Data collection, that often starts with cookies and ends up with mountains of information, is increasingly becoming a topic of debate and discussion. The question that begs to be answered is - Is data good or bad? There is no debate that Data is needed to build great products. Google, Facebook, Stylight,Booking.com, etc. would not be able to offer their services unless they had tons of data. No company or product is an exception. The current modus-operandi is "collect-as-much-as-you-can". Then, breach of personal data like passport number, bank details, personal relationships, etc. are a side-effect of the data-collection practices that we have been following for years. We can no more ignore the questions - who owns the data - users or the organization? Whose responsibility is it to safeguard thus collected data from falling into the hands of unfavourable recipients? Can we change the way we collect data?
Data from users is needed to build great products. Google, Facebook even Doubleclick would not be able to offer their services unless they had tons of data. No company or product is an exception, the current industry modus-operandi is "collect-as-you-can" and it is bound to produce privacy side effects.
We would like to share an alternative approach based on client-side aggregation. This talk will showcase how it is perfectly possible to collect and anonymously send data without any user identifiers or PII for building data driven products like a browser with a fully integrated search engine (Cliqz), Anti-tracking, Anti-phishing etc. without risking or compromising the users privacy at any time.
Video : https://media.ccc.de/v/7ZQPWK
Google Analytics Konferenz 2018_Rock your Data - Aktiviere deine Daten_ Thoma...e-dialog GmbH
Kennst Du das auch? Du hast ein Trackingsystem auf Deiner Website und in Deiner App? Du hast vielleicht sogar Datenerfassung in Stores? Du hast also eine Unmenge an relevanten Daten aus denen es nun gilt, smarte Aktionen mit Mehrwert für Dein Unternehmen und Deine Kunden zu generieren?
In diesem Vortrag zeigen wir Dir, wie man mit Hilfe von Customer Journey und dem Einsatz von DMPs und CDPs Daten richtig erfasst und aktiviert, damit man aus diesen nicht nur Graphen sondern einen echten Uplift in ROI und Kundennutzen schafft. Praktische Beispiele und Use-Cases bringen wir natürlich mit.
Data Collection without Privacy Side EffectsJosep M. Pujol
Presented at WWW BIG 2016. Paper available at: http://josepmpujol.net/public/papers/big_green_tracker.pdf
Abstract: The standard approach to collect users’ activity data on the Web relies on server-side processing. This approach requires the presence of user-identifiers in order to aggregate data in sessions, which leads to tracking. Server-side aggregation is bound to produce side-effects because the scope of sessions cannot be safely limited to a particular use-case. We provide several examples of such side-effects.
To preserve privacy we propose an alternative approach based on client-side aggregation, where user-identifiers are not needed because sessions only exist on the client-side (i.e. the user’s browser). We demonstrate the feasibility of this approach by providing an implementation of a tracking agent – green-tracker – able to gather the data needed to power a service functionally equivalent to Google Analytics.
15 companies you should copy: business models visualised by @boardofinnoBoard of Innovation
Doorsteps is an online platform that guides home buyers through the house buying process. It provides step-by-step guidance in 6 phases, from initial hopes to closing. It connects buyers to real estate agents, lenders, and other service providers through a shared online workspace and profile. The platform aims to save buyers time, money, and stress through the home buying process.
The Road to Intelligent Authentication JourneysForgeRock
The pressure is on. You need to build a great customer login experience that is secure but doesn’t burden your customers with complicated password requirements. But wait, there’s more – you also need to personalize the login experience and provide metrics back to the business. Legacy authentication has you boxed in. What are you to do? Solutions like multi-factor authentication (MFA) are replacing traditional login methods but its limitations are often static and offer up inconsistent customer experiences, leading to abandonment. Organizations need an intelligent authentication approach that strikes a balance between usability, security, and customer choice. In this webcast you will learn what Intelligent Authentication is and how it enables you to: Easily configure, measure, and adjust login journeys using digital signals including device, contextual, behavioral, user choice, and risk-based factors Leverage user login analytics to increase user adoption rates, and improve the customer experience Automatically redirect suspicious users for further monitoring Quickly consume out-of-the-box authenticators, utilize existing authenticators, and integrate with cyber security solutions — all in one place
Identity Live Sydney: Intelligent Authentication ForgeRock
ForgeRock offers an intelligent authentication platform that enables relationships, access policies, and lifecycles across people, services, and things. It provides modern privacy and consent features, supports various compliance standards, and can run anywhere and scale to manage millions of relationships. The platform addresses challenges around siloed security solutions, outdated authentication methods, and inability to measure user interactions. It solves new use cases like giving users choice in authentication methods and varying login journeys based on context. The demo shows features like user choice, contextual personalization, responsive logins, and threat intelligence.
