How Presidential Candidates Track You & Their Digital Advertising Partnerships

Motivation

TLDR; Kamala Harris’ site (33 trackers and advertising partners) tracks everything it possibly can and syncs it with the major social media sites and works with major advertising companies . Joe Biden’s site (14 trackers and advertisers) is much less intrusive but still syncs with a couple social media platforms and has the standard advertising partners including Outbrain…Lastly, Elizabeth Warren’s site (24 trackers and advertisers)is just as intrusive as Kamala’s site, if not even more!

Kamala Harris

Detailed Analysis

  1. Twitter: Relaying analytics to analytics.twitter.com, probably trying to do a user sync. Also using static.ads-twitter.com to fire iframe pixel, oct.js.
  2. Snapchat: Syncing with TapAd, SkimResources, AdSrvr.org, RLCdn.com
  3. ATDMT: Tracking cookie served by Facebook subsidiary Atlas Solutions
  4. AddThis: Simple widget to share content to social media platforms. Guess what? They track you too! No surprise there.
  5. DoubleClick (Google): World’s largest digital advertising service
  6. Y-IMG (Yahoo): Yahoo’s tracking pixel that does a TON of stuff. Check out the code here: https://s.yimg.com/wi/ytc.js
  7. Reddit: Fires tracking pixel from redditstatic.com/ads. You can checkout the code here. https://www.redditstatic.com/ads/pixel.js. Also fire a .gif tracker to count Page Visit events.
  8. AppNexus: A bit strange how they are involved. AppNexus pixel is introduced into the site through RhythmOne’s rp.gwallet.com loaded iframe.
  9. Yahoo: In addition to firing the yimg.com pixel, data is pushed to analytics.yahoo.com to capture event data most likely. Also the ads.yahoo.com redirects to rp.gwallet.com/r1 where gwallet sets a cookie without a same-site restriction.
  10. SC-Static (Snapchat): I encourage you to checkout this tracking script because it’s quite blatantly verbose in what information they sync, including IP ADDRESS, PAYMENT INFORMATION, ZIP CODE, LAT/LON, DEVICE, etc. Check out all the parameters they capture here.
    NOTE: I did a thorough test to see what data the sc-static pixel is actually sending and it only sends a SHA256 hash of information. It fires when the user submits the donation form. It’s not be nefarious, just greedy.
  11. MediaIQDigital: AppNexus fires this request to mediaiqdigital. They specialize in a variety of things
  12. Tapad: Takes the tr.snapchat.com pixel information and tries to sync the user with The Trade Desk by relaying the `ttd_puid` Partner ID to adsrvr.match.org.
  13. AdSrvr (The Trade Desk): This is The Trade Desks user matching tracking request. Mentioned above, it’s trying to identify the user. This was introduced due to the connection to Snapchat.
  14. LinkedIn: Fires both a tracking and advertising pixel. It fires a user sync.
  15. GWallet (RhythmOne) : This is certainly the most interesting pixel on the page. GWallet renders an iframe which makes requests out to all the advertising parties: DoubleClick, OpenX, Yahoo, Rubicon, AppNexus, GWallet Pixels.
  16. ScorecardSearch (Comscore Inc): “Uses a combination of web tags and cookies to help websites count users who have visited and seen a page or various parts of a page”
  17. Univide: Fires a .gif tracker which then loads another AddThis .gif tracker. Hard to say what they’re doing exactly.
    https://p.univide.com/t.gifhttps://cw.addthis.com/t.gif
  18. Bluekai (Oracle): A DMP (Data Management Platform) that centrally organizes a company’s customer and audience data in the cloud. Bluekai runs the world’s largest 3rd party data marketplace to augment a customer’s proprietary data with actionable information on more than 700 million profiles.
  19. Demdex (Adobe) — Captures behavioral data on behalf of websites and advertisers and stores it in a “behavioral data bank.”
  20. OpenXhttps://us-u.openx.net/w/1.0/sd?id=537072983&val=%3C!--
  21. Rubicon: This PHP pixel is loaded from GWallet. Can’t really tell what it is doing, but I assume it’s just doing a user sync like the many of the other pixels. Rubicon is a well known advertising tech company, currently quite dominant in header-bidding technology.
  22. Sync 1RX (RhythmOne): Like most of the of the other fired pixels, the sync.1rx.io pixel does a user sync to first try and identify the user so they can better target you for ads.
  23. amplifypixel.outbrain.com // Saw this once but could not reproduce

High Level Summary

  • 2 Essential Trackers: Typekit by Adobe, Google Tag Manager
  • 6 Site Analytics Trackers: Google Analytics, LinkedIn Analytics, Hotjar, Yahoo Analytics, Twitter Analytics, ScoreCard Research Beacon
  • 2 Social Media Trackers: Facebook Connect, Po.st

Joe Biden

Detailed Analysis

  1. Facebook Events: Pretty much the same as Google Analytics tracker, except they additionally will try to associate to some known Facebook user.
  2. Outbrain Pixel: So my own biased opinion on Outbrain is not very positive. From what I can tell they bloat their numbers and stats with nifty JavaScript tricks. Besides that, this pixel is similar to the other analytics pixels in identifying a bunch of characteristics about the client (device, location, etc).
  3. NewRelic: This tag is pretty redundant given the Google Analytics and Facebook pixel. Tracks basic characteristics about the user. NewRelic has a stronger focus on security though.
  4. Google Dynamic Remarketing: This fires so Google can try build a target for the user. It’s how they show ads tailored to your site visitors.
  5. DoubleClick (Google): World’s largest digital advertising service
  6. Facebook Custom Audience (FAN): Facebook Audience Network is large and somewhat notorious ad network due to their composition of questionable publishers, especially the Android Apps that suck billions of untraceable impressions. Anyways, this pixel is typically in charge of initiating a bidding event and eventually display a targeted advertisement.
  7. Google Adwords: This indicates that Biden’s people are doing some type of paid ad search with Google, then fire the pixel to determine attribution. (Not exactly100% about the paid search part. Thoughts?)

High Level Summary

  • 2 Essential Trackers: Typekit by Adobe, Google Tag Manager
  • 3 Site Analytics Trackers: Google Analytics, New Relic, Twitter Analytics
  • 1 Social Media Tracker: Facebook Connect

Elizabeth Warren

Summary: Overall, her site tracks everything about the client possible and syncs with major social media platforms and advertising exchanges. In the interest of time I am not going to do the pixel by pixel detailed analysis of Elizabeth Warren’s site, but I provided a High Level Summary below.

There is a lot going on, even more than Kamala’s site. It’s actually very similar to Kamala’s site’s advertising partners and trackers. Main difference is Elizabeth’s site uses Outbrain Amplify and Heap Analytics. In my own biased opinion, Outbrain does a fine job in targeting but inflates their impressions with nifty JavaScript and browser tricks, the value of their impressions should be taken with a grain of salt (do your research). Heap Analytics is something new to me, but after looking at their code I can see that they are tracking IP based location (lat/lon, country, state). Warren’s site also includes all the same Snapchat shenanigans as Kamala’s site.

High Level Summary

  • 1 Essential Trackers: Google Tag Manager
  • 5 Site Analytics Trackers: AB Tasty, Google Analytics, Heap, GA Audiences, Twitter Analytics
  • 1 Social Media Tracker: Facebook Connect

Conclusion

Cheers! Make sure to turn your ad and tracker blockers if you’re concerned about being tracked!

Researcher. Software. Plants.