Tinypass breaks logins and accounts

Thank you for bringing this to our attention. Our technical and policy review determined that tinypass.com meets our definition of Tracking (See https://disconnect.me/trackerprotection) and that this domain is properly classified as a Tracker.

Our technical review revealed Request URLs from tinypass.com’s subdomains are present on thousands of 3P sites. We are seeing what appear to be tracking requests (containing information like “experience” and “page_view_ID”) from subdomains including but not limited to the following:

Example: https://www.cnbc.com/ Request URL https://dashboard.tinypass.com/xbuilder/experience/load?aid=o19WonOrHQ
Example https://www.toledoblade.com/ Request URL https://id.tinypass.com/id/api/v1/identity/token/verify?browser_id=lwhztno7ush3l277&page_view_id=lwhztno7v9jr0pcp&content_type=website&page_title=The+Blade+%7C+Toledo%27s+breaking+news%2C+sports%2C+and+entertainment+watchdog&callback=jsonp882&client_id=bMMF5VBfpu&site=https%3A%2F%2Fwww.toledoblade.com
Example https://www.elmundo.es/ Request URL https://experience.tinypass.com/xbuilder/experience/load?aid=wQKkKmsRpu In addition, several portions tinypass.com’s parent entity Piano’s policy and website marketing seem to support the current classification, including but not limited to the following: Website marketing:
“Piano empowers you to create customized digital experiences and build commercial relationships with your users — fueling your subscription, conversion, analytics, entitlement and personalization goals.” https://piano.io/
“Everything you know about a user immediately available for segmentation and targeting.” https://piano.io/product/dmp/
“Customer relationships start with identity. See what content your registered users are looking at and personalize their site experiences in response. Mine your database to create highly targeted lists. Or initiate a sequence of emails based on time or user behavior. It’s all possible with ID.” https://piano.io/product/id/ Privacy policy https://piano.io/privacy-policy/ talks about data collection:
“Raw ID-type information: for instance, the user-terminal ID (cookie or mobile ID), that is transformed in a hashed visitor ID, or the IP address, that can be anonymized, to perform geolocation for instance”
“To provide the products of the Platform, Piano is using trackers, especially cookies on standard websites, or mobile IDs on native applications. Local storage, server-to-server request, clear gifs, pixel tags, web beacons or other similar technologies may also be used in some cases.”
“Publishers can use the Piano Platform and the associated Services for the following main purposes: -Understand the audience - Optimize content - Engage the audience - Monetize the online platform”
“Depending on the product of the Platform, or regarding specific legal obligation to perform (e.g., for payment with VX), the data retention period can be different and always agreed in the contract with the Publisher acting as data controller. Analytics, for instance, has a predefined data retention period of 25 months with the opportunity for the Publisher to customize it.”

In regard to the specific login breakage, we were able to replicate this issue, and we are looking into moving the tracking domain associated with the login functionality into our Content category, which could solve the issue. This review could be expedited by communicating directly with a contact at TinyPass/Piano, if you would like to put us in touch. Our contact email is support@disconnect.me.

disconnectme / disconnect-tracking-protection

Tinypass breaks logins and accounts #351

Domain(s) to review. Separate them by comma.

Rationale for removing, adding, or recategorizing.

Where domain(s) observed. Separate them by comma.

Additional notes