The future of FinTech product using pervasive Machine Learning automation - A...Shift Conference
Machine learning and automated decisions are reshaping businesses by automating processes, optimizing customer interactions, and efficiently measuring risk. The future of fintech relies on pervasive use of machine learning, but scaling ML applications is challenging due to the scarcity of data scientists and the complex ML process. Automated machine learning can address these issues by simplifying and accelerating the ML lifecycle, enabling a wider range of users to develop and deploy models at scale across all business functions.
My talk at CDO Vision on the tools needed to understand the places where your customers engage, and the techniques needed to move them forward in the buyers journey.
Data from users is needed to build great products. Google, Facebook even Doubleclick would not be able to offer their services unless they had tons of data. No company or product is an exception, the current industry modus-operandi is "collect-as-you-can" and it is bound to produce privacy side effects.
We would like to share an alternative approach based on client-side aggregation. This talk will showcase how it is perfectly possible to collect and anonymously send data without any user identifiers or PII for building data driven products like a browser with a fully integrated search engine (Cliqz), Anti-tracking, Anti-phishing etc. without risking or compromising the users privacy at any time.
Video : https://media.ccc.de/v/7ZQPWK
Google Analytics Konferenz 2018_Rock your Data - Aktiviere deine Daten_ Thoma...e-dialog GmbH
Kennst Du das auch? Du hast ein Trackingsystem auf Deiner Website und in Deiner App? Du hast vielleicht sogar Datenerfassung in Stores? Du hast also eine Unmenge an relevanten Daten aus denen es nun gilt, smarte Aktionen mit Mehrwert für Dein Unternehmen und Deine Kunden zu generieren?
In diesem Vortrag zeigen wir Dir, wie man mit Hilfe von Customer Journey und dem Einsatz von DMPs und CDPs Daten richtig erfasst und aktiviert, damit man aus diesen nicht nur Graphen sondern einen echten Uplift in ROI und Kundennutzen schafft. Praktische Beispiele und Use-Cases bringen wir natürlich mit.
Data Collection without Privacy Side EffectsJosep M. Pujol
Presented at WWW BIG 2016. Paper available at: http://josepmpujol.net/public/papers/big_green_tracker.pdf
Abstract: The standard approach to collect users’ activity data on the Web relies on server-side processing. This approach requires the presence of user-identifiers in order to aggregate data in sessions, which leads to tracking. Server-side aggregation is bound to produce side-effects because the scope of sessions cannot be safely limited to a particular use-case. We provide several examples of such side-effects.
To preserve privacy we propose an alternative approach based on client-side aggregation, where user-identifiers are not needed because sessions only exist on the client-side (i.e. the user’s browser). We demonstrate the feasibility of this approach by providing an implementation of a tracking agent – green-tracker – able to gather the data needed to power a service functionally equivalent to Google Analytics.
15 companies you should copy: business models visualised by @boardofinnoBoard of Innovation
Doorsteps is an online platform that guides home buyers through the house buying process. It provides step-by-step guidance in 6 phases, from initial hopes to closing. It connects buyers to real estate agents, lenders, and other service providers through a shared online workspace and profile. The platform aims to save buyers time, money, and stress through the home buying process.
The Road to Intelligent Authentication JourneysForgeRock
The pressure is on. You need to build a great customer login experience that is secure but doesn’t burden your customers with complicated password requirements. But wait, there’s more – you also need to personalize the login experience and provide metrics back to the business. Legacy authentication has you boxed in. What are you to do? Solutions like multi-factor authentication (MFA) are replacing traditional login methods but its limitations are often static and offer up inconsistent customer experiences, leading to abandonment. Organizations need an intelligent authentication approach that strikes a balance between usability, security, and customer choice. In this webcast you will learn what Intelligent Authentication is and how it enables you to: Easily configure, measure, and adjust login journeys using digital signals including device, contextual, behavioral, user choice, and risk-based factors Leverage user login analytics to increase user adoption rates, and improve the customer experience Automatically redirect suspicious users for further monitoring Quickly consume out-of-the-box authenticators, utilize existing authenticators, and integrate with cyber security solutions — all in one place
Identity Live Sydney: Intelligent Authentication ForgeRock
ForgeRock offers an intelligent authentication platform that enables relationships, access policies, and lifecycles across people, services, and things. It provides modern privacy and consent features, supports various compliance standards, and can run anywhere and scale to manage millions of relationships. The platform addresses challenges around siloed security solutions, outdated authentication methods, and inability to measure user interactions. It solves new use cases like giving users choice in authentication methods and varying login journeys based on context. The demo shows features like user choice, contextual personalization, responsive logins, and threat intelligence.
