Contenu connexe Similaire à Ghostery Enterprise EU Security Study (20) Plus de Ghostery, Inc. (9) Ghostery Enterprise EU Security Study1. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
1
DIGITAL SECURITY IS SERIOUS BUSINESS
The number of publicly traded companies that listed security issues as a
business risk in securities filings increased by 73% from 2012 to 2014.1
The average cost of a breach is $200 per record, which amounts to an
average of $5.9 million paid by organizations per breach.2
2. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
2
DIGITAL SECURITY IS SERIOUS BUSINESS
"Security has never been higher on the agenda of CEO's and
Boards. This study shows that companies can generate additional
revenue while closing security gaps from non-secure marketing
technology on their secure pages.”
Caroline Watteeuw, the former Global Chief Technology Officer and SVP of Business
Information Solutions of Pepsico and an advisor to Ghostery, Inc.
3. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
3
YOUR SITE IS SECURE FOR A REASON
Blind spots in your site security expose your business to issues that directly
impact the customer experience, hurting your company’s revenues and profits.
Poor SEO:
Decline in Google Rankings
Security Threats:
Man-In-The-Middle
Attacks
User Experience Issues:
Mixed Content Warnings
4. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
4
SECURITY BLIND SPOTS ARE WIDESPREAD,
HARD TO CONTROL AND COST YOU MONEY
You Might Not See The Security Gaps, But Your Customers Do. Consumers recognize and trust the
security of a page with an HTTPS address. Security warnings that result from non-secure marketing
technology, commonly called “mixed content warnings” shake customer confidence and thus your
company’s revenues. This happens even if the browser blocks the non-secure technology from
loading.4,5
Most Marketing Cloud Vendors Get To Your Site Indirectly. The technology of the “Marketing Cloud” —
the collection of digital technologies that power, measure, socialize, and optimize performance — is
controlled by a wide range of partner companies who have been granted access to your site. With so
many ways for non-secure technology to end on your site it’s difficult to find the security gaps.3
Google Rankings Suffer When Your Pages Are Not Secure. Google now rewards secure pages with a
higher search ranking. Not knowing if Google finds that your secure pages contain non-secure
elements can lead to valuable rankings slipping away.6
5. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
5
CONSUMERS LOSE CONFIDENCE WHEN
YOUR SITE IS NOT SECURE
“Consumers have been trained to instinctively trust a green “https” before
the website address. Conversely a red “http” or any pop up that tells a
user they are leaving the secure https address is not trusted and thus
consumers will shy away.
The result is consumers will register, often subconsciously, that the
original site is unsecure and thus poses a threat. It is these subtleties in
the user experience that increase or decrease page rankings and thus
page views.”
EJ Hilbert - Head of the Cyber Practice for Kroll EMEA. Hilbert is a former FBI Special Agent
and former Director of Security Enforcement for MySpace/Fox Interactive Media
6. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
6
YOUR SITE IS SECURE FOR A REASON
"Ensuring that websites have better transparency into the causes of
browser warnings will both improve the online user experience and
increase overall internet security. False SSL warnings caused by
SSL misconfigurations result in a negative user experience, with websites
standing to lose up to 65% of their visitors due to a false SSL warning.”
Devdatta Akhawe, PhD, co-author of 'Alice in Warningland: A Large-Scale Field Study of
Browser Security Warning Effectiveness'.
7. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
7
SECURITY BLIND SPOTS
"Our 2013 study showed that the issue of non-secure scripts on secure
pages exposed millions of web users to the stealing of cookies and the
injection of malicious javascript. This study goes many steps further due
to the depth of the real-user data from the 20+ million member
GhostRank community to illustrate that the prevalence of non-secure
scripts is even higher on the most popular websites.”
