Tracking company Mixpanel knows who you are… yes, you specifically

MixpanelNext up in our coverage of specific tracking companies we’ve added to DoNotTrackMe’s block list is Mixpanel. What’s most unique and concerning about Mixpanel from a privacy perspective is that they advertise that they can tie their incredibly detailed tracking data to specific individuals. Although it happens and it’s certainly been done before, advertisers typically don’t admit it: they focus on data being aggregated and “de-identified” and thus lacking privacy risks (which isn’t always true, but that’s the industry stance and one of their key talking points).

Mixpanel is coming right out and marketing its tracking tools based on the ability to identify individuals. On their website, they say “Now you can tie any kind of data to your users to see exactly who they are and what they have done.” They even show a screenshot of their user interface showing incredibly detailed facts about individuals listed by name, with a photo, their email, their home town, their site activity, and more. They’re still being a bit cautious about it–their page discussing the feature isn’t linked to from their main site and took some digging to find–but it seems they’re aware that what’s a privacy death sentence for most advertisers could also be a major selling point for their advertiser customers.

Mixpanel dashboard

Mixpanel’s dashboard lets websites and advertisers see visitors’ personal, individual details.

Mixpanel says they’re tracking 6.2 billion web and mobile user actions each month. These actions include a user’s demographic info, referrer info, and detailed site actions (like whether they opened a drop-down menu, clicked a button, put something in their shopping cart, or even hovered their mouse in a certain area for longer than average).

mixpanel specific usersMixpanel offers an opt-out cookie at https://mixpanel.com/optout/. Opt-out cookies are a less direct way of stopping tracking than simply blocking tracking code or cookies because most consumers can’t verify what the cookie is actually doing, how long it lasts, if it’s working, or what info it collects. Plus many opt-out cookies only put advertisers in compliance with their own privacy policies, rather than stop all data collection, which is what the majority of consumers want and expect. Another problem with opt-out cookies is that you delete them whenever you delete your cookies. Even though they’re “good” cookies, they’ll still get thrown away with the rest of them. Mixpanel’s privacy policy states this limitation. That’s why we added Mixpanel to DNTMe’s block list: we block their tracking simply and easily, so you don’t have to deal with the mess of opt-out cookies.

Mixpanel’s privacy policy is vague and short. Brevity isn’t always a bad thing, but it can be when you’re a company that mines user data. It seems like they’re understating what information they or their advertiser customers track and what using their opt-out cookie actually does: “If you select the Mixpanel opt-out cookie, data that is ordinarily recorded by our customers or ourselves will not be based on the Mixpanel cookie for analytics or ads. Your Mixpanel cookie will not be uniquely identified. As long as your browser retains the Mixpanel opt-out cookie, Mixpanel won’t serve new Mixpanel cookies to your browser.” In other words, it seems like all they’re saying is that using the opt-out cookie prevents them from setting new cookies, but they most likely use other, more powerful forms of tracking they’re not mentioning, like JavaScript. In our research, JavaScript comprises the majority of online tracking (43%). In fact, some of the tracking methods they’re advertising in the Segmentation and Funnels sections of their site rely on non-cookie-based tracking, like web beacons to see if a user opened an email.




23 comments shared on this article:

  • Barbara Zarrella says:

    Appreciate your hard work here. It is all beyond my capabilities!
    Barb

  • Chris Crosby says:

    Interesting post and perspective on this. Mixpanel does use JavaScript and other methods to track user behavior (https://mixpanel.com/docs/integration-libraries). We use MixPanel primarily for tracking the usage of our product, so we can tell what customers are actually doing. One caveat is that in order for this information to be useful, the company that’s using Mixpanel’s product must tell Mixpanel what to track and where in order to pull it all together.

    Also, while I haven’t taken a deep dive into the product, KissMetrics does something very similar.