The future of FinTech product using pervasive Machine Learning automation - A...Shift Conference
Machine learning and automated decisions are reshaping businesses by automating processes, optimizing customer interactions, and efficiently measuring risk. The future of fintech relies on pervasive use of machine learning, but scaling ML applications is challenging due to the scarcity of data scientists and the complex ML process. Automated machine learning can address these issues by simplifying and accelerating the ML lifecycle, enabling a wider range of users to develop and deploy models at scale across all business functions.
My talk at CDO Vision on the tools needed to understand the places where your customers engage, and the techniques needed to move them forward in the buyers journey.
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...TigerGraph
Full Webinar: https://info.tigergraph.com/graph-gurus-34
During this webinar we:
-Examine how graph analytics can lower the total cost of fraud;
-Describe how graph analytics can improve credit card fraud detection;
-Explore the application of graph analytics to an anti-money laundering use case.
Data Natives meets DataRobot | "Build and deploy an anti-money laundering mo...Dataconomy Media
This document contains an agenda and presentation materials for a talk on building and deploying an anti-money laundering (AML) model using DataRobot. The agenda includes introductions to DataRobot and AML, an AML demo, a real AML use case example, and a question and answer section. The presentation materials provide background on DataRobot, including its history and products. It also gives an overview of money laundering and how AML works, both traditionally using rule-based systems and how machine learning can help by reducing false positives and improving efficiency. A case study shows how DataRobot has helped other organizations with AML use cases.
The document discusses Guardian Analytics, a company that provides a real-time digital banking fraud detection solution using behavioral machine learning. The solution detects fraud early by analyzing non-transactional user activities and assigning risk scores. This enables friction-right authentication that adds appropriate security based on risk without compromising user experience. The solution also allows fraud analysts to efficiently investigate cases and gain insights from an open fraud and anti-money laundering platform.
3D Hubs provides a platform for individuals to share their 3D printers and for others to find local 3D printing services. It focuses on trends like collaborative consumption, peer-to-peer sharing, and networking prosumers. 3D Hubs makes money by taking a 15% commission on every 3D print job booked through their platform.
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with FargateAmazon Web Services
Containers and other forms of dynamic infrastructure can prove challenging to monitor. How do you define “normal” when your infrastructure is intentionally in motion and changing every minute, or when there are no hosts to monitor at all? Join us as we share proven strategies for monitoring your containerized infrastructure on AWS, Amazon ECS, and AWS Fargate. This session is brought to you by AWS Partner, Datadog.
This document appears to be a presentation discussing online privacy and tracking. It provides an overview of how companies track users across different websites and devices, the scale of tracking by major companies, and challenges regarding user awareness and regulation. The presentation concludes that while protecting devices is important, the priority now is protecting user privacy and ensuring meaningful consent and control over personal data and online tracking.
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
ForgeRock offers an intelligent authentication platform that enables relationships, access policies, and lifecycles across people, services, and things. It provides modern privacy and consent features, runs anywhere, and scales to manage millions of relationships. The platform addresses challenges like siloed security solutions and outdated authentication methods. It also helps meet compliance demands and solves new use cases like giving users choice in authentication methods and varying login journeys based on context. ForgeRock demonstrates features like user choice, contextual personalization, and threat intelligence detection. It integrates with partners and offers business values such as future-proofing, security unification, and customer insights.
The document discusses designing a blueprint for data-driven customer experiences. It recommends creating a single customer view by using a customer data platform to integrate all customer data sources. It also recommends using identity resolution to recognize customers from anonymous to known individuals while respecting privacy. Finally, it recommends delivering real-time personalized experiences across channels using data-driven insights.