Nick Nikiforakis, Assistant Professor of Computer Science, Stony Brook University and co-author
of “A Dangerous Mix: Large-Scale Analysis of Mixed Content Websites”
8. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
8
ABOUT THE STUDY
This study examines instances of non-secure digital technologies firing
on secure pages across 50 EU companies in the Airline, Financial
Services, Insurance, News Publishing and Retail industries. The data was
captured from Ghostrank’s 20 million real-user community members
between July 14 2014 and August 14 2014 and includes both active and
passive content.
9. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
9
EU SITES STUDIED
AIRLINE
FINANCE
INSURANCE
NEWS PUBLISHING
RETAIL
Aer Lingus
Banque de France
Allianz
Le Figaro
Argos
Air France
Barclays
Aviva
Le Monde
John Lewis
British Airways
BNP Paribas
Axa DE
The Sun
Sainsburys
EasyJet
Commerzbank
Axa FR
The Telegraph
Tesco
FlyBe
Credit Agricole
Direct Line
The Times
Carrefour.fr
German Wings
Deutsche Bank
Ergo
Bild.de
Cdiscount.com
Lufthansa
HSBC
Groupama
Focus.de
Laredoute.fr
Monarch
Lloyds
Zurich
L'Equipe
Neckermann.de
Ryanair
Royal Bank of Scotland
Admiral
Spiegel.de
Otto.de
Virgin
DZ Bank
Prudential
The Guardian
Promarkt.de
10. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
10
KEY FINDING: 72 PERCENT OF WEBSITES
HAVE SECURITY BLINDSPOTS
100% of Airline Websites
90% of Financial Services Websites
80% of Insurance Websites
50% of News Publishing Websites
40% of Retail Websites
11. EVERY INDUSTRY GROUP STUDIED HAD NON-SECURE TECHNOLOGIES
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
11
THAT IMPACT THE USER EXPERIENCE AND REVENUE
Industry
Percent with Non-
Secure Technologies
on Secure Pages
Number of Distinct
Non-Secure
Technologies
Highest Number of
Non-Secure
Technologies Seen
on a Website
Average Non-Secure
Technologies on
Secure Pages Seen
on a Website
Airline
100%
162
94
29
Finance
90%
177
80
38
Insurance
80%
28
9
5
News Publishing
50%
51
27
14
Retail
40%
71
48
24
12. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
12
RETAIL WEBSITES STUDIED HAD THE HIGHEST NUMBER
OF NON-SECURE TECHNOLOGIES OVERALL
Of the industries surveyed, Finance websites had the highest total number of
non-secure technologies found.
Ghostery saw 177 non-secure technologies across the 10 Retail websites
studied.
The highest individual website in the study was in the Airline category and had
94 non-secure technologies.
13. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
13
FINANCIAL SERVICES WEBSITES COMPRISED
OVER HALF OF THE TEN WEBSITES WITH THE HIGHEST
INSTANCES OF NON-SECURE TECHNOLOGIES
6/10
Financial Services websites have significant security technology in place on
their pages, yet 90% studied had non-secure technologies on their secure
pages.
14. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
14
THE TEN WEBSITES WITH THE MOST NON-SECURE TECHNOLOGIES IN THE
STUDY COVER MANY SECTORS – FINANCE BEING THE MOST AT RISK
Number of Websites in the Highest Ten:
Insurance: 0
Retail: 1
Airline: 3
Finance: 6
15. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
15
CONCLUSION: WIDESPREAD CUSTOMER EXPERIENCE AND
REVENUE RISKS FROM NON-SECURE MARKETING TECHNOLOGIES
• Non-secure technologies on secure pages can decrease ROI by:
o Causing mixed content warnings that increase consumer perception of risk on the
page, even if the browser is blocking the non-secure items
o Creating potential for man-in-the-middle attacks
o Decreasing Google search rankings
• 96% of websites studied had non-secure technologies on secure pages
• Retail websites had the highest volume of non-secure technologies on secure pages
• The site with the highest number of non-secure technologies was a retail site with 333
• Financial Services sites made up half of the 10 highest instances of non-secure
technologies in the study
16. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
16
ABOUT GHOSTERY
Ghostery is a technology company that empowers consumers and businesses to expose and eliminate digital blindspots in the
Marketing Cloud - the collection of digital technologies that power, measure, socialize and optimize performance. Millions of users
globally rely on the free Ghostery browser extension to see and control tracking technologies that follow them across the web.
