Page 1 of 2 12 LastLast
Results 1 to 25 of 37
  1. #1
    Newbie
    Join Date
    January 18th, 2005
    Posts
    46
    One, of my top affiliates, has recently asked if I would place a 1x1 tracking pixel in my order confirmation page so they can better optimize their campaigns. The pixel code is something like this:

    <img src="http://servedby.advertising.com/action/type=6576778467/bins=1/rich=0/mnum=2216/logs=0" height=1 width=1 border=0>

    Browsing to that, gives you the source of 'GIF89a'yyyyAAA!uT;'. With some of those characters different but they wouldnt copy across.

    I am hesitant to insert the code, but am I over reacting? Could this be a security risk or ive them a way to change the code later? What do you think?

    They are valued affiliates, who we've never had any issues with.

    Your comments?

    Thanks

  2. #2
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    If it's only an image like in your example, they will get a count of how many sales a day you get which I don't think you should divulge even to your best affiliate. If it's a bit more code involved than just the image (have to see the actual code) they could be pulling your sales data, customer info, and sales per day like network tracking pixels do. Privacy issues relating to your customer base aside, you'd once again be giving proprietary sales information about your company away again.

    The bottom line is that the affiliate:
    a) doesn't trust you or the tracking platform you use, and/or
    b) wants proprietary information about your sales and/or customers

    ... neither of which are good!
    Continued Success,

    Haiko
    The secret of success is constancy of purpose ~ Disraeli

  3. #3
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    I think Haiko is a bit too skeptical here.

    The third possibility is that:

    c) The affiliate wants to be able to better optimize his campaigns.

    There's absolutely no security risk of inserting a 1x1 pixel code. They can't change anything on your site or access anything you don't specifically pass them in the URL. This method is used by many companies. You probably use a tracking on your confirmation page to notify your affiliate network of a sale. Your affiliates probably use a tracking image so you can track impressions. Google and Overture's conversion tracking routines use a tracking image.

    It WILL tell the affiliate how many impressions you get on your confirmation page, and that may be an issue to you.

    From your confirmation page, are you able to determine who the affiliate is? If so, your best alternative would be to insert that code only if the shopper came from that affiliate.

    One other note: If our confirmation page is on a secure site, the image should also be on a secure site (i.e. either both should be http: or both should be https.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  4. #4
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Argentina
    Posts
    513
    I have always wondered why networks can't offer something like this, they day a network can offer this, will be a greaaat advantage, affiliates could track sales integrated into traffic analysis and PPC engines automatically.

    Conversion data will come widely used and traffic and sales will be incremented due to knowledge of converting traffic now only known by advanced affiliates like me that use codified SIDs to relate traffic details, sources and keywords into sales without exposing user data to the network and merchant.

    Adwords and Overture conversion tracking could also be used widely by affiliates, campaigns would be really performance based, and expanded easily based on VISIBLE ROI. In the mean time I outperform all those affiliates without these knowledge or skills.

    HAIKO, I think you are being a little negative, because you missed the only but important possitive issue here...

    To the merchant, asking, you could allow an IMG and divide your sales into different confirmation pages, one for internal and one for affiliates, this way, you will not be exposing the number of total sales.
    Fer(nando) - US & EU Marketing

  5. #5
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    I would hate to be a customer having just bought a product then having to wait for 2,000 or 10,000 1x1 pixel images to load, the mind boggles.

    No sorry leave it as it is, if they need stats let them set them up on their own pages. We do not want to start anything that may in the future open up another method of stealing for the parasitic scum.
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  6. #6
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by Fer:
    I have always wondered why networks can't offer something like this <HR></BLOCKQUOTE>WOW! What an incredible idea!

    This would be INCREDIBLY easy for some networks to add. Many already function with a sales/conversion tracking image on the merchant's confirmation page. When that image hits the network's server, all they would have to do is look up the code that an affiliate provided and redirect to it. The merchant wouldn't have to change a thing. Talk about INSTANT reporting!

    The number of affiliates who could use such data would be fairly small, but I agree with you that it could be a HUGE benefit to those who could.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  7. #7
    ABW Ambassador buy_online's Avatar
    Join Date
    January 18th, 2005
    Location
    Richmond, VA
    Posts
    3,234
    From a more practical standpoint, they could be setting you up to answer lots of questions you wouldn't normally answer.

    What if their data on traffic disagrees with yours? They will then start asking you why, rather than the reverse.