Protect Your Revenue Streams: Big Data & Analytics in TaxCapgemini
The game has changed since the onset of the financial crisis. Governments aiming to reduce budget deficits can only deliver so much through spending cuts. It is now even more vital that tax agencies ensure individuals and businesses pay the tax they owe, and that welfare fraud and error are minimised. Pretty will explain how he helps tax and welfare agencies tackle noncompliance, evasion and error. He will share client stories where billions of euros were saved, generating a return of at least 25 times the original investment.
By Ian Pretty,
Vice President, Global Tax & Welfare Leader
Neo4j GraphTalk Copenhagen - Next Generation Solutions using Neo4j Neo4j
This document discusses how Neo4j can be used to build next generation solutions. It begins by discussing how Neo4j enables graph-based solutions that provide agility, intuitiveness, and high performance for connected data scenarios. It then provides examples of using Neo4j for fraud detection and recommendation engines. For fraud detection, it explains how Neo4j allows for connected analysis across channels to detect complex fraud patterns that traditional discrete analysis cannot. It also discusses how Neo4j fits into environments and provides an example fraud solution architecture. Finally, it summarizes the benefits Neo4j provides for building powerful recommendation engines.
The new Google Analytics 4 will become the new standard in digital analytics with Universal Google Analytics sunsetting July 2023. GA4 can automatically alert you to significant trends in your data, provide insights from your data, and even help you anticipate future actions your customers may take with predictive analytics. By the end of this presentation, attendees will create better integrations with their current marketing platforms for a more complete cross-channel analytics view of a customer journey. The presentation will cover technical GA4 skills to utilize for data import audiences, funnel explorations, events and conversions, and consent mode.
Detecting Fraud and AML Violations In Real-Time for Banking, Telecom and eCom...TigerGraph
FULL WEBINAR: https://info.tigergraph.com/graph-gurus-3
This presentation is an overview of how to minimize fraud with TigerGraph. TigeGraph:
- Enables faster detection of fraud using deep link analytics.
- Modernizes your AML process with case studies across multiple industries.
- Helps you get fewer false positives in your fraud detection workflow.
TigerGraph is addressing these challenges for some of the largest corporations in the world including Alipay, Visa, Uber, China Mobile and SoftBank.
How to Apply Machine Learning with R, H20, Apache Spark MLlib or PMML to Real...Kai Wähner
This document provides an overview of how to apply big data analytics and machine learning to real-time processing. It discusses machine learning and big data analytics to analyze historical data and build models. These models can then be used in real-time processing without needing to be rebuilt, to take automated actions based on incoming data. The agenda includes sections on machine learning, analysis of historical data, real-time processing, and a live demo.
Presentation held at the Marketo User Group in The Netherlands on February 10th 2015.
Contents showcase how to track Marketo form fills into Google Analytics using Google Tag Manager and Google URL Builder.
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceCloudera, Inc.
Though the majority of organisations will spend plenty of time preparing for GDPR, it’s crucial they consider actually living the regulation. May 2018 is not the end of the need for compliance, it is the beginning. With preparation putting in the foundation for a data subject hub, organisations now need to focus on efficiency in fulfilling the data subject access rights. In this session, we will go into what it means to live GDPR compliance with topics like self service and what it needs to be secure be design.
Presentations from Criteo Labs’ Infrastructure team with a guest speakers from Yandex.
• FastTrack: scaling customer integration
• Evolution of data structures in Yandex.Metrica
• Don't take your software for granted
• Evolution of analytics at Criteo
All ecommerce websites must be PCI compliant, even if they don't handle payment card data.
Learn how data breaches can impact your business, and how to prevent a compromise.
We briefly cover the 12 requirements of PCI compliance and what your responsibilities are if your site is abused for identity theft and fraud.
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...TigerGraph
Full Webinar: https://info.tigergraph.com/graph-gurus-34
During this webinar we:
-Examine how graph analytics can lower the total cost of fraud;
-Describe how graph analytics can improve credit card fraud detection;
-Explore the application of graph analytics to an anti-money laundering use case.
Data Natives meets DataRobot | "Build and deploy an anti-money laundering mo...Dataconomy Media
This document contains an agenda and presentation materials for a talk on building and deploying an anti-money laundering (AML) model using DataRobot. The agenda includes introductions to DataRobot and AML, an AML demo, a real AML use case example, and a question and answer section. The presentation materials provide background on DataRobot, including its history and products. It also gives an overview of money laundering and how AML works, both traditionally using rule-based systems and how machine learning can help by reducing false positives and improving efficiency. A case study shows how DataRobot has helped other organizations with AML use cases.
