per the original proposal, regarding "Prefer Secure Origins For Powerful New Features"
“Particularly powerful” would mean things like: features that handle personally-identifiable information, features that handle high-value information like credentials or payment instruments, features that provide the origin with control over the UA's trustworthy/native UI, access to sensors on the user's device, or generally any feature that we would provide a user-settable permission or privilege to. Please discuss!
“Particularly powerful” would not mean things like: new rendering and layout features, CSS selectors, innocuous JavaScript APIs like showModalDialog, or the like. I expect that the majority of new work in HTML5 fits in this category. Please discuss!
Yet for some reason service workers have been thrown into the first category. Is there any canonical reason for why this happened?
Jake Archibald from Google in official Service Workers draft spec sandbox,
later cited by Matt Gaunt from HTML5rocks states that
Using service worker you can hijack connections, fabricate, and filter responses. Powerful stuff. While you would use these powers for good, a man-in-the-middle might not. To avoid this, you can only register for service workers on pages served over HTTPS, so we know the service worker the browser receives hasn't been tampered with during its journey through the network.
To me this applies to ServiceWorker:
features that handle personally-identifiable information, features that handle high-value information like credentials or payment instruments
Being basically a proxy between the page and the server a ServiceWorker can easily intercept, read and potentially store each information contained into each request and response travelling from the origin, included personally identifiable information and passwords.
I can't figure out what is difference between MessageChannel and WebSockets?
I need following requirements:
minimize delay
full-duplex
minimum header data length
Are both fullfil this requirements? Which is better?
HTML5 Web Messaging API can be used to communicate between independend pieces of code loaded in the browser (specification calls them "browsing contexts"). For example, if your page contains an <iframe>, and you want to securely communicate between it and the outside code, you might use Web Messaging. Consider this explanation from the Opera dev portal:
Channel messaging is particularly useful for communication across
multiple origins. Consider the following scenario. We have a document
at http://socialsite.example containing content from
http://games.example embedded in one iframe, and content from
http://addressbook.example in another.
Now let’s say that we want to
send a message from our address book site to our games site. We could
use the social site as a proxy. That, however, means the address book
gains the same level of trust as the social site. Our social site
either has to trust every request, or filter them for us.
With channel
messaging, however, http://addressbook.example and
http://games.example can communicate directly.
Web Sockets API can be used to communicate between code loaded in the browser and the server. So it serves a completely different purpose. Since you're mentioning the requirement of low latency and "full-duplex" I assume you mean client-server communication, and so you're looking for a web sockets.
Would it be possible to store cookies in something like a google account when browsing using google chrome(just an example)? Wouldn't this make some aspects of searching the web much safer? Why are we still storing cookies on the device?
The article on HTTP cookies contains useful information on their role/purpose in HTTP.
A cookie .. is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity. Cookies were designed to be a reliable mechanism for websites to remember stateful information [between otherwise stateless HTTP requests] ..
In particular, cookies are only/primarily useful as they are because they are stored on the device and because they are sent with the appropriate requests. Thus the entire concept of "storing cookies on the cloud" is unrelated to the primary benefit/use of cookies in the first place!
However, cookies are generally to be considered insecure and should not be used to store sensitive information - this is why cookies are often coupled with sessions and other server-side data access mechanisms which [securely] store information on the server.
We have a media buy with Pandora. For mobile users,(once clicked on banner), they are directed to our site inside of the pandora app. There app does not accept GA cookies. Does anyone have any work arounds for tracking 3rd party in-app visitors? We are currently using UTM urls for inbound clicks, so we see initial "land", but nothing more than that.
We are considering creating a duplicate of our site and dedicate it to pandora visitors. This will give us aggregate numbers, but not sessions.
Thanks,
Udi
Mobile applications such as Pandora, Facebook, Twitter etc do not pass referrer information.
There are many articles around this if you search on Google, such as: http://searchengineland.com/rip-referrer-data-how-mobile-apps-can-kill-your-mobile-metrics-79982
All visitors from mobile applications will appear in the 'Direct' section of GA.
As you mention, the use of unique UTM click url will at the very least allow you to see where the user has come from.
Be aware of the discrepancies you will see between click 'redirects' from an accredited ad server such as DFP and GA 'visits' two very different methodologies.
Today I noticed that in the Chrome web store dashboard, under my extension's settings there is a check-box labeled "Ads Behavior", and whose description is "This extension injects ads into some third-party websites.".
My questions are:
Can an ad-supported extension inject advertisements in a page visited by the user?
If so, what is an acceptable policy?
Can the extension replace existing advertisements (even though that seems to me kind of unethical/stealing) or must it only create new ones?
Is it possible to use any ads network or must it be adsense?
Thanks
Is it possible to use any ads network or must it be adsense?
Actually it can't be AdSense. It's specifically mentionned in their program policies:
Currently, we don't permit Google ads or AdSense for search boxes to be distributed through software applications, including but not limited to, toolbars, browser extensions and desktop applications.
I wonder if any ad provider allows such a thing.
Can an ad-supported extension inject advertisements in a page visited by the user?
The fact the checkbox exists suggests it's acceptable as long as you declare it, so users are aware of it.
If so, what is an acceptable policy?
I would argue anything that makes it clear to users what you're doing and follows the terms of the ad network.
Can the extension replace existing advertisements (even though that seems to me kind of unethical/stealing) or must it only create new ones?
Agree it's unethical, most content and apps out there cost money and it deprives publishers. But as with a lot of extensions, it's seen by the browser as the user's choice. That's basically how the web works - users have control over the client. The most popular extensions for browsers are ad blockers, so I doubt the Chrome team would ban an extension that swapped ads. Please do consider the website owners though. Adding ads is at least better than replacing them.
Is it possible to use any ads network or must it be adsense?
Any, I'm fairly sure. Google wants Chrome to be seen as generally independent from its services. You'll even see Google's various competitors promoted in the Chrome Web Store at times for that reason.
*However*, there's a big caveat here. It's very possible this kind of ad injection is forbidden by the ad network in question. It's certainly the case with many affiliate links, that you can't just inject your own, or swap in your own, link. The argument is the user was already going to click on it anyway. So if you're injecting ads, the biggest constraint is going to be your ad provider, not Chrome.
I too had concerns about this, specifically a Chrome app extension called Bookmark Sentry as while it does do a great job of managing your bookmarks, it also injects itself and intercepts advertisements replacing it with it's own affiliate network.
Specifically in viewing the source code it appeared to contain a 'whitelist' and 'blacklist' of sites to intercept advertising while navigating. The user is given the choice to opt-out of advertising in settings but it is poorly explained as 'marketing' with no explanation as to what it is doing.
I raised concerns to Google Chrome through flagging of abuse. Through a contact I was informed however that:
"Ad injections are not in violation of the Chrome Web Store program policies. The policy requires that ads must be presented in the context of the extension or, when present within another page, ads must be outside the page's normal flow and clearly state which extension they are bundled with. We believe that ads are a legitimate way to monetize, but that they should be a known cost to the extension user."
So in this particular case at least, Google viewed it as acceptable, curiously both Kaspersky Labs and Microsoft Security Essentials reported this immediately to me as malware and removed the Extension.