Businesses rely on Ghostery Marketing Cloud Management to drive ROI by maximizing the security, performance and profitability
of their digital assets.
Key clients like Equifax, Intercontinental Hotels Group and Procter & Gamble depend on Ghostery to take their digital business
from chaos to control. Ghostery is also the leading provider of global privacy governance services; powering compliance for more
than $2 billion of advertising and e-commerce transactions annually.
Founded in 2009, Ghostery is headquartered in New York City, with a technology office in Salt Lake City and sales offices in
London and San Francisco. The company is backed by Warburg Pincus, LLC, the global private equity fund.
Learn more at GhosteryEnterprise.com and @ghosteryinc.
17. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
17
GLOSSARY
• Digital marketing technology or digital marketing vendor: Ghostery defines a “digital marketing technology” as code within a webpage or called by
another technology (i.e. piggyback tag or third-party tag) which communicates with a server, transfers data, and has been identified by Ghostery as
participating in advertising and marketing activities such as ad targeting, analytics, social media and ad serving. Digital marketing technologies can be
images, objects, documents, iframes, or scripts. See: http://www.ghosteryenterprise.com/company-database/
• Non-secure digital marketing technologies: Ghostery defines a “non-secure digital marketing technology” as an http t (see above) that is called from an
https url.
• Website: Ghostery defines a “Website” as a site’s top level server such as site.com or school.edu.
• Secure web page: A secure web page is an http web page that uses an added security layer and is denoted by “https.” The security layer is usually an
SSL (secure socket layer,) a commonly-used protocol for managing the security of a message transmission on the Internet; it uses a program layer
located between the Internet's HTTP and TCP program layers. http://en.wikipedia.org/wiki/HTTP_Secure
• Man-in-the-Middle attack: A Man-in-the-Middle attack is a type of cyber attack where a malicious actor inserts him/herself into a conversation between
two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A Man-in-the-Middle
Attack allows a malicious actor to intercept, send, and receive data meant for someone else, or not meant to be sent at all, without either outside party
knowing until it is too late. http://en.wikipedia.org/wiki/HTTP_Secure
• Mixed content: “Mixed content” is a term to describe a web page that contains both secure and non-secure content elements (images, scripts, etc.)
Mixed content jeopardizes the security of the entire page, and causes browsers to warn site visitors and attempt to block the non-secure content. See:
http://www.troyhunt.com/2013/06/understanding-risk-of-mixed-content.html
18. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
18
REFERENCES
1 “Corporate Boards Race to Shore Up Cyber Security” (The Wall Street Journal June 29, 2014)
2 “2014 Cost of Data Breach Security US” (IBM 2014)
3 “Global Tracker Report” (Evidon February 2013)