The document discusses Guardian Analytics, a company that provides a real-time digital banking fraud detection solution using behavioral machine learning. The solution detects fraud early by analyzing non-transactional user activities and assigning risk scores. This enables friction-right authentication that adds appropriate security based on risk without compromising user experience. The solution also allows fraud analysts to efficiently investigate cases and gain insights from an open fraud and anti-money laundering platform.
3D Hubs provides a platform for individuals to share their 3D printers and for others to find local 3D printing services. It focuses on trends like collaborative consumption, peer-to-peer sharing, and networking prosumers. 3D Hubs makes money by taking a 15% commission on every 3D print job booked through their platform.
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with FargateAmazon Web Services
Containers and other forms of dynamic infrastructure can prove challenging to monitor. How do you define “normal” when your infrastructure is intentionally in motion and changing every minute, or when there are no hosts to monitor at all? Join us as we share proven strategies for monitoring your containerized infrastructure on AWS, Amazon ECS, and AWS Fargate. This session is brought to you by AWS Partner, Datadog.
This document appears to be a presentation discussing online privacy and tracking. It provides an overview of how companies track users across different websites and devices, the scale of tracking by major companies, and challenges regarding user awareness and regulation. The presentation concludes that while protecting devices is important, the priority now is protecting user privacy and ensuring meaningful consent and control over personal data and online tracking.
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
ForgeRock offers an intelligent authentication platform that enables relationships, access policies, and lifecycles across people, services, and things. It provides modern privacy and consent features, runs anywhere, and scales to manage millions of relationships. The platform addresses challenges like siloed security solutions and outdated authentication methods. It also helps meet compliance demands and solves new use cases like giving users choice in authentication methods and varying login journeys based on context. ForgeRock demonstrates features like user choice, contextual personalization, and threat intelligence detection. It integrates with partners and offers business values such as future-proofing, security unification, and customer insights.
The document discusses designing a blueprint for data-driven customer experiences. It recommends creating a single customer view by using a customer data platform to integrate all customer data sources. It also recommends using identity resolution to recognize customers from anonymous to known individuals while respecting privacy. Finally, it recommends delivering real-time personalized experiences across channels using data-driven insights.
Protect Your Revenue Streams: Big Data & Analytics in TaxCapgemini
The game has changed since the onset of the financial crisis. Governments aiming to reduce budget deficits can only deliver so much through spending cuts. It is now even more vital that tax agencies ensure individuals and businesses pay the tax they owe, and that welfare fraud and error are minimised. Pretty will explain how he helps tax and welfare agencies tackle noncompliance, evasion and error. He will share client stories where billions of euros were saved, generating a return of at least 25 times the original investment.
By Ian Pretty,
Vice President, Global Tax & Welfare Leader
Neo4j GraphTalk Copenhagen - Next Generation Solutions using Neo4j Neo4j
This document discusses how Neo4j can be used to build next generation solutions. It begins by discussing how Neo4j enables graph-based solutions that provide agility, intuitiveness, and high performance for connected data scenarios. It then provides examples of using Neo4j for fraud detection and recommendation engines. For fraud detection, it explains how Neo4j allows for connected analysis across channels to detect complex fraud patterns that traditional discrete analysis cannot. It also discusses how Neo4j fits into environments and provides an example fraud solution architecture. Finally, it summarizes the benefits Neo4j provides for building powerful recommendation engines.
The new Google Analytics 4 will become the new standard in digital analytics with Universal Google Analytics sunsetting July 2023. GA4 can automatically alert you to significant trends in your data, provide insights from your data, and even help you anticipate future actions your customers may take with predictive analytics. By the end of this presentation, attendees will create better integrations with their current marketing platforms for a more complete cross-channel analytics view of a customer journey. The presentation will cover technical GA4 skills to utilize for data import audiences, funnel explorations, events and conversions, and consent mode.
Detecting Fraud and AML Violations In Real-Time for Banking, Telecom and eCom...TigerGraph
FULL WEBINAR: https://info.tigergraph.com/graph-gurus-3
This presentation is an overview of how to minimize fraud with TigerGraph. TigeGraph:
- Enables faster detection of fraud using deep link analytics.
- Modernizes your AML process with case studies across multiple industries.
