document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-03 23:40:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

翻译完成

Browse Source
This commit is contained in:
chen ni 2019-12-25 19:04:11 +08:00 committed by GitHub
parent 0435c78fdd
commit e329b96dcb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 43 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
sources/tech/20191218 How tracking pixels work.md
View File

@ -7,98 +7,90 @@
[#]: via: (https://jvns.ca/blog/how-tracking-pixels-work/)
[#]: author: (Julia Evans https://jvns.ca/)
How tracking pixels work
追踪像素是如何工作的?
======
I spent some time talking to a reporter yesterday about how advertisers track people on the internet. We had a really fun time looking at Firefoxs developer tools together (Im not an internet privacy expert, but I do know how to use the network tab in developer tools!) and I learned a few things about how tracking pixels actually work in practice!
昨天,我和一名记者谈到了一个问题:广告商是如何在互联网上对人们进行追踪的?我们津津有味地查看了 Firefox 的开发者工具虽然我不是一个互联网隐私专家但至少还会使用开发者工具中的“network”标签页从中我终于弄明白追踪像素在实际中是如何工作的了。
### the question: how does Facebook know that you went to Old Navy?
### 问题Facebook 怎么知道你逛了 Old Navy
I often hear about this slightly creepy internet experience: youre looking at a product online, and a day later see an ad for the same boots or whatever that you were looking at. This is called “retargeting”, but how does it actually work exactly in practice?
我时常听人们说起这种有些诡异的上网经历:你在线上浏览了一个商品,一天之后,竟然看到了同一款靴子(或者是别的什么你当时浏览的商品)的广告。这就是所谓的“再营销”,但它到底是如何实现的呢?
In this post well experiment a bit and see exactly how Facebook can know what products youve looked at online! Im using Facebook as an example in this blog post just because its easy to find websites with Facebook tracking pixels on them but of course almost every internet advertising company does this kind of tracking.
在本文中,我们来进行一个小实验,看看 Facebook 究竟是怎么知道你在线上浏览了什么商品的。这里使用 Facebook 作为示例,只是因为很容易找到投放了 Facebook 追踪像素的网站;其实,几乎所有互联网广告公司都会使用类似的追踪技术。
### the setup: allow third party trackers, turn off my adblocker
### 准备:允许第三方追踪器,同时关闭广告拦截器
I use Firefox, and by default Firefox blocks a lot of this kind of tracking. So I needed to modify my Firefox privacy settings to get this tracking to work.
我使用的浏览器是 Firefox但是 Firefox 默认拦截了很多这种类型的追踪,所以需要修改 Firefox 的隐私设置,才能让这种追踪生效。
I changed my privacy settings from the default ([screenshot][1]) to a custom setting that allows third-party trackers ([screenshot][2]). I also disabled some privacy extensions I usually have running.
首先,我将隐私设置从默认设置([截图][1])修改为允许第三方追踪器的个性化设置([截图][2]),然后禁用了一些平时运行的隐私保护扩展。
### tracking pixels: its not the gif, its the query parameters
### 追踪像素:关键不在于 gif而在于请求参数
A tracking pixel is a 1x1 gif that sites use to track you. By itself, obviously a tiny 1x1 gif doesnt do too much. So how do tracking pixels track you? 2 ways:
追踪像素是网站用来追踪你的一个 1x1 大小的 gif。就其本身而言一个小小的 1x1 gif 显然起不到什么作用。那么,追踪像素到底是如何进行追踪的?其中涉及两个方面:
1. Sites use the **query parameters** in the tracking pixel to add extra information like the URL of the page youre visiting. So instead of just requesting `https://www.facebook.com/tr/` (which is a 44-byte 1x1 gif), itll request `https://www.facebook.com/tr/?the_website_you're_on`. (email marketers use similar tricks to figure out if youve opened an email, by giving the tracking pixel a unique URL)
2. Sites send **cookies** with the tracking pixel so that they can tell that the person who visited oldnavy.com is the same as the person whos using Facebook on the same computer.