4 “Crying Wolf: An Empirical Study of SSL Warning Effectiveness” (Carnegie Mellon 2009)
5 “A Dangerous Mix: Large-scale analysis of mixed-content websites (Chen et al. 2013)
6 “HTTPS As a Ranking Signal” (Google blog August 6, 2014)
19. FOR MORE
INFORMATION:
sales@ghostery.com
@ghosteryinc
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
19
20. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
20
APPENDIX A: Study Breakdown By Industry Type
Industry
Percent of Websites With Non-Secure
Technologies Found
No Non-Secure Technologies Found
Airline
100%
Financial Services
90%
State Street
Insurance
100%
News Publishing
90%
Telegraaf
Retail
100%
21. Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
21
APPENDIX B: Distinct Non-Secure Technologies Found Per Industry in Study
Industry
Non-Secure Technologies
Min
Max
Average
Airline
223
1
112
53
Financial Services
382
2
234
115
Insurance
165
2
139
25
News Publishing
212
2
100
47
Retail
438
20
333
109
22. APPENDIX C: Non-Secure Technologies Loaded Per 1000 Calls on Secure Pages Loaded
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
Industry
Non-Secure Calls Per 1000 on
Secure Pages
Website With Highest Non-
Secure Calls Per 1000 on Secure
Pages
Highest Number of Non-Secure
Calls Seen on a Website
Airline
1.9
7.4
3,578
Financial Services
1.5
51.7
5,518
Insurance
1.0
9.6
1,665
News Publishing
1.4
389.6
5,575
Retail
3.0
43.6
19,820
22
23. SAMPLE DATA: Allstate Non-Secure Technologies (Top 10)
Website
Digital Marketing Technology
Number of Times Seen on Secure Pages
Allstate.com
geoPlugin
29
Allstate.com
Google Adsense
24
Allstate.com
Adcash
15
Allstate.com
Omniture (Adobe Analytics)
9
Allstate.com
Google Analytics
6
Allstate.com
Mixpanel
5
Allstate.com
ScoreCard Research Beacon
4
Allstate.com
DoubleClick
3
Allstate.com
ValueClick Media
3
Allstate.com
Right Media
2
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
23
*Based on a 7/14/14 - 8/14/14 Ghostery Inc. Security Study
24. SAMPLE DATA: Hawaiian Air Non-Secure Technologies (Top 10)
Website
Digital Marketing Technology
Number of Times Seen on Secure Pages
HawaiianAir.com
BridgeTrack
37
HawaiianAir.com
Intermarkets
7
HawaiianAir.com
Commission Junction
3
HawaiianAir.com
DoubleClick
3
HawaiianAir.com
Adap.tv
1
HawaiianAir.com
Adobe Test & Target
1
HawaiianAir.com
Adometry
1
HawaiianAir.com
Adzerk
1
HawaiianAir.com
Atlas
1
HawaiianAir.com
Dotomi
1
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
24
*Based on a 7/14/14 - 8/14/14 Ghostery Inc. Security Study
25. SAMPLE DATA: Walmart Non-Secure Technologies (Top 10)
Website
Digital Marketing Technology
Number of Times Seen on Secure Pages
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
25
Walmart.com
*Based on a 7/14/14 - 8/14/14 Ghostery Inc. Security Study
DoubleClick Spotlight
2498
Walmart.com
DoubleClick
640
Walmart.com
Omniture (Adobe Analytics)
634
Walmart.com
Criteo
394
Walmart.com
DoubleClick Floodlight
253
Walmart.com
Experian Marketing Services
251
Walmart.com
AppNexus
202
Walmart.com
MediaMath
181
Walmart.com
TriggIt
157
Walmart.com
Rocket Fuel
123
26. SAMPLE DATA: Wells Fargo Non-Secure Technologies (Top 10)
Website
Digital Marketing Technology