- Helps you get fewer false positives in your fraud detection workflow.
TigerGraph is addressing these challenges for some of the largest corporations in the world including Alipay, Visa, Uber, China Mobile and SoftBank.
How to Apply Machine Learning with R, H20, Apache Spark MLlib or PMML to Real...Kai Wähner
This document provides an overview of how to apply big data analytics and machine learning to real-time processing. It discusses machine learning and big data analytics to analyze historical data and build models. These models can then be used in real-time processing without needing to be rebuilt, to take automated actions based on incoming data. The agenda includes sections on machine learning, analysis of historical data, real-time processing, and a live demo.
Presentation held at the Marketo User Group in The Netherlands on February 10th 2015.
Contents showcase how to track Marketo form fills into Google Analytics using Google Tag Manager and Google URL Builder.
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceCloudera, Inc.
Though the majority of organisations will spend plenty of time preparing for GDPR, it’s crucial they consider actually living the regulation. May 2018 is not the end of the need for compliance, it is the beginning. With preparation putting in the foundation for a data subject hub, organisations now need to focus on efficiency in fulfilling the data subject access rights. In this session, we will go into what it means to live GDPR compliance with topics like self service and what it needs to be secure be design.
Presentations from Criteo Labs’ Infrastructure team with a guest speakers from Yandex.
• FastTrack: scaling customer integration
• Evolution of data structures in Yandex.Metrica
• Don't take your software for granted
• Evolution of analytics at Criteo
All ecommerce websites must be PCI compliant, even if they don't handle payment card data.
Learn how data breaches can impact your business, and how to prevent a compromise.
We briefly cover the 12 requirements of PCI compliance and what your responsibilities are if your site is abused for identity theft and fraud.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
16. Case of unintentional tracking
• Google Analytics (GA) is massive,
present on more than 44% of all page
loads.
• GA does not offer any service (public)
that requires to build a session with all
user’s activity.
• GA actually cares a lot about privacy:
- Ephemeral UIDs
- Sanitization of URLs
• Try this at home:
- https://github.com/cliqz-oss/local-sheriff
Corporates malicious behaviour: Intent or Accident DAHO.AM 2018
17. Case of unintentional tracking
Corporates malicious behaviour: Intent or Accident
spiegel.de 18:49:10 [91.5.xx.xx, 1440x736]
DAHO.AM 2018
18. Case of unintentional tracking
Corporates malicious behaviour: Intent or Accident
https://www.foodora.de/en/restauran
ts/lat/4…/lng/1…/plz/8…/city/M…/add
ress/..stra/hno
18:51:00 [91.5.xx.xx, 1440x736]
Geo coordinates Street name / PIN
Street name / PIN
DAHO.AM 2018
19. Case of unintentional tracking
Corporates malicious behaviour: Intent or Accident
https://secure.booking.com/m
y-reservations/../../
18:54:00 [91.5.xx.xx, 1440x736]
Booking number
Price
Private window
DAHO.AM 2018
20. Case of unintentional tracking
Corporates malicious behaviour: Intent or Accident
https://imgur.com/gallery/hc7otmu 18:54:00 [91.5.xx.xx, 1440x736]
DAHO.AM 2018
21. Case of unintentional tracking
Corporates malicious behaviour: Intent or Accident
analytics.twitter.com/user/konarkmodi/
home
18:58:00 [91.5.xx.xx, 1440x736]
DAHO.AM 2018
22. Case of unintentional tracking
Corporates malicious behaviour: Intent or Accident
https://emirates.com/sessionH
andler.aspx/…..
18:59:00 [91.5.xx.xx, 1440x736]
DAHO.AM 2018
29. Points to note
• This data collection pattern relies on server-side
aggregation per user.
• For that the records need to be linked on the backend.
• For records to be linked, client needs to attach an ID.
• This method is bound to produce privacy side-
effects.
DAHO.AM 2018
30. Points to note
• This data collection pattern relies on server-side
aggregation per user.
• For that the records need to be linked on the backend.
• For records to be linked, client needs to attach an ID.
• This method is bound to produce privacy side-
effects.
DAHO.AM 2018
31. Points to note
• This data collection pattern relies on server-side
aggregation per user.
• For that the records need to be linked on the backend.
• For records to be linked, client needs to attach an ID.
• This method is bound to produce privacy side-
effects.
