[This thread was originally published at Mastodon and Twitter]

In 2021 german publishers and shops widely started to use a cookieless tracking technology.

It’s based on your e-mail and login information, so you should know about it. Especially as you are even tracked without login.

How identity providers work
Identity Providers are basically recording your login and sharing this information with other pages. Here GMX sends your login ID „tpid“ to Adition which shares its own cookie with several ad tech companies using a classic cookie matching. In this case only with your consent.

Publishers like Spiegel Online, BILD and SPORT1 track households based on the IP address (with consent).

The ID in the screenshot is stable against deleting cookies, changing browsers and devices. It probably gets long term persistence by logins from other household members.

Not all pages are asking for consent. Here you can see gutefrage.net working together with Berlin based startup Zeotap to send the hashed e-mail from a login to Google, Xandr, Mediamath, Adition and The Trade Desk.

Regarding privacy, everything is lost now.

In this video Zeotap founder Daniel Herr explains a interesting part of his business model: Selling behavioural data from marketplaces like Autoscout24 to automotive brands like BMW. Publishers using Zeotap are getting paid for this insights, writes BVDW.

https://www.youtube.com/watch?v=mrZ0HLd0LsI&t=81s

Here we can see how the hashed e-mail from your autoscout login is transferred to Zeotap without your consent.

This data is probably part of the automotive interest data that Zeotap is trying to sell on audience marketplaces.

Now it’s getting criminal:
Watch the biggest identity provider Liveramp stealing a e-mail address from a hidden login field without consent.
It was prefilled by the default Firefox password manager.

Read more about this interconnected login matrix in my in-depth article at Kuketzblog or in a easy understandable version in the newspaper Süddeutsche Zeitung (both German).