Number of Times Seen on Secure Pages
Wellsfargo.com
Google Analytics
390
Wellsfargo.com
DoubleClick
224
Wellsfargo.com
Twitter Badge
195
Wellsfargo.com
Intermarkets
152
Wellsfargo.com
Google Adsense
125
Wellsfargo.com
Omniture (Adobe Analytics)
122
Wellsfargo.com
ScoreCard Research Beacon
105
Wellsfargo.com
Adcash
86
Wellsfargo.com
Quantcast
86
Wellsfargo.com
geoPlugin
65
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
26
*Based on a 7/14/14 - 8/14/14 Ghostery Inc. Security Study
27. SAMPLE DATA: Wall Street Journal Non-Secure Technologies (Top 10)
Website
Digital Marketing Technology
Number of Times Seen on Secure Pages
WSJ.com
DoubleClick Spotlight
134
WSJ.com
AppNexus
86
WSJ.com
DoubleClick
80
WSJ.com
MaxPoint Interactive
62
WSJ.com
ValueClick Media
47
WSJ.com
Resonate Networks
43
WSJ.com
Livefyre
39
WSJ.com
ChartBeat
36
WSJ.com
Krux Digital
33
WSJ.com
MediaMath
29
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
27
*Based on a 7/14/14 - 8/14/14 Ghostery Inc. Security Study
28. Company Secure
Host Secure
Path Tag Non-‐Secure
Tag
URL
Allstate myaccount.allstate.com /anon/login/login.aspx Omniture
(Adobe
Analytics) images.apple.com/metrics/scripts/s_code_h.js
Allstate myaccount.allstate.com /secured/billing/paybill.aspx Adcash www.adcash.com/script/java.php?option=rotateur&r=247707
Allstate myaccount.allstate.com /secured/home.aspx Right
Media ads.yahoo.com/cms/v1?esig=1~d816e430d739f6042b0cff31022d2e86413f153e&nwid=10000482675&Allstate purchase.allstate.com /auto/PersonalQuote.aspx Omniture
(Adobe
Analytics) allstate.122.2o7.net/b/ss/allstatedevelopment/1/H.21-‐-‐NS/0
Allstate termlife.allstate.com / Google
Adsense pagead2.googlesyndication.com/pagead/gen_204?id=cyclops&qid=xu_HU8HaOqfe0AGJ_YDACQ&Allstate email.allstate.com /owa/ Mixpanel api.mixpanel.com/track/?data=eyJldmVudCI6ICJFbWFpbCBPcGVuZWQiLCAicHJvcGVydGllcyI6IHsiRW1haWwgTmFtZSI6ICJTdWdnZXN0ZWQgQ29udGVudCAoV2Vla2x5KSBBd2Vzb21lIiwgInVAllstate email.allstate.com /vdesk/hangup.php3 ValueClick
Media cdn.fastclick.net/js/adcodes/pubcode.min.js?sid=9991&media_id=6&media_type=8&version=1.4&Allstate myaccount.allstate.com /anon/login/login.aspx Xaxis oascentral.comcast.net/RealMedia/ads/adstream_jx.ads/comcast.net/com-‐hp/cc00000001/11405520866839@Allstate webmail.allstate.com /owa/ Constant
Contact r20.rs6.net/on.jsp?ca=c271e5bd-‐d711-‐4a30-‐82c1-‐0c83d0cdc0e4&a=1102427229882&d=1118024635340&Allstate drivewise.allstate.com /dw/drivewise/common/login NetSeer cmi.netseer.com/redirect?ex=27&t=16
Company Secure
Host Secure
Path Tag Non-‐Secure
Tag
URL
Hawaiian
Air apps.hawaiianairlines.com/MyHawaiianMiles/MyTrips/MaBnraidggeeTTrirpa.cakspx ads.bridgetrack.com/a/i/?BT_CON=15&BT_PID=1657729&BT_Ext=ORI%3D%26DES%3D%26PAX%3D0%Hawaiian
Air apps.hawaiianairlines.com/myhawaiianmiles/Login.aspx Intermarkets cdn.intermarkets.net/u/Intermarkets/AdFeedback/processAdFeedback.js
Hawaiian
Air apps.hawaiianairlines.com/myhawaiianmiles/MyTrips/MaBnraigdegTerTirpa.ackspx ads.bridgetrack.com/a/i/?BT_CON=15&BT_PID=1657729&BT_Ext=ORI%3D%26DES%3D%26PAX%3D0%Hawaiian
Air checkin.hawaiianairlines./cwomci/start Media
Innovation
Group b3.mookie1.com/2/LB/4459175926@x96?