DAHO.AM 2018
32. Points to note
• This data collection pattern relies on server-side
aggregation per user.
• For that the records need to be linked on the backend.
• For records to be linked, client needs to attach an ID.
• This method is bound to produce privacy side-
effects.
DAHO.AM 2018
33. Points to note
• This data collection pattern relies on server-side
aggregation per user.
• For that the records need to be linked on the backend.
• For records to be linked, client needs to attach an ID.
• The data can be used for purposes other than
counting, like profiling, re-targeting.
DAHO.AM 2018
34. Case of unintentional tracking
Corporates malicious behaviour: Intent or Accident
URL TS UID
spiegel.de 09:49:10 3rd Party cookie
www.foodora.de/en/restaurants/lat/4…/lng/1…/plz/8
…/city/M…/address/..stra/hno
18:51:00 3rd Party cookie
twitter.com/mrmcd2017 18:54:00 3rd Party cookie
secure.booking.com/my-reservations/../../ 18:54:00 3rd Party cookie
imgur.com/gallery/hc7otmu 18:54:00 3rd Party cookie
analytics.twitter.com/user/konarkmodi/home 18:58:00 3rd Party cookie
emirates.com/sessionHandler.aspx/….. 18:59:00 3rd Party cookie
DAHO.AM 2018
38. Example : Counting Unique visitors
• 4 people visited spiegel.de/xyz?
• 1 person visited spiegel.de/xyz visted
4 times?
• How can it be resolved?
Corporates malicious behaviour: Intent or Accident
URL TS IP
Spiegel.de/xyz 09:48:40 82.143.2.X
Spiegel.de/xyz 09:48:42 137.9.10.X
Spiegel.de/xyz 09:48:59 137.9.10.X
Spiegel.de/xyz 09:49:12 137.9.10.X
DAHO.AM 2018
39. Example : Counting Unique visitors
• 4 people visited spiegel.de/xyz?
• 1 person visited spiegel.de/xyz visited
4 times?
• How can it be resolved?
Corporates malicious behaviour: Intent or Accident
URL TS IP
Spiegel.de/xyz 09:48:40 82.143.2.X
Spiegel.de/xyz 09:48:42 137.9.10.X
Spiegel.de/xyz 09:48:59 137.9.10.X
Spiegel.de/xyz 09:49:12 137.9.10.X
• Identifying which records come from
the same person to avoid over-
counting.
• A UID is needed
• 4 visits, 3 unique visitors
URL TS IP
Spiegel.de/xyz 09:48:40 [82.143.2.X,
1320x910]
Spiegel.de/xyz 09:48:42 [137.9.10.X,
1266x809]
Spiegel.de/xyz 09:48:59 [137.9.10.X,
940x645]
Spiegel.de/xyz 09:49:12 [137.9.10.X,
940x645]
DAHO.AM 2018
40. Example : Counting Unique visitors
• 4 people visited spiegel.de/xyz?
• 1 person visited spiegel.de/xyz visted
4 times?
• How can it be resolved?
Corporates malicious behaviour: Intent or Accident
Spiegel.de/xyz 09:48:40 82.143.2.X
Spiegel.de/xyz 09:48:42 137.9.10.X
Spiegel.de/xyz 09:48:59 137.9.10.X
Spiegel.de/xyz 09:49:12 137.9.10.X
• Identifying which records come from
the same person to avoid over-
counting.
• A UID is needed
• 4 visits, 3 unique visitors
Spiegel.de/xyz 09:48:40 [82.143.2.X,
1320x910]
Spiegel.de/xyz 09:48:42 [137.9.10.X,
1266x809]
Spiegel.de/xyz 09:48:59 [137.9.10.X,
940x645]
Spiegel.de/xyz 09:49:12 [137.9.10.X,
940x645]
DAHO.AM 2018
41. What can we as technologists, developers, hackers
do ?
DAHO.AM 2018
43. Since server side aggregation per user is the root of the problem,
we should move aggregation per user to the client’s side –
user’s browser
DAHO.AM 2018
44. Green tracker
• Modern browsers have the ability to keep state via HTML5 LocalStorage.
