What looked like an interesting link appeared in
my inbox the other day, so I followed it to read the article. The link in question was to a page on the www . thisismoney . co . uk site - owned and operated by the Daily Mail and proud to describe itself as "Financial Website of the year".
I did
not expect the Daily Mail to let the facts get in the way of a good
story – and this did little to improve my impression of them,
however I was surprised at how poor the performance was....and then
discovered how poor they really were at IT services.
I noticed that the content continued to load for
some time after landing on the page.
Broadbandspeedchecker.co.uk clocks my download
speed at 44.95 Mb/s, not bad, although the latency from Maidenhead
seems high at 168ms RTT. But the page from the Daily Mail took 47.42 seconds to get to the
onload event then continued downloading stuff for a further 42
seconds: 1 minute and 19 seconds to download a single page?
There was only 1.4Mb of data in total, but split
across no less than 318 requests across 68 domains, including 12 404s
from *.dailymail.co.uk, erk!
But digging further I found that the site did not
just perform badly – it's probably illegal.
In addition to (what appears to be) the usual 4
Google Analytics cookies, my browser also acquired session cookies
from .thisismoney.co.uk, .rubiconproject.com, b3-uk.mookie1.com
(x2), .crwdcntrl.net (x2) and.......129 cookies with future expiry
dates.
FFS!
(a full list appears below)
For the benefit of any readers outside the
European Union, member countries must all implement a set of LAWS
(not rules, or guidelines) regarding the use of any data stored on a
computer, including cookies. In the UK, these are described by the
Privacy and Electronic Communications (EC Directive) (Amendment)
Regulations 2011, which websites were required to implement in 2012.
Did the Daily Mail inform me that it was going to store these cookies?
No
Did the Daily Mail ask for my consent to store these cookies?
No
Did the Daily Mail provide any information about cookies on the page?
No
Did the Daiy mail provide a link to their privacy policy on the page?
Yes, in teeny-weeny text – the very last visible
element on the page.
Did the Daily Mail offer me a chance to opt-out of accepting the cookies?
No
Is this a world record?
Maybe?
In the absence of any means to tell the Daily Mail
I don't want their cookies via their website, I thought I would use
the method built into my browser (although the cookie law does
require that I should not have to jump through these hoops for
compliance). So I enabled the do-not-track feature in Firefox deleted the cookies and cache, hit the reload button, waited a
further 44 seconds (my ISP has transparent caching).....
Can you guess what happenned next?
All the cookies came back again.
The challenge
Do you know of a worse site than this for dumping cookies? Add a comment and a link to your analysis and I'll publish it.
Addendum
All the non-expiring cookies
(name host and expiry)
asi_segs
.thisismoney.co.uk Tue, 29 Oct 2013 20:57:03 GMT
cto_dailymail
.thisismoney.co.uk Thu, 31 Oct 2013 22:56:33 GMT
rsi_segs
.thisismoney.co.uk Tue, 29 Oct 2013 20:57:03 GMT
s_pers
.thisismoney.co.uk Thu, 01 Oct 2015 20:56:34 GM
camp_freq_p1
.invitemedia.com Sat, 16 Aug 2014 22:42:57 GMT
conversions
.invitemedia.com Mon, 02 Jun 2014 15:53:53 GMT
dp_rec .invitemedia.com
Fri, 06 Jun 2014 20:55:58 GMT (nice job escaping those nasty double
quotes, guys!)
