Third Party Trackers

Part of the purpose of this website is to give me a live real-world test site with which to locate third party trackers within WordPress core, Plugins, and Themes – so that I can code solutions that neuter the trackers.

This page describes what kind of trackers I consider to be dangerous, and why I consider them to be dangerous.

As a result of the testing taking place here, there often will be third party trackers present here.

I recommend you install Privacy Badger and do NOT white-list any third party resources for this domain. That will protect you from any trackers that are here.

Type of Trackers and Privacy Implications

One of my motivations is to reduce the number of third party resources that include tracking cookies in WordPress blogs. I said reduce, not eliminate, not all are harmful.

Trackers that are harmful are trackers related to resources that are likely to be found on numerous websites all over the web. This includes trackers from Google, Amazon, Automattic (the company behind WordPress), Facebook. Twitter.

The problem is that those trackers allow those companies to correlate information about you. The cookie your browser sends has the same unique identifier regardless of which web site you visit. Thus if you visit a website that caters to a particular sexual fetish and there is a facebook tracker at that blog, Facebook (which likely knows your real name) will now you visit that website, how many similar websites you visit, and how often.

These large companies use this tracking data, tracking data that many of us feel very uncomfortable collecting, in ways that can harm people. Just as an example, a teenage girl became pregnant and visited websites about pregnancy. This was tracked, and the data sold to Target which then mailed her a “congratulation on your pregnancy” marketing package. That was how her father found out she was pregnant.

Fortunately her father was not abusive, but could have ended worse and probably has ended worse for others.

Benign Trackers

Some trackers though I feel less threatened by. For example, many Phonesex Operators have a WordPress widget or other resource from a dispatch company (e.g. Niteflirt) or from a podcast company (e.g. Spreaker) that results in a cookie being sent by the browser.

These cookies can be used for tracking and I would prefer they not exist but they probably are just the result of sloppy programming.

Those who use tracking information nefariously profit from the tracking information and profit more with the more information they have about those they track, so they tend to have their third party resources literally embedded in websites all over the Internet. When I see a Niteflirt tracking cookie, it is because I am at the blog of a Niteflirt operator. They don’t show up elsewhere. Niteflirt is not tracking me, and honestly their server is probably ignoring the cookie data sent – it is just their because their web team did not think to set up a cookieless domain for resources intended to be embedded in other websites.

When I come across those kind cookies, Privacy Badger blocks them by default but I often specifically choose to allow them, and I do not see them as a nefarious threat to privacy.

Trackers in WordPress

With a “vanilla” install of WordPress, it appears there are three trackers present:

  1. *.gravatar.com
  2. fonts.googleapis.com
  3. s.w.org

The first has to do with the avatars that appear in post comments. That tracker is literally all over the web, I have no doubt it is being used for nefarious tracking. It will be solved with my PluggableUnplugged WordPress plugin when it is released. The devel version of that plugin is running on this blog and working, but there is still work to be done.

The second is google, and is the result of Google Fonts. I do have a plan to resolve that issue.

The third only appears when there is an emoticon or emoji in the page, e.g. 😉 or 😀 – those images are served by s.w.org and there is absolutely no good reason for a tracking cookie to be involved. For years now, virtually every modern browser has supported emojis internally, there simply is no reason to use a third party server for them.

The Disable Emojis plugin by Ryan Hellyer seems to do the job nicely as well as reducing the number of connections your page has to make. And for the vast majorities of users, there is no loss of function because the emojis are still present, just provided a font in their browser.

As such, the PluggableUnplugged plugin I’m working on will prompt to install the Disable Emojis. It does not force the install of it, but it lets the blog admin know that it is recommended.

Trackers in WordPress Themes and Plugins

Discovery of trackers in themes and plugins is an ongoing process. This blog will be used for such discovery, so they will be present here when I find them until I find solutions that neuter them.

Anonymity protected with AWM Pluggable Unplugged