Whether you have an interest in Google Analytics and internet advertising, or your boss or coworkers do, as a coder you’ll likely at some point need to install a cookie tracking script. Developers often question the necessity for such codes, the security of them, and the privacy of the networks that use them. In this article we will explain what purpose this tracking serves, why it’s vital for measurement and effectiveness of online advertising, and what a software engineer needs to know to minimize risk.
First, a little terminology.
- Ad Network- A website or network of sites that run advertisements, in the category: Google Adwords, Microsoft Bing, Yahoo, etc.
- Ad Server- A Webserver operated by the Ad Network. Used to serve pixels, tracking codes, and tracking links.
- Pixel A- pixel is literally a 1px by 1px image resource located on a remote Ad Server. By loading the image (typically in an iframe), the Ad Network is able to register the IP address and also cookie data sent in HTTP headers. This is used for “attribution”, to associate a page view or action (pixels are commonly placed on thank you pages to register a form submission or purchase transaction). Commonly used in affiliate marketing.
- ReMarketing- ReMarketing is those annoying ads that follow you around after you abandon an online purpose. Your marketing department probably wants to use them because they are really effective, if a bit creepy. ReMarketing Ad Networks like AdRoll.com will provide a script used soley for the purpose of setting a cookie for visitors on your site.
- Cookies –If you’ve done any web development, you know what a cookie is. But what you may not know is that Ad Networks and web tracking tools like Google Analytics use it to identify repeat visitors and track behavior.
- Conversion Tracking- Google Adwords and many other Ad Networks enjoy knowing when traffic that was generated actually did something useful. This type of javascript takes custom variables such as SKU and price for ecommerce transactions and reports it back to the Ad Server.
- Google Analytics- Free web analytics from Google that track the pages a user visits, their user-agent, device, network speed, and other attributes. Most common web analytics platform followed by Pwick, WebTrends and more
- Analytics Snippet- Google Analytics has a small javascript fragment that needs to be placed on every page. This code reports back to the uchin.js tracking code hosted by google orstats.g.doubleclick.net/dc.js
if using the ReMarketing enhanced version.
Security
If security is any part of your job description, you will be wondering what kind of pandora’s box is opened by placing the tracking code on your site. When installing javascript, the major concern is a injection attack where the Ad server gets hijacked, and malicious code gets inserted into your page. For most major ad networks, the risk is quite low. Consider the odds that Google’s servers could be compromised, and how long it would stay that way. A tracking code just allows access to the users cookie, and doesn’t insert ads on the page. So there is low risk of 3rd party content ever appearing on the site in any normal circumstance.
Installation
The work to install a tracking code is in most instances less than 10 minutes. Pixels or Conversion tracking codes typically only need to be placed on one or two pages. If you’re using wordpress or other CMS, codes can often be installed via the admin or free plugins, no server access required. For custom applications, it’s usually as simple as located the header or footer include file and copying & pasting. Google Analytics can be a bit more complex, needing to be placed immediately before the <footer> tag, on every page. If you’re using a Node.Js or other single page framework, getting Google Analytics becomes a bit larger project. Since the traditional Google Analytics setup works by recording page views in the browser like /about or /checkout, you’ll need to manually register page views by writing some custom javascript. If the code doesn’t work properly, within all use cases of your app or website, the advertiser data will be flawed, and it’s almost guaranteed to need a re-code.
Privacy
What bearing does this have on user privacy? Do you need to update your privacy policy? The answer is none, and maybe. Tracking codes are extremely commonplace on the web. 100,000’s of website use Google Analytics for example. Conscientious users will use tools like NoScript or AdBlock to protect themselves if they care and know how. If you’re installing ReMarketing, feel free update the privacy policy about 3rd party data. Although, the Ad Network Terms & and Conditions typically address most situations
In Closing
Tracking codes are fairly common and low risk. Internet Advertising requires them to function. Though you might be writing code, and not in charge of user experience, do understand that the use of tracking codes provides valuable insight into how people actually use the applications you develop, and why.
What are your thoughts on the technical aspects of internet advertising?
Aaron Opfell is the CEO of SearcherMagnet
