Select Page

Every advertising network, if you are able to use custom UTM parameters on the link click, you can back-append that social network/ad network’s targeting data into your own user database without the consent or knowledge of users — and it’s extremely common for enterprise orgs.

On Twitter, the standards are…loose.. (ditto for Facebook) so I like to urge folks to click on ads occasionally and/or grab the full URL, and take a look at the UTM parameters + values that are in the URL.

For bigger brands or aggressive buyers, you’ll see targeting codes or direct references to which the native ad network targeting criteria was used to bring you to the website. If you then signup on that website or click additional links, oftentimes your Twitter interests will be appended into a custom field associated with your new user profile on whatever business you’ve just signed up on through 1st party cookie to querystring joins and other “transparently non-compliant data sharing tactics.”

Here’s a URL I just got for Dove Body Wash here on Twitter ads, i’ll breakdown the UTM fields – and how targeting on Twitter flows all the way to Walmart.

Ad Targeting Parameters Appended via URL Querystrings & Session-Stitching Breakdown

Landing page via @

Appending params @


Optimization params @


On the landing page, a 1st party cookie value is created that will start with “amplitude_id” – a base64 string (image above of the cookie value in my test session) encodes both the “sessionID” and several other fields — if you click on any of the marketing links to purchase the Dove Body wash, like the Walmart link, the landing page URL will be customized so that your session ID cookie value from the ads landing page domain is then passed into Walmart’s domain, and enough fields of data are passed to Walmart so that there is a financial incentive for Walmart and other companies receiving this data to then purchase “more data” from the landing page companies who purchased the original Twitter ads.

Not all companies do this full cycle of data appending (with a direct sale on the backend) – and I’m not alleging that in this exact instance, this is exactly what is happening – but even without money being exchanged directly for user data, the session-stitching + Twitter targeting criteria being appended/shared via these join keys, crosses a “value transfer” that could equate this type of “ad targeting appending” into being categorized as a data sale. It’s unclear when regulators will catch up with data appending practitioners, but this is a too-common strategy.

If you click the Walmart link on the original landing page, you’ll be sent to a URL like:

Landing page via @

Appending params @

sharedid=sessionId%3D1619567918411 (This is the cookie value from the landing page, passed into a querystring for Walmart)

Optimization params @


On the original ads landing page, if you clicked on the Amazon or Target links instead of the Walmart link, the querystrings are slightly different, and it seems as though the cookie value “shareDID” is not being given to either of these companies — only Walmart.

Does this mean that there is some special data deal? Who knows…

Is this just another very common example of an enterprise company scraping the ad targeting data of another network through careful UTM building + 1st party cookie value sharing across domains? Yup!

Feel free to send me any URLs with fun UTM querystrings at or over on Twitter @thezedwards