It may be strange that a person who makes their living adding tracking scripts to web sites (me) is asking you to limit adding tracking scripts to your sites. Analytics provides fantastic insights into how your digital marketing and website are working. What I am asking you to do is be careful in putting magical mystery scripts on your site that claim to be doing limited tracking. You should be the only one benefiting from your site data!

You know the scripts I am talking about, Marketing, by request of your consulting partner, working with a third-party ad company, getting a script off a service provider’s site, has handed you a small piece of code they call a “pixel”. This will, according to someone in the email thread, enable you to optimize your ad spend while significantly increase conversions. They may even throw in a few more buzz works about synergizing the ROI of the collaboration.

"Pixel" - a cute term that makes you think of a pixie, what could be evil about pixies?

lingotek logo
Common Pixie - NOT scraping data from your site

This code usually is not a pixel but a JavaScript hook that loads a much larger and complex script. Yes, some of the time it is just watching for ad campaign activity. But this code could be doing anything!

The magical mystery script based method is a powerful and easy technique that most analytics providers like Google and Adobe use. The initial code loads the full tracking script and pulls information from the site visitor’s browser. This enables you to improve both your digital marketing as well as your site operation. The problem is, this method is too easy. Anyone that can get a “pixel” on your site is collecting data on your site and visitors.

  • Want basic analytics? Just put this simple script from Google on your site and look at the on-line analytics reports on your site.
  • Running an ad on Facebook? Just put this simple script on your site to see how successful the ads are.
  • Running an email campaign using Marketo? Just put this simple script on your site to see how successful your campaigns are.
  • Looking for employees on LinkedIn? Just add this simple script to see how many are watching you back.
  • Want to see how your Google AdWords campaign is working? Never mind, Google already has all your data.

You may not have even placed the script. Your contract site developer wants to see how their work is doing. Buried in their code is that simple tracking script, sending data on your site to their account. Tag managers can make it worse as adding another tracking script is just a couple of button clicks away.

Any third party involved with your site seems to want a pixel placed on your site. These magical mystery scripts can put anything in that code to pull anything the browser will allow - probably less than you fear but more than you think.

In addition to data issues the tracking script is another piece of code added to your web site. They can cause slower page load and interfere with your page operation. The more pixels that get added the more likely you are to have issues including crashing dynamic content and apps on your site.

Control Those Pixels

Have a well-defined policy about what tracking can be used on your sites. Define what pixels can be on your site and have an approval process. Make it extra strict on sections that might contain personal information like your internal HR site. Tracking scripts can pull personal information; better ones just try not to.

That data policy - make sure your contract developers know about it and follow it. Talk with any contract developers, digital marketing, any third party that might have the ability to add pixels to your site or campaigns (the ones that want to add pixies are OK.) If they don’t understand or care, look for a contractor you can trust not to let someone else spy on your site.

Keep track of the third party code put on by contractors/consultants or even internal developers. Too many times there are multiple JavaScript files loaded on the site that you have no idea what they do. Ask why and what that simple script does before implementing it.

There have been many times I get requests from Marketing to “Just add this thing the vendor sent me.” Don’t add a script that you don’t know where the data is going and who owns it. This includes - does the company providing the script have a data and privacy policy of their own. For example.

A data policy doesn’t help if the company gets hacked. Limiting how many companies can add tags on your site reduces this risk. Restrict who can add scripts to make sure that person from Marketing (you know who I’m talking about – the one that can’t tell the difference between pixels and pixies) or contractor, or advertising consultant, etc. doesn’t add it themselves. limit access to your tag manager to a very few people.

Even with all the control extra tracking tags may sneak in anyway. Watch for scripts a vendor asks to be added that load other scripts from an external server. For example:

  • Google Analytics script loads "//" in the code
  • Bing Ads code loads "//"
  • LinkedIn code loads "//"

The magical mystery script often creates a spot and inserts the JavaScript into your page where it does what it wants. Or more straight forward where you manually put the script call on the page like Adobe:
<script language="JavaScript" type="text/javascript" src="AppMeasurement.js"></script>

Regularly use a testing tool designed to detect tracking tags like ObservePoint or WASP to check for new tags. These tools are easy to use as they are specifically designed to look for tracking tags. On the negative side they only look for common recognized tags. They won’t catch the obscure, truly bad, or where someone is deliberately hiding where the script comes from.

Web analytics provides fantastic data to help you improve your digital marketing and the usability of your sites and applications. But that same usefulness attracts others, sometimes because they want to help you. Sometimes just because they want the data for their own use. Keeping control of data on your content is important to keep your customer interactions secure and keep you and your site visitors safe.