    Fred

  8. #8
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    I am with Haiko on this.

    Isn't this affiliate already get information when a sale is completed? If he has the tracking pixel, how is he getting additional data about the campaign? Unless it is integrated like sids, there is no unique data passed to the pixel from original sales source etc.

    That, and this would violate almost every merchant's privacy policy. Which no one seems to take seriously with the personal sales info always being posted on here. But people with posted privacy policies should take them seriously.

    Chet

  9. #9
    Newbie
    Join Date
    January 18th, 2005
    Posts
    24
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> There's absolutely no security risk of inserting a 1x1 pixel code. They can't change anything on your site or access anything you don't specifically pass them in the URL. <HR></BLOCKQUOTE>

    No, but they'd have access to everything passed during a normal web session (including the customer's IP address, browser, OS, previous page URL, installed plugins, etc.) It could also place a tracking cookie that could then be read from other sites ... and it would allow them to look for a cookie that had been placed by advertising.com previously.

    The real winner, in fact, would be advertising.com ... they would be able to tell from any other page on the web that served up an image call from advertising.com that they had been a customer of yours (and could potentially serve up advertisements based upon that knowledge ... such as an ad from your competitor.)

  10. #10
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    Right, but if that customer came from their site initally, they already had all that information. What I've suggested is that they insert the tracking image only if the affiliate was the source of the traffic. In that case, the only additional information they had would be the URL of confirmation page (which should probably be checked to make sure it doesn't contain personally identifiable information), and anything included in the tracking image URL (which appears to not change).
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  11. #11
    Newbie
    Join Date
    January 18th, 2005
    Posts
    24
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> Right, but if that customer came from their site initally, they already had all that information. <HR></BLOCKQUOTE>

    Well, they didn't have knowledge that this customer actually bought something from that merchant. I'd still be worried about it for the cookie issue.

  12. #12
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    On a lighter note I bet our beloved "trusted third party" CJ would be worried about it from their "tracking is not affected" point of view.
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  13. #13
    The slot machine that IS paid! Billy Kay's Avatar
    Join Date
    January 18th, 2005
    Location
    Small Town in Tennessee
    Posts
    5,226
    For one of my merchants, I get an email every time a sale is made that came from one of my links.

    If he can do it (he never heard the word datafeed until I mentioned it), the majors certainly can!

  14. #14
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> For one of my merchants, I get an email every time a sale is made that came from one of my links.
    <HR></BLOCKQUOTE>

    Yeah, me too. Mine uses Kowabunga, and apparently that's one of the "features" of that software. Thankfully I had the foresight to set up a special email address just to accept those notices.

    Personally I would *not* want all of my merchants doing that. It would make the designated email box useless for anything else!

    @ Adlinking--As for putting the extra pixel on the confirmation page, I'm with Haiko on this. It may have benefits, but I think the downside--or at least, the potential downside--would outweigh them.
    There is no knowledge that is not power. ~Hemingway

  15. #15
    Newbie
    Join Date
    January 18th, 2005
    Posts
    46
    Thanks for your input. I still don't know what I should do. We already provide great stat tracking including impressions, clicks, sales, commissions, graphs, instant email notifications, etc. Which makes me wonder what else they are looking for. We do have a privacy policy and try to uphold the terms we state.

    The only other alternative is to beef up our tracking either internally or through a 3rd party service and provide them with additional reporting options.

    What would you do if one of your top 3 affiliates asked you this question? He is a quality affiliate who has send us up to 8 million impressions in a month. I think at this point I'm leaning toward declining.

  16. #16
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    Coming from an average or new affiliate, I wouldn't even consider it. Coming from one of your top affiliates, if you believe that there are no ulterior motives and you won't be exposing any confidential information, I would jump on the opportunity.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  17. #17
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by adlinking:
    What would you do if one of your top 3 affiliates asked you this question? <HR></BLOCKQUOTE>

    Identify his impetus and then resolve it in other ways.
    Continued Success,

    Haiko
    The secret of success is constancy of purpose ~ Disraeli

  18. #18
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    594
    Just remember, you can execute code through a .gif, including php, asp, and javascript.

  19. #19
    ABW Ambassador cditty's Avatar
    Join Date
    January 18th, 2005
    Location
    Memphis TN
    Posts
    1,434
    IamJaloppy is right. You can execute code from within the gif statement. I have done this in the past and it is not too hard to do. The affiliate would also have all the information that was just posted. ie...CC info, name, address, phone, etc etc etc

    I think this would be a bad idea on the merchants end.