Hawaiian
Air partners.hawaiianairlines/.pcoagmes/rewards/shopListing.aspAxdometry log.dmtry.com/138091/0/2973/109753508/57743978/56157/0/0/0/1.ver?at=p&d=Post&ta=0&tp=Hawaiian
Air www.hawaiianairlines.co/mhawaiianmiles/pages/frequentA-‐fdlyzeerr-‐kmiles-‐membership-‐levestlsa.taics.paxdzerk.net/reddit/ads.html?sr=-‐reddit.com,loggedin&bust2#http://www.reddit.com
Hawaiian
Air apps.hawaiianairlines.com/myhawaiianmiles/Login.aspx Quantcast widget.quantcast.com/user/widgetImage?domain=drudgereport.com&widget=10&timeWidth=1&Hawaiian
Air checkin.hawaiianairlines./cwomci/start Atlas view.atdmt.com/jaction/HA_Special_Offers_Page
Hawaiian
Air fly.hawaiianairlines.com /reservations/1/FlightPrices.aspDxoubleClick www.googletagservices.com/tag/js/gpt.js
Hawaiian
Air fly.hawaiianairlines.com /reservations/1/FlightPrices.aspLxiveRail ad4.liverail.com/?LR_PUBLISHER_ID=1912&LR_SCHEMA=vast2-‐VPAID&LR_ADMAP=in%3A%3A0&LR_Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
28
Raw Data Sample:
*Based on a 7/14/14 - 8/14/14 Ghostery Inc. Security Study
29. Company Secure
Host Secure
Path Tag Non-‐Secure
Tag
URL
Walmart affiliates.walmart.com / LinkShare merchant.linksynergy.com/fs/banners/2149/2149_10003964.jpg
Walmart corporate.walmart.com /privacy-‐security/ MediaMath pixel.mathtag.com/event/js?mt_id=366527&mt_adid=116823&v1=&v2=&v3=&s1=&s2=&s3=
Walmart savingscatcher.walmart.c/odmashboard Gravity
Insights i.api.grvcdn.com/personalization/fonts/SourceSansPro/sourcesanspro-‐bold-‐webfont.svg#source_sans_Walmart www.walmart.com /cart2/cart.do Adometry log.dmtry.com/873028/0/3687/75727622/56074393/635261/0/0/0/1.ver?at=p&d=Post&ta=0&tp=100&Walmart www2.walmart.com /wmflows/checkout DoubleClick
Spotlight pubads.g.doubleclick.net/activity;dc_iu=/55875582/Walmart-‐US/Commerce/Order_Confirmation;ord=Walmart corporate.walmart.com /_submit/feedback MediaMath pixel.mathtag.com/event/js?mt_id=366527&mt_adid=116823&v1=&v2=&v3=&s1=&s2=&s3=
Walmart corporate.walmart.com /contact-‐us/store-‐corporate-‐feeMdbeadciakMath pixel.mathtag.com/event/js?mt_id=366527&mt_adid=116823&v1=&v2=&v3=&s1=&s2=&s3=
Walmart survey.walmart.com /WMExp/Processor BrightRoll vast.bp3848655.btrll.com/vast/3848655?n=471386826&br_w=400&br_h=300&br_source=i&br_adtype=Walmart www.walmart.com /cart2/cart.do Omniture
(Adobe
Analytics) i2.walmartimages.com/webanalytics/omniture/s_code.js
Walmart classrooms.walmart.com/lists/61-‐Middle-‐School-‐SupplieEs-‐xLpisetrian
Marketing
Services d.audienceiq.com/r/dd/id/L21rdC80NC9jaWQvMjQ4NDMzMDMvdC8yL2NhdC8yNTMwMTgwNA
Company Secure
Host Secure
Path Tag Non-‐Secure
Tag
URL
Wells
Fargo billpay.wellsfargo.com /billpay/application/EBillFrameBlueKai tags.bkrtx.com/js/bk-‐coretag.js
Wells
Fargo connect.secure.wellsfarg/op.caoymments/channel/viewTransfgeerCooPnlufgirimn www.geoplugin.net/json.gp?jsoncallback=fn
