Tuesday, 1 October 2013

Daily Mail Fail


What looked like an interesting link appeared in my inbox the other day, so I followed it to read the article. The link in question was to a page on the www . thisismoney . co . uk site - owned and operated by the Daily Mail and proud to describe itself as "Financial Website of the year".

I did not expect the Daily Mail to let the facts get in the way of a good story – and this did little to improve my impression of them, however I was surprised at how poor the performance was....and then discovered how poor they really were at IT services.

I noticed that the content continued to load for some time after landing on the page.

Broadbandspeedchecker.co.uk clocks my download speed at 44.95 Mb/s, not bad, although the latency from Maidenhead seems high at 168ms RTT. But the page from the Daily Mail took 47.42 seconds to get to the onload event then continued downloading stuff for a further 42 seconds: 1 minute and 19 seconds to download a single page?

There was only 1.4Mb of data in total, but split across no less than 318 requests across 68 domains, including 12 404s from *.dailymail.co.uk, erk!

But digging further I found that the site did not just perform badly – it's probably illegal.

In addition to (what appears to be) the usual 4 Google Analytics cookies, my browser also acquired session cookies from .thisismoney.co.uk, .rubiconproject.com, b3-uk.mookie1.com (x2), .crwdcntrl.net (x2) and.......129 cookies with future expiry dates.

FFS!

(a full list appears below)

For the benefit of any readers outside the European Union, member countries must all implement a set of LAWS (not rules, or guidelines) regarding the use of any data stored on a computer, including cookies. In the UK, these are described by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, which websites were required to implement in 2012.

Did the Daily Mail inform me that it was going to store these cookies?

No

Did the Daily Mail ask for my consent to store these cookies?

No

Did the Daily Mail provide any information about cookies on the page?

No

Did the Daiy mail provide a link to their privacy policy on the page?

Yes, in teeny-weeny text – the very last visible element on the page.

Did the Daily Mail offer me a chance to opt-out of accepting the cookies?

No

Is this a world record?

Maybe?



In the absence of any means to tell the Daily Mail I don't want their cookies via their website, I thought I would use the method built into my browser (although the cookie law does require that I should not have to jump through these hoops for compliance). So I enabled the do-not-track feature in Firefox deleted the cookies and cache, hit the reload button, waited a further 44 seconds (my ISP has transparent caching).....


Can you guess what happenned next?


All the cookies came back again.

The challenge

Do you know of a worse site than this for dumping cookies? Add a comment and a link to your analysis and I'll publish it.


Addendum

All the non-expiring cookies

(name host and expiry)

asi_segs .thisismoney.co.uk Tue, 29 Oct 2013 20:57:03 GMT
cto_dailymail .thisismoney.co.uk Thu, 31 Oct 2013 22:56:33 GMT
rsi_segs .thisismoney.co.uk Tue, 29 Oct 2013 20:57:03 GMT
s_pers .thisismoney.co.uk Thu, 01 Oct 2015 20:56:34 GM
camp_freq_p1 .invitemedia.com Sat, 16 Aug 2014 22:42:57 GMT
conversions .invitemedia.com Mon, 02 Jun 2014 15:53:53 GMT
dp_rec .invitemedia.com Fri, 06 Jun 2014 20:55:58 GMT (nice job escaping those nasty double quotes, guys!)
exchange_uid .invitemedia.com Fri, 06 Jun 2014 20:55:58 GMT
impressions_p1 .invitemedia.com Sat, 16 Aug 2014 22:42:57 GMT
io_freq_p1 .invitemedia.com Sat, 16 Aug 2014 22:42:57 GMT
partnerUID .invitemedia.com Thu, 25 Sep 2014 20:29:33 GMT
segments_p1 .invitemedia.com Mon, 30 Jun 2014 21:34:52 GMT
uid .invitemedia.com Wed, 08 Jan 2014 13:59:25 GMT
OAX .nexac.com Sun, 21 Dec 2014 23:35:46 GMT
na_tc .nexac.com Sun, 30 Nov 2014 22:00:01 GMT
pux tap2-cdn.rubiconproject.com Mon, 30 Dec 2013 20:57:12 GMT
IMRID .imrworldwide.com Thu, 01 Oct 2015 20:57:12 GMT
V5 .imrworldwide.com Thu, 01 Oct 2015 20:57:12 GMT
AA002 .atdmt.com Thu, 01 Oct 2015 00:00:01 GMT
MUID .atdmt.com Thu, 01 Oct 2015 00:00:01 GMT

2 sets of the following cookies from .crwdcntrl.net (dropped by different hosts)
_cc_aud .crwdcntrl.net Sat, 28 Jun 2014 20:57:21 GMT
_cc_cc .crwdcntrl.net Sat, 28 Jun 2014 20:57:21 GMT
_cc_id .crwdcntrl.net Sat, 28 Jun 2014 20:57:21 GMT

2 sets of the following cookies from .turn.com (dropped by different hosts)
fc .turn.com Sun, 23 Mar 2014 22:16:30 GMT
rds .turn.com Sun, 30 Mar 2014 20:57:17 GMT
rrs .turn.com Sun, 30 Mar 2014 20:57:17 GMT
rv .turn.com Sun, 30 Mar 2014 20:57:17 GMT
uid .turn.com Sun, 30 Mar 2014 20:57:16 GMT

2 sets of the following cookies from .mookie1.com (dropped by different hosts)
OAX .mookie1.com Fri, 31 Oct 2014 20:57:45 GMT
RMFL .mookie1.com Tue, 30 Jun 2015 21:31:02 GMT
RMFS .mookie1.com Thu, 01 Oct 2015 20:56:54 GMT
gookie .mookie1.com Tue, 12 Nov 2013 19:46:51 GMT
id .mookie1.com Fri, 31 Oct 2014 20:57:45 GMT
mdata .mookie1.com Fri, 31 Oct 2014 20:57:45 GMT

3 sets of the following cookies from .adnxs.com (dropped by different hosts)
anj .adnxs.com Mon, 30 Dec 2013 21:07:50 GMT
icu .adnxs.com Mon, 30 Dec 2013 20:57:09 GMT
sess .adnxs.com Wed, 02 Oct 2013 21:08:24 GMT
uuid2 .adnxs.com Mon, 30 Dec 2013 21:08:24 GMT

3 sets of the following cookies from .rubiconproject.com (dropped by different hosts)
au .rubiconproject.com Wed, 29 Sep 2021 20:56:51 GMT
cd .rubiconproject.com Wed, 01 Oct 2014 20:57:41 GMT
csi10 .rubiconproject.com Tue, 08 Oct 2013 20:57:09 GMT
csi15 .rubiconproject.com Tue, 08 Oct 2013 20:57:09 GMT
csi2 .rubiconproject.com Tue, 08 Oct 2013 20:57:09 GMT
lm .rubiconproject.com Wed, 01 Oct 2014 20:56:53 GMT
put_1185 .rubiconproject.com Sat, 30 Nov 2013 20:57:18 GMT
put_1430 .rubiconproject.com Sun, 30 Mar 2014 20:57:17 GMT
put_1986 .rubiconproject.com Thu, 31 Oct 2013 20:57:41 GMT
put_1994 .rubiconproject.com Thu, 31 Oct 2013 20:56:52 GMT
put_2021 .rubiconproject.com Thu, 31 Oct 2013 20:57:17 GMT
put_2046 .rubiconproject.com Mon, 30 Dec 2013 20:56:54 GMT
put_2081 .rubiconproject.com Thu, 31 Oct 2013 20:56:52 GMT
put_2101 .rubiconproject.com Thu, 31 Oct 2013 21:07:23 GMT
put_2181 .rubiconproject.com Tue, 15 Oct 2013 21:07:23 GMT
put_2307 .rubiconproject.com Thu, 31 Oct 2013 21:07:21 GMT
put_2494 .rubiconproject.com Mon, 30 Dec 2013 21:07:22 GMT
put_2731 .rubiconproject.com Thu, 31 Oct 2013 20:56:52 GMT
rpb .rubiconproject.com Thu, 31 Oct 2013 21:07:23 GMT
ruid .rubiconproject.com Mon, 30 Dec 2013 20:56:45 GMT
ses10 .rubiconproject.com Wed, 02 Oct 2013 07:00:01 GMT
ses15 .rubiconproject.com Wed, 02 Oct 2013 07:00:01 GMT
ses2 .rubiconproject.com Wed, 02 Oct 2013 07:00:01 GMT
rdk .rubiconproject.com Tue, 01 Oct 2013 20:58:09 GMT
rdk10 .rubiconproject.com Tue, 01 Oct 2013 20:56:55 GMT
rdk15 .rubiconproject.com Tue, 01 Oct 2013 20:56:56 GMT
rdk2 .rubiconproject.com Tue, 01 Oct 2013 20:57:19 GMT


Another set of something which looks like Google Analytics cookies from www.dianomioffers.co.uk, 2 sets of Google Oauth Cookies

No comments:

Post a Comment