• Looks pretty familiar, but is slightly different:
• LocalStorage belongs to green-tracker.fbt.co (the collector backend)
• Respects CORS
• IFRAME is sandboxed (no access to Document)
• Explicit control from site-owner (postMessage)
• Explicit control from user (messages and state can be removed and inspect at will)
DAHO.AM 2018
45. Server-side Aggregation – Google
Analytics
Spiegel.de/xyz Spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
46. Server-side Aggregation – Google
Analytics
spiegel.de/xyz Spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
3rd party
tracking
script
3rd party
tracking
script
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
47. Server-side Aggregation – Google
Analytics
spiegel.de/xyz spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
3rd party
tracking
script
3rd party
tracking
script
spiegel.de/xyz [137.9.10.X, 940x645]
state = []
visit
spiegel.de/xyz unique-visit
spiegel.de/xyz
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
48. Server-side Aggregation – Google
Analytics
spiegel.de/xyz spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
3rd party
tracking
script
3rd party
tracking
script
spiegel.de/xyz [137.9.10.X, 940x645]
state = []
visit
spiegel.de/xyz unique-visit
spiegel.de/xyz
state = [
H(spiegel.de/xyz, unique-
visit, timestamp)]
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
49. Server-side Aggregation – Google
Analytics
spiegel.de/xyz spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
3rd party
tracking
script
3rd party
tracking
script
state = []
state = [
H(spiegel.de/xyz, unique-
visit, timestamp)]
spiegel.de/xyz [137.9.10.X, 940x645] visitspiegel.de/xyz
spiegel.de/xyz unique-visit
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
50. Server-side Aggregation – Google
Analytics
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
spiegel.de/xyz [137.9.10.X, 940x645] visitspiegel.de/xyz
spiegel.de/xyz unique-visit
Count
Uniques
Count
Uniques
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
51. Server-side Aggregation – Google
Analytics
spiegel.de/xyz spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
spiegel.de/xyz [137.9.10.X, 940x645] visitspiegel.de/xyz
spiegel.de/xyz unique-visit
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
52. Server-side Aggregation – Google
Analytics
spiegel.de/xyz spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
3rd party
tracking
script
3rd party
tracking
script
spiegel.de/xyz [137.9.10.X, 940x645] visitspiegel.de/xyz
spiegel.de/xyz unique-visit
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
53. Server-side Aggregation – Google
Analytics
spiegel.de/xyz spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
3rd party
tracking
script
3rd party
tracking
script
state = []
state = [
H(spiegel.de/xyz, unique-
visit, timestamp)]
spiegel.de/xyz [137.9.10.X, 940x645] visitspiegel.de/xyz
spiegel.de/xyz unique-visit
spiegel.de/xyz [137.9.10.X, 940x645]
visit
spiegel.de/xyz unique-visit
spiegel.de/xyz
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
54. Server-side Aggregation – Google
Analytics
spiegel.de/xyz spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
3rd party
tracking
script
3rd party
tracking
script
state = []
state = [
H(spiegel.de/xyz, unique-
visit, timestamp)]
spiegel.de/xyz [137.9.10.X, 940x645] visitspiegel.de/xyz
spiegel.de/xyz unique-visitspiegel.de/xyz [137.9.10.X, 940x645]
visitspiegel.de/xyz
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
55. Server-side Aggregation – Google
Analytics
spiegel.de/xyz spiegel.de/xyz
GA Backend CGT Backend
Client-side Aggregation –
CLIQZ Green Tracker
Browser Browser
3rd party
tracking
script
3rd party
tracking
script
state = []
state = [
H(spiegel.de/xyz, unique-
visit, timestamp)]
spiegel.de/xyz [137.9.10.X, 940x645] visitspiegel.de/xyz
spiegel.de/xyz unique-visitspiegel.de/xyz [137.9.10.X, 940x645]
visitspiegel.de/xyzCount
Uniques
Count
Uniques
GREEN TRACKER: COUNTING UNIQUE VISITORS
Collecting data in a socially responsible manner DAHO.AM 2018
56. Beyond counting unique visitors
https://github.com/cliqz-oss/green-analytics
*Cliqz has no plans to become an analytics
service, this approach is to demonstrate a
responsible way to doing data collection, so
feel free to fork, play and may become the
next clean, green GA.
DAHO.AM 2018
58. " I always knew what the right path was,
but I never took it. You know why? Because it
was too damn hard." – Colonel Slade
“I always knew what
the right path was,
but I never took it.
You know why?
Because it
was too damn hard."
- Colonel Slade
59. Thank you for listening.
Konark Modi, Tech lead
@konarkmodi
konark@cliqz.com