Wells
Fargo icomplete.wellsfargo.com/oas/status/details Intermarkets cdn.intermarkets.net/u/Intermarkets/AdFeedback/processAdFeedback.js
Wells
Fargo oam.wellsfargo.com /oam/access/challengeRegistraTtiwonitSteetru
BpaDdigspelay urls.api.twitter.com/1/urls/count.json?url=https://oam.wellsfargo.com/oam/access/challengeRegistrationSetupDisplay?Wells
Fargo online.wellsfargo.com /das/cgi-‐bin/session.cgi Adcash www.adcash.com/script/java.php?option=rotateur&r=168413
Wells
Fargo online.wellsfargo.com /das/cgi-‐bin/session.cgi Adknowledge cache.blogads.com/37323961/feed.js
Wells
Fargo online.wellsfargo.com /das/cgi-‐bin/session.cgi Advertising.com o.aolcdn.com/ads/adsWrapper.js
Wells
Fargo online.wellsfargo.com /das/cgi-‐bin/session.cgi Amazon
Associates c.amazon-‐adsystem.com/aax2/amzn_ads.js
Wells
Fargo wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp Facebook
Connect connect.facebook.net/en_US/all.js
Wells
Fargo www.wellsfargo.com / AppNexus ib.adnxs.com/tt?id=3341204&cb=DC766C8D720449822546403
Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
29
Raw Data Sample:
*Based on a 7/14/14 - 8/14/14 Ghostery Inc. Security Study
30. Company Secure
Host Secure
Path Tag Non-‐Secure
Tag
URL
WSJ buy.wsj.com /offers/html/offerPrnUpPI.htmlMaxPoint
Interactive mpp.mxptint.net/2/6657/?rnd=2093531899
WSJ customercenter.wsj.com/public/view/login.html Adometry log.dmtry.com/132500/189/3491/1181/330/248925/0/0/0/1.ver?at=p&d=Post&ta=0&tp=81&vd=1&WSJ customercenter.wsj.com/view/home.html ScoreCard
Research
Beacon b.scorecardresearch.com/b?c1=8&c2=6135404&c3=3000&c4=17647&c10=3173401&ns__t=1407940638493&WSJ id.wsj.com /access/509b1a086458232f6e00A0p0p0N2e/xlautsest/login_standalonibe..ahdtmnxls.com/seg?add=1578697&t=2
WSJ id.wsj.com /access/509b1a086458232f6e00In0t0e0g2ra/lla
Ateds
St/clioegnicne_standalondet..hadtmsalfeprotected.com/dt?asId=76efb4d6-‐0d21-‐11e4-‐97b0-‐00259069c34e&tv={c:iwUHX7,pingTime:WSJ portfolio.wsj.com /auth/portfolio_login DoubleClick
Spotlight ad.doubleclick.net/activity;src=1373310;type=rapta615;cat=track812;u=V1-‐ODBmODkzMWQtZDk4YS00ZGQyLTkwNGItYjQ0MDRlNWYyZTc4;WSJ portfolio.wsj.com /marketing Turn r.turn.com/r/beacon?b2=Wg7NDNqjfn8DHtWyTdw0hccfpHiLCI-‐5t5es9XC57Yz3IaLUHmUxgcFB5MDCx9QC9Uh1dG6nBJqBb_WSJ signin.wsj.com /login.asp DoubleClick cm.g.doubleclick.net/pixel?google_nid=bluekai&google_cm&google_sc&a=11&
WSJ subscribe.wsj.com /hpupgrade Turn r.turn.com/r/beacon?b2=iVXhpQdP31vtxinJjuJkZrDXF3ErZ-‐hMvWbQdxD55sT3IaLUHmUxgcFB5MDCx9QCeFl_WSJ www.subscribe.wsj.com/hpheaderlink/ DoubleClick
Spotlight ad.doubleclick.net/activity;src=4327673;met=1;v=1;pid=110089638;aid=283275739;ko=0;cid=58762664;Confidential | Draft for Discussion Purposes Only | © 2014 Ghostery, Inc. All Rights Reserved.
30
Raw Data Sample:
*Based on a 7/14/14 - 8/14/14 Ghostery Inc. Security Study