  • Aaron says:

    This isn’t really a “privacy violation”. Websites have a right to know what users are doing in their app so they can improve the quality of their service. Mixpanel regardless gives users the ability to opt out of all Mixpanel tracking on any sites with the opt out code.

    Keep in mind this will also eventually damage the user experience of users. Most Mixpanel customers use data like Funnels to improve conversion rates. Khan academy, for example, uses funnels to improve users that are searching for information and finding relevant material that they then consume (watch). If you remove this data Khan academy now has to guess everything that they do.

    Mixpanel also added email and push notifications, which can be targeted to only the most relevant users, which means the amount of untargeted spam companies normally email could be targeted and relevant. Pushing disabling cookies is simply working backwards from Mixpanel’s attempts at making things more relevant and data driven.

    • J Hammerhead says:

      Another apologist for MIXPANEL and other privacy violating companies that love to track and mine users data. I totally concur with all the other blog posts that re-iterate the need for privacy and such a useful browser addition as DNT. Best of luck tracking me. I would have absolutely ZERO interest in buying anything from companies that do not have an extant privacy policy. Keep up the good work DNT engineers blocking tracking scripts and providing additional info on these companies.

      • Jason says:

        You do not appreciate what Mixpanel is, and referring to people as ‘apologists’ is weird/uniformed.

        A company doesn’t just automatically get the user’s info, it’s given to the company by the user through signup forms. If a user goes to the site, a pixel is dropped on them to track their behavior, but the user is still anonymous until they OPT IN and give whatever identifying information the company is asking for.

        I use Mixpanel every day to track what my customer (who pay between $2k-$10K a month) engagement. I want to know:
        - who is active? why?
        - who is inactive? why?
        - Can I categorize my users in any way based on their identity? company size? Location?
        - Who is behaving in a way that leads to churn? upsell opportunities?

        It’s critical for me to know what my users – AKA customers – are doing in my software so I can proactively serve them. These are all people who volunteered their information to me when they signed a contract.

  • Jorge says:

    Congrats for Your Great Site !!!

    The Users must have the Right to Decide if they do not mind being Tracked OTHERWISE is the WRONG thing !!!

    • Aaron Dunn says:

      They do have a right to opt out, thats why all analytics companies, including Mixpanel, offer people the right to opt out. The link was pasted above.

      • Leeskicitizen says:

        Aaron, the critical issue of research efforts into the personal activities of anyone on the internet is privacy. If anyone wants detailed information of what I do while I’m online they should ask first, not automatically track me first and give me the option to decline. I certainly don’t have the ability to access your companies records, financial or otherwise. Can I have access to the online activities of your office personnel, let alone your company executives online activities? I think not. Privacy is privacy, and not just for some.

    • YaHeard says:

      Nobody cares about what you as an individual are doing dude and it is straight up irresponsible for engineers to not have insight into how people are using their product. MixPanel is a great tool that can drive product improvements that benefit all users.

      Btw, there is an easy way to opt out of a web site tracking what you do – don’t use it!

  • yakub mohamed says:

    i for one amnot computer savvy but with DNTM on my side gives me updates about whos doinwhatbehind the scenes im happy keep up the good job

  • tfl says:

    Why have you abandoned your own forum?
    There are unanswered questions, unattended conversations, and lots and lots of unremoved spam.

    If you’re not going to have a presence, you really should consider removing it.

    • Sarah Downey says:

      We’re talking right now about what to do with it. We already have people coming to us with questions in a lot of places–email, chat, twitter, Facebook, phone, blog comments–so the forum complicates things. If people were using it primarily to just talk about privacy issues and it was more of a community, we’d probably keep it. But because it’s just another avenue for support, and we already have plenty of those, we’re probably nixing it.

      • tfl says:

        Thank you for the response. Yes, leaving it up and unattended isn’t a good idea. It looks as if there is no support.
        Many of us do not use any social media/network, so facebook and twitter aren’t an option.

