Does everyone realize that this is almost assuredly @Merck using the Ad ID Consortium to target ads to cancer patients? BOK's former company left this data-co-op (adexchanger.com/online-adverti…)

I'll do a thread on this, explaining how you can audit a website like keytruda.)com ⚖️⛈️🧵

First, BOK's old company used to own the domain facilitating these data flows "adnxs.com" - this domain was used in the Ad ID Consortium & was the most popular. AT&T bought appnexus, pulled out of the AD ID C, & seemingly "gave the domain up"
admonsters.com/universal-id-a…

It's extremely common for Big Pharma to make websites for each product/medicine. Keytruda.)com is tied to other sites via similar tactics... random ass domains used to hide that they are cross-domain tracking vectors.

KT uses lhmos.)com + medtargetsystem.)com + di-capt.)com..

You will also see the domain "Adnxs.com" across these selling-cancer-patient-data-flows - this domain is where the Ad ID Consortium has been syncing IdentityLink people-based identifiers. The membership in the AD ID Consortium is big (investors.liveramp.com/news-and-event…)

Is the AD ID Consortium a non-profit? Is it a for-profit? adidentity.org/what-we-do // Their FAQ notes that this is technically a Corporation, which has corporate registration in Delaware // This corp has not registered as a data broker in California or Vermont #illegalCCorpCoOp

So to sync data from Keytruda to ad tech orgs, a javascript file hosted @ medtargetsystem.com/javascript/bea… (very obfuscated) will fingerprint the user + share data via triangle syncs to the Ad ID Consortium Domain + the cross-site Pharma tracking domain of lhmos.com

Another one of the Pharma cross-site domains @ di-capt.com conducts a sync with data sale company Tower Data -- Pharma is using separate domains for these syncs to reduce Safari's/other browsers/orgs ability to see the domain as a cross site tracking vector

There seems to be over 800 websites tied to this Pharma advertising network tied to the Ad ID Consortium @ securitytrails.com/list/ip/13.248… - go to these sites, you'll see similar data flows to the Keytruda website

Example: worseninghf.com
The triangle syncs flow as-expected⤵️

You may notice that there is a 301 location redirect, the backbone of non-compliant triangle user data syncs - the MedTargetSystem JS sends data to Pharma's "trc.lhmos.)com" then a sync to the Ad ID consortium @ "ib.adnxs.)com" reverse proxy shenanigans are transparent here ⛈️💸

The Ad ID consortium are the kings of reverse proxies - they break consentful data flows & cookie blocks as a course of common practice. Their "ib.adnxs.)com" subdomain is tied to tons of "cookieless data syncs" across the biggest sites in the world. Tons & tons of custom flows.

The AD-ID-C domain ties together their cookieless syncing with A records connected to specific IP addresses & tied to domains of their clients. Explore them here @ securitytrails.com/domain/p.updat… // A couple thousand of the biggest domains = biggest data co-op data breach on earth

And if you load Keytruda in Safari, you can still see how this is happening *(other examples here from MSFT Edge).

The same "medtargetsystem" domain fires in Safari w/ the appnexus reverse proxy domain array ready to push fingerprints & IDs across orgs.

You can see in the Safari syncs how a cookie isn't needed to sync data across a reverse proxy - merely pass the userID in a querystring, have both domains fingerprint the user in the same way, and then you've got a matching fingerprint + join key for future auctions/sharing

The userID being shared across domains in the Ad ID consortium is also associated with a "liveRampSessionID" dropped in a 1st party context in Safari on "keytruda.)com" - you can see that below. This sync violates the intent of ITP in Safari, should be blocked in the future.