exchange_uid
.invitemedia.com Fri, 06 Jun 2014 20:55:58 GMT
impressions_p1
.invitemedia.com Sat, 16 Aug 2014 22:42:57 GMT
io_freq_p1
.invitemedia.com Sat, 16 Aug 2014 22:42:57 GMT
partnerUID
.invitemedia.com Thu, 25 Sep 2014 20:29:33 GMT
segments_p1
.invitemedia.com Mon, 30 Jun 2014 21:34:52 GMT
uid .invitemedia.com
Wed, 08 Jan 2014 13:59:25 GMT
OAX .nexac.com Sun, 21
Dec 2014 23:35:46 GMT
na_tc .nexac.com Sun,
30 Nov 2014 22:00:01 GMT
pux
tap2-cdn.rubiconproject.com Mon, 30 Dec 2013 20:57:12 GMT
IMRID .imrworldwide.com
Thu, 01 Oct 2015 20:57:12 GMT
V5 .imrworldwide.com
Thu, 01 Oct 2015 20:57:12 GMT
AA002 .atdmt.com Thu,
01 Oct 2015 00:00:01 GMT
MUID .atdmt.com Thu, 01
Oct 2015 00:00:01 GMT
2 sets of the following
cookies from .crwdcntrl.net (dropped by different hosts)
_cc_aud .crwdcntrl.net
Sat, 28 Jun 2014 20:57:21 GMT
_cc_cc .crwdcntrl.net
Sat, 28 Jun 2014 20:57:21 GMT
_cc_id .crwdcntrl.net
Sat, 28 Jun 2014 20:57:21 GMT
2 sets of the following
cookies from .turn.com (dropped by different hosts)
fc .turn.com Sun, 23
Mar 2014 22:16:30 GMT
rds .turn.com Sun, 30
Mar 2014 20:57:17 GMT
rrs .turn.com Sun, 30
Mar 2014 20:57:17 GMT
rv .turn.com Sun, 30
Mar 2014 20:57:17 GMT
uid .turn.com Sun, 30
Mar 2014 20:57:16 GMT
2 sets of the following
cookies from .mookie1.com (dropped by different hosts)
OAX .mookie1.com Fri,
31 Oct 2014 20:57:45 GMT
RMFL .mookie1.com Tue,
30 Jun 2015 21:31:02 GMT
RMFS .mookie1.com Thu,
01 Oct 2015 20:56:54 GMT
gookie .mookie1.com
Tue, 12 Nov 2013 19:46:51 GMT
id .mookie1.com Fri, 31
Oct 2014 20:57:45 GMT
mdata .mookie1.com Fri,
31 Oct 2014 20:57:45 GMT
3 sets of the following
cookies from .adnxs.com (dropped by different hosts)
anj .adnxs.com Mon, 30
Dec 2013 21:07:50 GMT
icu .adnxs.com Mon,
30 Dec 2013 20:57:09 GMT
sess .adnxs.com Wed, 02
Oct 2013 21:08:24 GMT
uuid2 .adnxs.com Mon,
30 Dec 2013 21:08:24 GMT
3 sets of the following
cookies from .rubiconproject.com (dropped by different hosts)
au .rubiconproject.com
Wed, 29 Sep 2021 20:56:51 GMT
cd .rubiconproject.com
Wed, 01 Oct 2014 20:57:41 GMT
csi10
.rubiconproject.com Tue, 08 Oct 2013 20:57:09 GMT
csi15
.rubiconproject.com Tue, 08 Oct 2013 20:57:09 GMT
csi2
.rubiconproject.com Tue, 08 Oct 2013 20:57:09 GMT
lm .rubiconproject.com
Wed, 01 Oct 2014 20:56:53 GMT
put_1185
.rubiconproject.com Sat, 30 Nov 2013 20:57:18 GMT
put_1430
.rubiconproject.com Sun, 30 Mar 2014 20:57:17 GMT
put_1986
.rubiconproject.com Thu, 31 Oct 2013 20:57:41 GMT
put_1994
.rubiconproject.com Thu, 31 Oct 2013 20:56:52 GMT
put_2021
.rubiconproject.com Thu, 31 Oct 2013 20:57:17 GMT
put_2046
.rubiconproject.com Mon, 30 Dec 2013 20:56:54 GMT
put_2081
.rubiconproject.com Thu, 31 Oct 2013 20:56:52 GMT
put_2101
.rubiconproject.com Thu, 31 Oct 2013 21:07:23 GMT
put_2181
.rubiconproject.com Tue, 15 Oct 2013 21:07:23 GMT
put_2307
.rubiconproject.com Thu, 31 Oct 2013 21:07:21 GMT
put_2494
.rubiconproject.com Mon, 30 Dec 2013 21:07:22 GMT
put_2731
.rubiconproject.com Thu, 31 Oct 2013 20:56:52 GMT
rpb .rubiconproject.com
Thu, 31 Oct 2013 21:07:23 GMT
ruid
.rubiconproject.com Mon, 30 Dec 2013 20:56:45 GMT
ses10
.rubiconproject.com Wed, 02 Oct 2013 07:00:01 GMT
ses15
.rubiconproject.com Wed, 02 Oct 2013 07:00:01 GMT
ses2
.rubiconproject.com Wed, 02 Oct 2013 07:00:01 GMT
rdk .rubiconproject.com
Tue, 01 Oct 2013 20:58:09 GMT
rdk10
.rubiconproject.com Tue, 01 Oct 2013 20:56:55 GMT
rdk15
.rubiconproject.com Tue, 01 Oct 2013 20:56:56 GMT
rdk2
.rubiconproject.com Tue, 01 Oct 2013 20:57:19 GMT
Another set of
something which looks like Google Analytics cookies from
www.dianomioffers.co.uk,
2 sets of Google Oauth Cookies
No comments:
Post a Comment