        My guess is that most people (excluding me of course) wouldn’t post here to an unrelated topic.
        Maybe fora are going the way of the walkman. I hope not. It’s the only one of the methods you mentioned, which allows for organizing on a topic, easily finding that topic and collaboration. Even posing here doesn’t do that since the only sort here is chronological.

  • Pat says:

    Thank you so much for the hard work. I am NOT very technically “savvy” so I need ALL the help I can get!!
    Gr8 work

  • Alex says:

    This is slightly misleading actually.

    Mixpanel gives websites a tool that lets them organise what *they* know about their users and customers. Mixpanel don’t know anything special, or give you any more information.

    These sites have this information anyway, this is just a tool for them to view it in an organised way.

  • Vince Mann says:

    Well Said Leeskicitizen. Why Is So Important To Companies That We Will Never Do Business With, Have Details On Our Web Usage? Big Brother Hmmmm?

  • jo says:

    Here you go MixPanel – please look at the personal history I placed on Blue Kai and the comments and help I gave to Alex Wassner VP (apparent) of Rapleaf. My life is boring as – and I find it complimentary that over 1700 have tracked me – how many were yourselves. I only wish that whilst you were following my sad non life you were leaving others alone – but that simply would not be true.

  • Alex C says:

    This is misinformation, and should be removed from your list. I’m a strong supporter of online privacy, but you’ve not done your research properly here, and you’ve misunderstood what Mixpanel does.

    As Aaron and Alex have already mentioned, Mixpanel does not do anything special to snoop out your details.

    All mixpanel data is completely anonymous, until you sign up and PROVIDE YOUR DATA. Anyone that concerned about their privacy online would surely never enter their name and email into a site anyway?!

    Mixpanel is intended to allow app/website developers to gain insight into how people use their product. If that app/website allows users to register, a process during which the user provides their data for the purposes of creating an account, then the app developer will then know your email and name and anything else you provide.

    This is completely standard for all apps/websites that have an account system; without storing your credentials, you can’t have an account.

    The caption on one of your images says Mixpanel’s dashboard lets websites and advertisers see visitors’ personal, individual details. This is correct, but only information that that visitor has handed over to the website anyway, and is not a passive thing as ‘lets’ implies.

    To reiterate what Alex said, mixpanel allows app/website developers to organise content you’ve explicitly provided to gain insight into how people use their app/website. They learn nothing about your browsing habits on other sites, or your credit card details etc.

  • Alex C says:

    This is misinformation, and should be removed from your list. I’m a strong supporter of online privacy, but you’ve not done your research properly here, and you’ve misunderstood what Mixpanel does.

    As Aaron and Alex have already mentioned, Mixpanel does not do anything special to snoop out your details.

    All mixpanel data is completely anonymous, until you sign up and PROVIDE YOUR DATA. Anyone that concerned about their privacy online would surely never enter their name and email into a site anyway?!

    Mixpanel is intended to allow app/website developers to gain insight into how people use their product. If that app/website allows users to register, a process during which the user provides their data for the purposes of creating an account, then the app developer will then know your email and name and anything else you provide.

    This is completely standard for all apps/websites that have an account system; without storing your credentials, you can’t have an account.

    The caption on one of your images says Mixpanel’s dashboard lets websites and advertisers see visitors’ personal, individual details. This is correct, but only information that that visitor has handed over to the website anyway, and is not a passive thing as ‘lets’ implies.

    To reiterate what Alex said, mixpanel allows app/website developers to organise content you’ve explicitly provided to gain insight into how people use their app/website. They learn nothing about your browsing habits on other sites, or your credit card details etc.

  • AReader says:

    Please reconsider your use of Google Analytics and Mixpanel. I think it would be more noble and set a better example if you used no tracking at all on your website rather than let Google and Mixpanel collect information and trust them to not misuse it. The best option is not to gather this information in the first place. Take a leaf from the search engine DuckDuckGo.

  • AReader says:

    Oops, wrong website – sorry disregard! :)

Leave a Reply

Your email address will not be published.

Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>