1. 通过使用追踪像素上的**请求参数**,网站可以添加额外的信息,比如你正在访问的页面。这样一来,请求的就不是 `https://www.facebook.com/tr/`(这个链接是一个 44 字节大小的 1x1 gif而是 `https://www.facebook.com/tr/?the_website_you're_on`。(邮件营销人员会使用类似的技巧,通过为追踪像素指定一个独特的 URL弄清楚你是否打开了某一封邮件。
2. 在发送该请求的同时,还发送了相应的 cookie。这样一来广告商就可以知道访问 oldnavy.com 的这个人和在同一台电脑上使用 Facebook 的是同一个人。
### Old Navy 网站上的 Facebook 追踪像素
为了对此进行验证,我在 Old NavyGAP 旗下的一个服装品牌网站上浏览了一个商品相应的URL是 [https://oldnavy.gap.com/browse/product.do?pid=504753002&cid=1125694&pcid=1135640&vid=1&grid=pds_0_109_1][3](这是一件“男款短绒格子花呢大衣”)。
### the Facebook tracking pixel on Old Navys website
To test this out, I went to look at a product on the Old Navy site with the URL [https://oldnavy.gap.com/browse/product.do?pid=504753002&cid=1125694&pcid=1135640&vid=1&grid=pds_0_109_1][3] (a “Soft-Brushed Plaid Topcoat for Men”).
When I did that, the Javascript running on that page (presumably [this code][4]) sent a request to facebook.com that looks like this in Developer tools: (I censored most of the cookie values because some of them are my login cookies :) )
在我浏览这个商品的同时,页面上运行的 Javascript用的应该是[这段代码][4])向 facebook.com 发送了一个请求。在开发者工具中,该请求看上去是这样的:(我屏蔽了大部分 cookie 值,因为其中有一些是我的登录 cookie
![][5]
Lets break down whats happening:
下面对其进行拆解分析:
1. My browser sends a request to ` https://www.facebook.com/tr/?id=937725046402747&ev=PageView&dl=https%3A%2F%2Foldnavy.gap.com%2Fbrowse%2Fproduct.do%3Fpid%3D504753002%26cid%3D1125694%26pcid%3Dxxxxxx0%26vid%3D1%26grid%3Dpds_0_109_1%23pdp-page-content&rl=https%3A%2F%2Foldnavy.gap.com%2Fbrowse%2Fcategory.do%3Fcid%3D1135640%26mlink%3D5155%2Cm_mts_a&if=false&ts=1576684838096&sw=1920&sh=1080&v=2.9.15&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1576684798512.1946041422&it=15xxxxxxxxxx4&coo=false&rqm=GET`
2. With that request, it sends a cookie called `fr` which is set to `10oGXEcKfGekg67iy.AWVdJq5MG3VLYaNjz4MTNRaU1zg.Bd-kxt.KU.F36.0.0.Bd-kx6.` (which I guess is my Facebook ad tracking ID)
1. 我的浏览器向 ` https://www.facebook.com/tr/?id=937725046402747&ev=PageView&dl=https%3A%2F%2Foldnavy.gap.com%2Fbrowse%2Fproduct.do%3Fpid%3D504753002%26cid%3D1125694%26pcid%3Dxxxxxx0%26vid%3D1%26grid%3Dpds_0_109_1%23pdp-page-content&rl=https%3A%2F%2Foldnavy.gap.com%2Fbrowse%2Fcategory.do%3Fcid%3D1135640%26mlink%3D5155%2Cm_mts_a&if=false&ts=1576684838096&sw=1920&sh=1080&v=2.9.15&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1576684798512.1946041422&it=15xxxxxxxxxx4&coo=false&rqm=GET` 发送了一个请求;
2. 与该请求同时发送的,还有一个名为 `fr` 的 cookie取值为 `10oGXEcKfGekg67iy.AWVdJq5MG3VLYaNjz4MTNRaU1zg.Bd-kxt.KU.F36.0.0.Bd-kx6.`(估计是我的 Facebook 广告追踪 ID
在所发送的追踪像素查询字符串里,有三个值得注意的地方:
* 我当前访问的页面:[https://oldnavy.gap.com/browse/product.do?pid=504753002&cid=1125694&pcid=1135640&vid=1&grid=pds_0_109_1#pdp-page-content][6]