    Chris
    Recycled Talent - Architects of custom scripts and snippets, perfectly written to suit any need. We stay on top of the latest technology so you don't have to.
    Total Stupidity - Shining light on stupid things.

  20. #20
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Tell the clickstream datamining affiliate to take a hike on accessing any part of your checkout stats. Sounds like a request from one of those no web site PPCSE and SERP spamming experts doing keyword leveraging. Bet the same opportunist isn't asking for better creatives like a Product Showcase Creator or dynamic mini showcase pages.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  21. #21
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by IamJaloppy:
    Just remember, you can execute code through a .gif, including php, asp, and javascript. <HR></BLOCKQUOTE><BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by cditty:
    IamJaloppy is right. You can execute code from within the gif statement. I have done this in the past and it is not too hard to do. The affiliate would also have all the information that was just posted. ie...CC info, name, address, phone, etc etc etc <HR></BLOCKQUOTE>You guys are wrong.

    1) You cannot run Javascript through a GIF.
    2) You will only have access to personally identifiable information if it's in the URL or in the reference to the GIF.

    You CAN excecute code to generate the GIF and thus get access to very basic information (the referring URL and a few other things), but that's it.

    Think about it... If you could get more information, what would stop people from posting images in message boards and collecting login ID's and passwords? Because you CAN'T. You could see how many impressions there were, what IP addresses they came from, and a few things like that, but you just can't get the information you suggest.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  22. #22
    ABW Ambassador cditty's Avatar
    Join Date
    January 18th, 2005
    Location
    Memphis TN
    Posts
    1,434
    I didn't see the part with the javascript. On that you are right. However, you can grab the post and/or get information. Since this would be on a confirmation page, chances are, that page would be a post page. With it being a posted page, the cc info would then be available.

    Chris

    ps...The reason it does not happen on message boards with user ids and passwords is becuase when that information is submitted, the user is generally taken to a logged in transition page or the main threads listing page. If the user was taken directly to the message, then there would be nothing to stop it. Also, cookies can't be read as the calling domain (serving the image) would not be the one that set the cookie.
    Recycled Talent - Architects of custom scripts and snippets, perfectly written to suit any need. We stay on top of the latest technology so you don't have to.
    Total Stupidity - Shining light on stupid things.

  23. #23
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    You could get to the GET information (which would be in the referring URL) but not the POST information.

    Let me ask another way: What would keep CJ, Linkshare, or BeFree from getting personal information when merchants include the network tracking code on their confirmation page? It just isn't possible, unless it's in one of two places:

    http://www.merchanturl.com/confirmat...&etc=more_info (In the URL of the confirmation page)

    or

    &lt;img src="http://www.networkurl.com/tracking_code.asp?order=1234&credit_card_no=1234567890123456&etc=more_info" width=1 height=1&gt; (In the IMG SRC)

    Both of these are totally in control of the merchant. As long as you're not putting personal information in either of those places, the merchant is safe.

    Once again, my recommendation is that the merchant put the tracking code on the confirmation page ONLY if the order was sent by the affiliate in question. That protects from having the affiliate see how many orders the merchant receives from other sources.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  24. #24
    Newbie
    Join Date
    January 18th, 2005
    Posts
    46
    I have heard of scumware companies installing their adware using exploits just by loading image files. I do not know the specifics of it, but if it's in the realm of possibilities then inserting the pixel wouldn't be a good plan.

  25. #25
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    No, drive by installs usually exploit Java vulnerabilities. This has absolutely nothing to do with Java.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

+ Reply to Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Is the CJ 1x1 Tracking Pixel Required?
    By wes888 in forum Commission Junction - CJ
    Replies: 6
    Last Post: August 3rd, 2011, 04:20 PM
  2. Question: How can I place a tracking pixel w/CJ
    By RDunzy in forum Commission Junction - CJ
    Replies: 1
    Last Post: August 6th, 2009, 05:26 PM
  3. The 1x1 pixel image
    By kelly626 in forum Commission Junction - CJ
    Replies: 3
    Last Post: February 26th, 2003, 10:22 AM
  4. the 1x1 pixel
    By evilbob in forum Commission Junction - CJ
    Replies: 7
    Last Post: November 12th, 2001, 05:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •