How to Maintain Tag Control & Privacy on University & College Websites

image of aircraft control gauges and dials

How to Maintain Tag Control and Privacy

Our previous post examined the negative impact tags, trackers and beacons have on website performance unless appropriately managed. We used Ghostery’s Trackermaps to visualise the many server requests tags make as a page loads and we showed examples of the growth in page load times as the number of trackers on a site increases.

The current post extends our analysis in three ways:

  • It examines which tags are found on university and college website tags, prompting the question of what are they doing there;
  • It highlights some marked differences between higher education website ‘tagging’ in the UK, US and Canada; and,
  • It points to potential privacy issues that may arise when tags are not carefully managed.

A Brief History of Tags

To provide some context we start with a history lesson.

In the mid-to-late 1990s, as the internet emerged as an e-commerce venue, tags were introduced to measure website activity and advertising effectiveness. The first generation of tags were small, transparent image files used to record data about website visitors. As advertising, site analytics and various customer interaction applications became more sophisticated, JavaScript was deployed to provide the commensurate functionality.

A combination of increasingly complex JavaScript and growing numbers of third-party application tags can result in the negative performance impacts we discussed last time and has pushed adoption of tag management solutions.

Tag management solutions (such as Google Tag Manager) corral the bundles of tags that need to fire, into a ‘container’. A set of supporting rules and logic ensure containers ‘inject’ the relevant tags (JavaScript) on the appropriate pages. Using a container to introduce most (if not all) tags can significantly mitigate web page performance issues.

Tag management benefits website performance, but it can be a constraint on the data collection needs of advertisers and other parties. Advertisers working in networks to maximise the reach of their ads, use tags to pass data to other network members. To facilitate data sharing tags can be chained or piggybacked so that a tag originally installed on a site can cause other tags to fire without a site manager being aware that this is taking place. As a result, visitor data may be passed to third parties without site visitors or site managers having control of or the ability to follow where this data is going: raising potential privacy issues.

What Are Tags Doing on University and College Websites?

Website tags, trackers and beacons and their associated JavaScript have four main functions:

  • They allow third-party content to be integrated into a website. We can categorise third-party content many ways, but one approach is the one we used in our last post, as employed by Ghostery:
  • They set various first- and third-party cookies;
  • They tell web browsers to collect user-related and other data; and,
  • They allow data from one website to be shared with other websites to perform user tracking.

We used a dataset of UK universities to show the performance issues discussed in the previous post. For the current discussion we’ve included 180 Canadian universities and colleges and 135 US universities and colleges to cover a total of 480 websites.  For the combined dataset, we see that the following categories of tags are present on higher education website home pages.

 

>Graph 1: Relative Proportion of Tags by Category for 480 Canadian, UK and US Higher Education Websites. The percentages represent to total number of distinct tags installed on the sites by category. The categories follow the definitions used by Ghostery.com 

 

Tags related to advertising (per Ghostery’s categorisation) form the largest single group (41% of all tags present on the websites in the group) and for the 480 websites we examined, 32 distinct advertising tags were installed across the sites. The next largest group (36% of all tags present on the websites in the group) was tags related to site analytics, representing 27 different analytics tags. We found six different variants of Google Analytics, from the original Urchin implementation to the current Universal Analytics on sites and we have reported these as different tags in the pie chart.

Almost 80% of higher education website tags support advertising or site activity tracking. The specific tags we found in these two categories across the 480 sites were:

Advertising Tags:

Tag Supplier Tag Supplier
Active Engine AdRoll
AddThis App Nexus
Baidu Bing Ads
Chartbeat Click Dimensions
DoubleClick DoubleClick Ads
DoubleClick Floodlight Eloqua
Eyereturn Facebook Custom Audiences
Flxone Google AdWords
Google AdSense Google Dynamic Remarketing
Lead Forensics LinkedIn Widgets
LinkedIn Marketing Solutions Marketo
Marin Search Marketer Net Results
Nakanohito Response Tap
Quantcast Tribal Fusion
ShareThis Ve Interactive
Twitter Advertising

 

 

Site Analytics Tags:

Tag Supplier Tag Supplier
Alexa Certify Clickheat
Clicktale Crazy Egg
Decibel Insight Digital Analytix
Geoplugin Google Analytics DC
Google Analytics GA Google Analytic GA SSL
Google Analytics LINKID Google Analytics UA
Google Analytics Urchin HotJar
Inspectlet IP Mappers
New Relic Optimizely
Pingdom Piwik
Segment Session Cam
SiteImprove Visual Website Optimizer
WP Stats Yandex Metrica

 

We note that our analysis will have missed a few tags that fire only on complete loading of JavaScript on a page, as our tag inventory script only examines the JavaScript snippets present on a page’s source code. If we include the additional tags that load with JavaScript, we anticipate the relative proportion of advertising tags would increase.

