Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Zach Edwards Profile picture
@thezedwards
Jun 19, 2021 19 tweets 13 min read Read on X
Scrolly
Does everyone realize that this is almost assuredly @Merck using the Ad ID Consortium to target ads to cancer patients? BOK's former company left this data-co-op (adexchanger.com/online-adverti…)

I'll do a thread on this, explaining how you can audit a website like keytruda.)com ⚖️⛈️🧵 Image
First, BOK's old company used to own the domain facilitating these data flows "adnxs.com" - this domain was used in the Ad ID Consortium & was the most popular. AT&T bought appnexus, pulled out of the AD ID C, & seemingly "gave the domain up"
admonsters.com/universal-id-a… Image
*I haven't 100% confirmed that Appnexus/AT&T has zero control over their old adnxs.com domain, but I know this domain is still used heavily by the Ad ID Consortium syncs, which AppNexus/Xander isn't part of, so this seems to indicate the domain was donated. TBD!🧐🖖
It's extremely common for Big Pharma to make websites for each product/medicine. Keytruda.)com is tied to other sites via similar tactics... random ass domains used to hide that they are cross-domain tracking vectors.

KT uses lhmos.)com + medtargetsystem.)com + di-capt.)com.. ImageImageImage
You will also see the domain "Adnxs.com" across these selling-cancer-patient-data-flows - this domain is where the Ad ID Consortium has been syncing IdentityLink people-based identifiers. The membership in the AD ID Consortium is big (investors.liveramp.com/news-and-event…) ImageImage
Is the AD ID Consortium a non-profit? Is it a for-profit? adidentity.org/what-we-do // Their FAQ notes that this is technically a Corporation, which has corporate registration in Delaware // This corp has not registered as a data broker in California or Vermont #illegalCCorpCoOp ImageImageImage
The Ad ID Consortium was abandoned by AT&T after the acquisition of AppNexus went through. I was on the conference call when it was announced and it was the least surprising ton of bricks to fall since GDPR was enacted - but the effort continued!! ⛈️💸⛈️⚖️ adexchanger.com/online-adverti…
So to sync data from Keytruda to ad tech orgs, a javascript file hosted @ medtargetsystem.com/javascript/bea… (very obfuscated) will fingerprint the user + share data via triangle syncs to the Ad ID Consortium Domain + the cross-site Pharma tracking domain of lhmos.com ImageImage
Another one of the Pharma cross-site domains @ di-capt.com conducts a sync with data sale company Tower Data -- Pharma is using separate domains for these syncs to reduce Safari's/other browsers/orgs ability to see the domain as a cross site tracking vector Image
There seems to be over 800 websites tied to this Pharma advertising network tied to the Ad ID Consortium @ securitytrails.com/list/ip/13.248… - go to these sites, you'll see similar data flows to the Keytruda website

Example: worseninghf.com
The triangle syncs flow as-expected⤵️ ImageImageImage
You may notice that there is a 301 location redirect, the backbone of non-compliant triangle user data syncs - the MedTargetSystem JS sends data to Pharma's "trc.lhmos.)com" then a sync to the Ad ID consortium @ "ib.adnxs.)com" reverse proxy shenanigans are transparent here ⛈️💸 Image
The Ad ID consortium are the kings of reverse proxies - they break consentful data flows & cookie blocks as a course of common practice. Their "ib.adnxs.)com" subdomain is tied to tons of "cookieless data syncs" across the biggest sites in the world. Tons & tons of custom flows. Image
The AD-ID-C domain ties together their cookieless syncing with A records connected to specific IP addresses & tied to domains of their clients. Explore them here @ securitytrails.com/domain/p.updat… // A couple thousand of the biggest domains = biggest data co-op data breach on earth ImageImageImage
All of these tricks, where huge ad tech co-ops spin up random domains constantly, using "unknown ad tech domains" and fancy DNS tricks / location redirects, to share userIDs across companies, creates huge data co-ops across companies. It works. It's huge business.
And if you load Keytruda in Safari, you can still see how this is happening *(other examples here from MSFT Edge).

The same "medtargetsystem" domain fires in Safari w/ the appnexus reverse proxy domain array ready to push fingerprints & IDs across orgs. Image
You can see in the Safari syncs how a cookie isn't needed to sync data across a reverse proxy - merely pass the userID in a querystring, have both domains fingerprint the user in the same way, and then you've got a matching fingerprint + join key for future auctions/sharing Image
The userID being shared across domains in the Ad ID consortium is also associated with a "liveRampSessionID" dropped in a 1st party context in Safari on "keytruda.)com" - you can see that below. This sync violates the intent of ITP in Safari, should be blocked in the future. ImageImageImage
The AD ID Consortium makes the Adobe Data Co-op look quaint, and it was so bad that AT&T said "nahh, that shit is a garbage fire of unethical data flows, we are outta here!" Yet, now here we are.