* 引导我来到当前页面的上一级页面:[https://oldnavy.gap.com/browse/category.do?cid=1135640&mlink=5155,m_mts_a][7]
* 作为我的身份标识的 cookie`10oGXEcKfGekg67iy.AWVdJq5MG3VLYaNjz4MTNRaU1zg.Bd-kxt.KU.F36.0.0.Bd-kx6.`
So the three most notable things that are being sent in the tracking pixel query string are:
### 下面来逛逛 Facebook
* the page I visited: [https://oldnavy.gap.com/browse/product.do?pid=504753002&cid=1125694&pcid=1135640&vid=1&grid=pds_0_109_1#pdp-page-content][6]
* the page that referred me to that page: [https://oldnavy.gap.com/browse/category.do?cid=1135640&mlink=5155,m_mts_a][7]
* an identifier cookie for me: `10oGXEcKfGekg67iy.AWVdJq5MG3VLYaNjz4MTNRaU1zg.Bd-kxt.KU.F36.0.0.Bd-kx6.`
下面来逛逛 Facebook 吧。我之前已经登入了 Facebook猜猜看我的浏览器发送给 Facebook 的 cookie 是什么?
不出所料,正是之前见过的 `fr` cookie`10oGXEcKfGekg67iy.AWVdJq5MG3VLYaNjz4MTNRaU1zg.Bd-kxt.KU.F36.0.0.Bd-kx6.`。Facebook 现在一定知道我Julia Evans这个 Facebook 账号所关联的人)在几分钟之前访问了 Old Navy 网站,并且浏览了“男款短绒格子花呢大衣”,因为他们可以使用这个 cookie 将数据串联起来。
### 这里涉及到的是第三方 cookie
### now lets visit Facebook!
Facebook 用来追踪我访问了哪些网站的 cookie属于所谓的“第三方 cookie”因为 Old Navy 的网站使用它为一个第三方(即 facebook.com确认我的身份。这和用来维持登录状态的“第一方 cookie”有所不同。
Next, lets visit Facebook, where Im logged in. What cookies is my browser sending Facebook?
Safari 和 Firefox 默认都会拦截许多第三方 cookie所以需要更改 Firefox 的隐私设置,才能够进行这个实验),而 Chrome 目前并不进行拦截(很可能是因为 Chrome 的所有者正是一个广告公司)。
Unsurprisingly, its the same `fr` cookie from before: `10oGXEcKfGekg67iy.AWVdJq5MG3VLYaNjz4MTNRaU1zg.Bd-kxt.KU.F36.0.0.Bd-kx6.`. So Facebook now definitely knows that I (Julia Evans, the person with this Facebook account) visited the Old Navy website a couple of minutes ago and looked at a “Soft-Brushed Plaid Topcoat for Men”, because they can use that identifier to match up the data.
### 网站上有很多追踪像素
### these cookies are third-party cookies
如我所料,网站上有 **很多** 追踪像素。比如wrangler.com 在我的浏览器里加载了来自不同域的 19 个不同的追踪像素。wrangler.com 上的追踪像素分别来自:`ct.pinterest.com`、`af.monetate.net`、`csm.va.us.criteo.net`、`google-analytics.com`、`dpm.demdex.net`、`google.ca`、`a.tribalfusion.com`、`data.photorank.me`、`stats.g.doubleclick.net`、`vfcorp.dl.sc.omtrdc.net`、`ib.adnxs.com`、`idsync.rlcdn.com`、`p.brsrvr.com`,以及`adservice.google.com`。
The `fr` cookie that Facebook is using to track what websites I go to is called a “third party cookie”, because Old Navys website is using it to identify me to a third party (facebook.com). This is different from first-party cookies, which are used to keep you logged in.
Safari and Firefox both block many third-party cookies by default (which is why I had to change Firefoxs privacy settings to get this experiment to work), and as of today Chrome doesnt (presumably because Chrome is owned by an ad company).
