A letter to pixel.s3xified.com, by co-founder Chloe Grutchfield
Who are you, and what are you doing with my data?
You seem to know so much about me - you know the websites I visit, my browser and who knows, maybe more - and I know so little about you. Seems a little unfair, don’t you think?
All I know is that your pixel is triggered by adtech vendors (really big players, actually) on a number of websites, including some big and serious news websites.
I also understand you like long-term relationships, as your cookie has an impressive 10 year expiry date. Yet, you’re a bit shy; your domain is hidden behind a privacy registration service. I have tried very hard to identify who you are but it’s as if you didn’t want to be found!
I know what you will say: you’ve spotted me, because I visited an adult website. I can assure you, I didn’t.
Thing is, I’m happily married with two beautiful kids, and don’t really have the time for hide and seek, so it would be really great if you could leave me alone. I keep trying getting rid of you but you keep coming back.
I hope this doesn’t come across rude, but you’re a bit of a stalker…
The pixel.s3xified.com request on a news website:
The pixel.s3xified.com cookie:
You’re likely a little agitated about how I know about your existence. After all, you’ve tried so hard to remain a secret, it must be a little unnerving to discover I’ve found out so much about you.
And, how do I know all of this? Well, you see, my business partner and I built an HTTPS proxy crawler to scan lots of websites to understand what content (visible or not) is being sent to a web browser, or a device via a website or an app.
When you crawl a lot of websites and apps, you start to see things - patterns, trends and insights. In fact, we’ve discovered areas such as what’s causing latency on a web page as it’s loading, what the ad to content ratio is, whether the consent string is populating, why there are discrepancies between advertiser and publisher numbers, what redirects are occurring and what domains are actively syncing cookies. And that only scratches the surface.
We even built a UI (user interface) to make sense of all of this. And that’s how we found you, hidden between a viewability tag and a brand safety script and triggered by an SSP.
You sneaky thing, you.
You may have heard about this thing called the GDPR, which came into effect May this year. It’s no big deal or anything, it just means us ‘industry veterans’ have started to be more curious about vendors that drop cookies - and therefore process - what’s now classified as personal data.
But with you it’s a little more tricky - I can’t find any of this information! You seem to have missed the call for better advertising under the GDPR movement, and you are playing a dangerous game with the ICO and the regulators, do you know that?
I’m sure you’re legitimate, really. When I look at every single one of your HTTP requests, it’s clear that you are saving my data (cookie ID) in a folder called /sspsync/. And, I think I know why… You have a big lookup table with my ID across lots of different platforms. Am I correct?
But are you also using the domain of the website where you dropped your cookie on?
I’m paranoid, I know. But you’re not being very transparent and your name is definitely not helping. In fact, quick tip from me, your name is probably not working in your favour at all; S3xified: It’s not very subtle is it?
But even after everything you’ve done. That’s not quite the end of the story for me. Because, the scary thing s3xified, is that you are not the only one…
Kind regards. (Well, not really).
P.S. Readers, do me a favour. Check whether you have the s3xified cookie on your browser. Here’s how to on Chrome: https://www.wikihow.tech/View-Cookies-on-Chrome-on-PC-or-Mac. If you do (so far everyone I’ve asked has it), get in touch.