In carrying out our research, we noticed a marked difference in the number of tags firing on the home pages of university and college websites in the three different countries.

 

Graph 2: For the Higher Education Websites in Canada, the UK and US we Plotted The Relative Proportion of Sites with One Tag to the Maximum of 15 Tags Installed on the Home Page. 

The chart should be read as follows. The top red bar represents the proportion of Canadian university and college websites with only one tag installed (typically Google Analytics): just under 40%. About 25% of US higher education institutions have only one tag installed, while only 10% of UK university websites have a single tag installed.

For US and Canadian university and college websites a relatively small proportion of sites have  more than one tag installed, so that only 15% of these sites have more than four tags installed. On the other hand, UK websites have a more uniform tag distribution and over half the sites have more than six tags installed and about 10% have 10 or more tags installed. 

It is hard to know if the greater ‘tag intensity’ in the UK is by design, around online advertising campaigns, or signs of the need for tag audits? There is some evidence that UK sites are better managed as the proportion of sites use Google Tag Manager across the three countries indicates:

  • United Kingdom: 65.4% have Google Tag Manager installed
  • United States: 39.6% have Google Tag Manager installed
  • Canada: 30.6% have Google Tag Manager installed

Potential Tag Privacy Issues

If we look at two aspects of the above data, the advertising focus of tags installed on website home pages and the relative intensity of tags installed on a page, we can see the potential for data privacy issues.  To illustrate we’ll use one of the sites shown in the Trackermaps in the previous post. Here’s the TrackerMap:

Map 1: Ghostery Trackermap Illustrating the Different Tags Fired on Page Loading for a Site with 17 Active Tags and the Routes by Which The Tags Are Fired 

There are three different mechanisms at work, as follows.

One set of tags fires directly, as the page loads. Without access to Ghostery’s Trackermaps, you can confirm the requests being made on loading the page, either by using WebPageTest or installing the Chrome browser extension called WASP from Cardinal Path. The specific tags firing directly on this page are:

A second set of tags is controlled by Google Tag Manager as follows:

Finally, a third set of tags ‘piggybacks’ on tags that have been explicitly installed on the page, as follows:

We note that AddThis provides social sharing and share count functionality on websites, but also operates as an ‘audience intelligence’ platform

We are not passing judgment on using AddThis or similar tools such as ShareThis. We are simply pointing out that the behaviour of these tags is not necessarily understood by website managers and without examining what happens when pages load the implications of using any third-party tools cannot be clear. And, it is clarity that prompts our recommendations.

Recommendations

  1. Establish the active tags on the entire site. Use tools such as Tag Inspector, or WASP Crawler to check an entire site and use Ghostery, or the developer tools in your preferred browser to examine individual pages, in more detail.
  2. Produce a tag schedule:
    1. Identifying each tag’s ‘owner’, the individual who can explain why a tag has been placed on the site. In some cases, the owner will be an outside party such as an advertising agency.
    2. Establish what outcome the tag is intended to meet and if it is still meeting the stated objective.
  3. Determine and record on the schedule how the tags are loading: directly, via a tag management tool or piggybacking on other tags.
  4. Identify the ‘legacy’ or ‘unauthorised’ tags: tags that have no owner or the owner no longer needs the tag.
  5. In consultation with the ‘webops’ team establish which tags can be safely moved under the control of a tag management system and which need to operate directly.
  6. Again, in conjunction with the webops team plan the elimination of redundant tags and the migration of tags to a tag management tool.
  7. Upon completion of the migration exercise, re-run the audit to ensure that all the loose ends have been tidied up.

 

 

Sign Up for Email Delivery:

We collect the following solely to email you new research.

* indicates required
 

MailChimp stores your details. We do not share data with third parties.

 

 

 

Blog photo image: unsplash.com / pexels.com