### sites have lots of tracking pixels
Like I expected, sites have **lots** of tracking pixels. For example, wrangler.com loaded 19 different tracking pixels in my browser from a bunch of different domains. The tracking pixels on wrangler.com came from: `ct.pinterest.com`, `af.monetate.net`, `csm.va.us.criteo.net`, `google-analytics.com`, `dpm.demdex.net`, `google.ca`, `a.tribalfusion.com`, `data.photorank.me`, `stats.g.doubleclick.net`, `vfcorp.dl.sc.omtrdc.net`, `ib.adnxs.com`, `idsync.rlcdn.com`, `p.brsrvr.com`, and `adservice.google.com`.
For most of these trackers, Firefox helpfully pointed out that it would have blocked them if I was using the standard Firefox privacy settings:
Firefox 贴心地指出,如果使用 Firefox 的标准隐私设置,其中的大部分追踪器都会被拦截:
![][8]
### why browsers matter
### 浏览器的重要性
The reason browsers matter so much is that your browser has the final word on what information it sends about you to which websites. The Javascript on the Old Navys website can ask your browser to send tracking information about you to Facebook, but your browser doesnt have to do it! It can decide “oh yeah, I know that facebook.com/tr/ is a tracking pixel, I dont want my users to be tracked, Im just not going to send that request”.
浏览器之所以如此重要是因为你的浏览器最终决定了发送你的什么信息、发送到哪些网站。Old Navy 网站上的 Javascript 可以请求你的浏览器向 Facebook 发送关于你的追踪信息,但浏览器可以拒绝执行。浏览器的决定可以是:“哈,我知道 facebook.com/tr/ 是一个追踪像素,我不想让我的用户被追踪,所以我不会发送这个请求”。
And it can make that behaviour configurable by changing browser settings or installing browser extensions, which is why there are lots of privacy extensions.
浏览器还可以允许用户对上述行为进行配置,方法包括更改浏览器设置,以及安装浏览器扩展(所以才会有如此多的隐私保护扩展)。
### its fun to see how this works!
### 摸清其中原理,实为一件趣事
I think its fun to see how cookies / tracking pixels are used to track you in practice, even if its kinda creepy! I sort of knew how this worked before but Id never actually looked at the cookies on a tracking pixel myself or what kind of information it was sending in its query parameters exactly.
在我看来,弄清楚 cookie / 追踪像素是怎么用于对你进行追踪的,实在是一件趣事(尽管显得有点阴险)。我之前大概明白其中的道理,但是并没有亲自查看过追踪像素上的 cookie也没有看过发送的查询参数上究竟包含什么样的信息。
And if you know how it works, its a easier to figure out how to be tracked less!
当然,明白了其中的原理,也就更容易降低被追踪的概率了。
### what can you do?
### 可以采取的措施
I do a few small things to get tracked on the internet a little less:
为了尽量避免在互联网上被追踪,我采取了几种简单的措施:
* install an adblocker (like ublock origin or something), which will block a lot of tracker domains
* use Firefox/Safari instead of Chrome (which have stronger default privacy settings right now)
* use the [Facebook Container][9] Firefox extension, which takes extra steps to specifically prevent Facebook from tracking you
* 安装一个广告拦截器(比如 ublock origin 之类)。广告拦截器可以对许多追踪器的域进行拦截。
* 使用目前默认隐私保护强度更高的 Firefox/Safari而不是 Chrome。
* 使用 [Facebook Container][9] 这个 Firefox 扩展。该扩展针对 Facebook 进一步采取了防止追踪的措施。
There are still lots of other ways to be tracked on the internet (especially when using mobile apps where you dont have the same kind of control as with your browser), but I like understanding how this one method of tracking works and think its nice to be tracked a little bit less.
虽然在互联网上被追踪的方式还有很多(尤其是在使用手机应用的时候,因为在这种情况下,你没有和像对浏览器一样的控制程度),但是能够理解这种追踪方法的工作原理,稍微减少一些被追踪的可能性,也总归是一件好事。
--------------------------------------------------------------------------------