A C-corp not registered as a data broker is monetizing cancer data on Twitter.
There are countless orgs looking for loopholes to current data flow restrictions. This is generally a bad idea. You are creating $$ bubbles & legal exposure for your org. All data supply chains must be mapped -- don't partner with unregistered C-Corp Data Brokers. </🧵>⛈️💸⛈️⚖️

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Zach Edwards

Zach Edwards Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thezedwards

Zach Edwards Profile picture
Apr 24
Our team at Silent Push has been hard at work on the largest report we’ve ever made public – and along with Reuters – today we’re explaining how North Korean threat actors associated with the “Contagious Interview” subgroup created 3 front companies...🧵
... and registered 2 of them as legitimate businesses in the United States.

The front companies are: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC
Yesterday, the Federal Bureau of Investigation (FBI) acquired the Blocknovas domain, but Softglide is still live, along with some of their other infrastructure.
Read 15 tweets
Zach Edwards Profile picture
Nov 14, 2022
Last year, while conducting audits on SDKs installed in mobile apps for @SafeTechLabs, a popular SDK installed in thousands of apps called “Pushwoosh” started to raise some odd questions, was it secretly Russian? Reuters has an explosive story out today: reuters.com/technology/exc…🧵
This is a complex but important story for folks to understand -- this is the start of the discussion about these types of risks.

There was a SDK company -- "Pushwoosh" -- pretending to be based in Washington, D.C., but was really based in Russia, and has been the ~entire time.
Have you seen this man? Nah.. unlikely because he’s not a real person. But this fake marketing dude was apparently created in ~2018 by a Pushwoosh 'contractor' to market services in Washington, D.C.

Unfortunately for Pushwoosh, the fassbender-carell face mash.. wasn't great..🤣 Picture of fake personPicture of fake person -- t...
Read 16 tweets
Zach Edwards Profile picture
Nov 10, 2022
I have some really disappointing & horrifying news about how Twitter ads is ingesting + storing advertiser credit cards. They have a ~new "reviewData" field that is a plain text ingestion (CC fields are encrypted) which includes the "firstSix" and "lastFour" #'s of your CC.🌩️⚖️🧵 Twitter ads screenshot - this is a plain text JSON payload sCredit card form submit pushing plain text credit card numbe
I want to make sure it's clear that storing credit card numbers in plain text in a "reviewData" field is maybe used for fraud and abuse, potentially for the Twitter ads fraud and abuse vendor Sift which you agree to share data with. But the data is stored on Twitter's side.👀🥵🌩️ Twitter advertiser add a new credit card form plain text credit card fields ingested into twitter infrastr
And so currently, the way that Twitter has setup this "reviewData" field for advertiser credit cards, there is a big JSON dump on the Twitter infrastructure, w/ advertiser name/contact info/ and *most importantly* the "first six digits of the credit card AND the last 4 digits"🥶
Read 6 tweets
Zach Edwards Profile picture
Aug 24, 2022
I've gone through mudge's redacted whistleblower complaint and there are some really spicy sections that relate to ad tech + privacy + foreign intelligence... brief thread of what I think is most interesting (link to documents in tweet below)🌶️🐦🌩️⚖️🧵
First up... folks have known for awhile that tons of Chinese advertisers were/are buying Twitter ads... But no one had pieced it together that those Chinese advertisers would be using ***Twitter Custom Audiences to doxx VPN users who verified with real contact info...** 🚨🥵🥵🚨 "Twitter executives opted to allow Twitter to become mo
"Twitter executives opted to allow Twitter to become more dependent upon revenue coming from Chinese entities even though the Twitter service is blocked in China...."

It seems clear that Twitter is becoming "more dependent" on China.. via.. Twitter advertising. Uhh @congress ?? "Twitter executives opted to allow Twitter to become mo
Read 15 tweets
Zach Edwards Profile picture
Aug 5, 2022
Reminder: @WhiteHouse has done nearly nothing to hold Yandex accountable for their Putin War propaganda via Yandex News, no comment about the massive Yandex Appmetrica SDK data collection straight to Moscow.

But leaders within women's hockey (PWHPA) fought back against Yandex🧵
ICYMI in April 2022 the PWHPA decided to *not* move forward w/ a partnership w/ the PHF due to the connections to Yandex Chair John Boynton, "It’s believed Boynton will be an issue when it comes to attracting major sponsors moving forward." 🧐🌩️⚖️👏🏻👏🏻👏🏻

thehockeynews.com/news/report-pw…
And the vote from PWHPA (Women's pro hockey) in April 2022 to stop all discussions with PHF due to the PHF connections by-proxy to Putin allies, was *unanimous* -- one organization stood up effectively to Yandex here in the U.S....

But @whitehouse ??
Read 7 tweets
Zach Edwards Profile picture
Jul 31, 2022
Google's "automatic ads" w/ the new "Anchor / Vignette Ads" = full-screen between-page-loading interstitial @ support.google.com/adsense/answer… @ "Auto ads will then scan your site and automatically place ads where they’re likely to perform well and potentially generate more revenue."👀 Auto ads offer a simple and...
This is going to be a complex product to audit how it performs / users are impacted, and while I'm a big fan of "easy deployments" - I can only imagine what would happen if this process for "auto ads will then scan your site and automatically place ads" went a little wrong.😅🥵
Being a technical auditor requires you to constantly receive partial information and then back into what could have happened during a client experience -- and oftentimes information about a problem can be as murky as "ghost in a machine ate my homework" = auditing "auto ads" = 😅
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(