Tracking domains in installed applications

Many websites have tracking domains in their webpages, which I block using "Privacy Badger" Extension by EFF.

These domains are easily visible by pressing Ctrl+U in Firefox to see the "Page Source".

Also I have observed that many apps(which I download from the Google Play Store) show the content which is exactly similar to the content accessed by any web browser on the related web pages. I guess that those apps are nothing more than a web browser in themselves, accessing the related web pages[I MIGHT BE WRONG].

In the above case(or even in the case where content accessed by apps is aesthetically and/or functionally different than that accessed by a browser) I guess that the tracking domains(which are on the related web pages) are also baked into the apps.

My questions:

  1. Are the tracking domains present in the apps also?
  2. Any way to verify their presence[as was the case with Firefox above]?
  3. How to block them from tracking the user[as Privacy Badger does]?

Note: I am just talking about "simple" tracking methods(domains), not "advanced" ones like fingerprinting, Tracking Pixels etc.

GTM – Bad Event Tracking Code – Pageview Hit must precede event

I’m having trouble finding a GTM error. The error states that Google Tag Manager isn’t receiving the URL/page-name in Google’s Behavior->Landing Pages report before it receives an event.

I’m not sure how to find the offending page and of course, Google can’t tell me the offending page, so trying to use Google’s Tag Assistant would mean testing every single page on the website.

The error appears to be happening on all of the major browsers, so it doesn’t seem to be browser specific.

I tried to lookup one session by matching the session duration with user sessions. The session begins at 11:58 pm and ends at 12:04 am. However, when I use Google’s Tag Assistant, it doesn’t show any errors.

enter image description here

If this were the problem page, it would appear that GTM looses the page name when the session wraps over the midnight hour, but this seems improbable.

enter image description here

How can I properly identify the offending page without using Google Tag Assistant on every single page?

tracking in odi the package which uses a given mapping

I am trying to find the whole lineage and loading process of a certain table column. To begin with i am locating the mapping used to populate the column. To do this i use:

select     m.name mapping_name,     mr.qualified_name,     mc.name datastore_alias,     t.table_name target_table,     mdl.cod_mod model_code from snp_mapping m inner join snp_map_comp mc on m.i_mapping = mc.i_owner_mapping     inner join snp_map_cp cp on mc.i_map_comp = cp.i_owner_map_comp     inner join snp_map_ref mr on mc.i_map_ref = mr.i_map_ref     inner join snp_table t on mr.i_ref_id = t.i_table     inner join snp_model mdl on t.i_mod = mdl.i_mod where cp.direction = 'O' and --output connection point     cp.i_map_cp not in         (select i_start_map_cp from snp_map_conn) --not a starting connection point; 

which works very nice. (Thread found here : https://stackoverflow.com/questions/60566000/odi-column-lineage-query/60566807#60566807).

Now i need to find the package which uses this mapping, so that i will be able to investigate the whole loading process. So the question is: is there a query which can return the packages that use the mapping defined?. I did find an SNP_PACKAGES table but i am not sure if i can get anything from there.

Can I use Google Analytics to implement offline conversion tracking?

In a Google Ads account I’m working on, all conversions are imported from Google Analytics. How can I define a Google Analytics goal which has the Google Click ID configurable, i.e. such that reaching the goal is associated with a previously seen Google Click ID? I.e. can I have something to the effect of Offline Conversion Tracking except that I use Google Analytics (and maybe even Google Tag Manager)?

Background:

I’m working on a site which has its analytics managed via Google Tag Manager; some events configured in GTM trigger goals in Google Analytics, which in turn are imported as conversions in Google Ads. For example, “visitor requested a trial account” is a user interaction which is tracked like this.

I’d now like to track if people who requested a trial account actually logged in – and if so, track this as a conversion, too. When a visitor logs into his account, I can check a database to figure out the Google Click ID (if any) which the user got assigned when requesting his account. In case a GCLID is found, I’d like to have a GTM trigger which triggers a tag which bumps a Google Analytics goal (which in turn is imported as a conversion in Google Ads).

Configuring Google Tag Manager accordingly seems straightforward. However, it’s not clear to me what kind of Google Analytics Goal to create which explicitly specifies a click ID.

Is Cross-Domain IP tracking a security feature?

We’re using a cloud based web security (proxy) service which basically takes our web requests, scans them and NATs these requests to their public IP addresses. NAT is being done on a per-session basis, whatever that means in detail.

We now have a problem with a third party service which is essentially doing something like this:

  • User goes to URL A (TLD 1) and logs in there
  • The login then sets a cookie with no domain set (so its only valid for this domain)
  • It 302 redirects the user to another Domain URL B, and sets some token as GET parameter

At this point the session is rejected with an error message that the public IP does not match (for the proxy its a new session, thus a new IP address is used when NATing this to the outside)

For me this looks like a way to authenticate the user on one site and using services on another without implementing some proper authentication framework.

My question:

Is this IP address check adding any (noteworthy) security? This seems to be a setting we cannot change on the security provider side, so we may need to convince the provider to change this model.

Bot protection, http-2 link header and google tracking

I opened a link hxxps://ts[.]la/carey16046, which was in a youtube comment, than I got redirected to a tesla[.]com root page and saw the message:

Access Denied: You don't have permission to access "http://www.tesla.com/" on this server. 

and got 403 code. Updating page/cleaning cookies didn’t work. In response headers (full) I spotted this:

link: <https://www.googletagmanager.com>;rel="preconnect",<https://www.google-analytics.com>;rel="preconnect",<https://track.securedvisit.com>;rel="preconnect" 

Than I went googletagmanager[.]com and it goes:

400: Your client has issued a malformed or illegal request. That’s all we know. 

I was okay with it, but in the title tag was: Error 400 (Bad Request)!!1 With the one in the end. Is it a joke? Last time I was on tesla’s site was week ago and it worked properly. I’m sure that there weren’t any suspicious activity coming from my ip address whatsoever, although I am currently in Russia.

What is link header? I’m using firefox with privacy settings on, might it be an issue?

How is browsing from a virtual machine/virtual box preventing fingerprinting or tracking?

is it increasing your internet security in terms of privacy/tracking/fingerprinting, if you are surfing with your web browser in a virtual machine enviroinment (virtual box + vpn)? Instead of surfing from your normal windows operating system…

Or is a virtual machine not helping you in fingerprinting cases? I just want to understand if you can use a virtual machine as a additional privacy tool and if yes, on what aspects would it have an impact (ip address, virus infections, fingerprinting, etc.)?

Thanks