• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

BUSTED Spincar caught selling dealer data

We NEVER sold and never would sell any data. Never had a relationship with Excelate or Nielson. I've never even had a discussion with them.
We are currently looking at all instances where the Exelate tag is being fired from and finding the originating sources. There would never be anything placed directly via either Excelate or Nielson as we have never had a relationship with them. Therefore, it's the byproduct of another analytics script or 3rd party.
 
Last edited:
Want to see which vendors are on your website? Goto: https://builtwith.com/

Prepare yourself to be amazed.
Yep, there's quite a few out there. Many VCs use such tools to analyze software before any form of investment. Open-source usage vs. Proprietary, etc.

https://forum.dealerrefresh.com/thr...petitions-technology-with-builtwith-com.5296/

It drills in pretty far, but there are granular components that don't show. Granted, it's freeware, you can only expect so much and at with minimal support.

BuiltWith has a large number of technology signatures but many of them are outdated and they don't use technographics. Allora (Datanyze, SimilarTech etc) provide much cleaner data with less false positive results.

Here are some similar tools:
  1. Wappalyzer
  2. JS Library Detector
  3. Similar Tech Prospecting
  4. Page Xray
  5. SimilarTech
  6. Datanyze (tech tracking) = VERY INTERESTING
    Datanyze is quite possibly BuiltWith's most direct competitor. Their specialty is providing data on the technologies being used by millions of websites. They can tell you things like who started or stopped using a technology today, among other data points that provide actionable insights.
  7. Allora.io, such as https://allora.io/profile/dealerrefresh.com
  8. What CMS
  9. SEOMon
  10. WebTech Detector (Wordpress Theme Detector To Find Out Themes and Plugins)
 
  • Useful
Reactions: Alex Snyder
Spoke with Joe Chura this morning. He is looking in to the tags across DealerInspire inclusive of Nielsen/eXelate some of which are related to Spin Car and others of which are native (probably from other applications/tools which power components of DI) in many sites. The problem is, many services - such as services/tools in DealerInspire sites which "tell" the dealer if your website shoppers have been on a competitors site, or are in-market and what they are browsing for are Trojan Horses as well, doing the very same thing. For example this is a problem for VAuto users who use E-Block...

"It has come to our attention that you have not activated the “Engaged” Block (E-Block) in your AutoAlert system. This valuable Opportunity Block identifies customers that are engaging with your digital assets (website, emails, etc.), providing you an additional layer to prioritize top opportunities with the highest propensity to buy."

In studying the VAuto script it appears dealership's website visitor data also has the potential of being syphoned off through something known as "leakage". I'll publish a list on Monday along with a tool which well spell out what the pixel/tag/script is, and what their privacy policy states, where the data may be going and whether or not we've seen it disclosed in agreement form to the dealer.
 
Last edited:
Spincar has a relationship with Criteo for their remarketing. Full disclosure I've used Criteo for a long time and have massaged it to suit my needs. But they do have a very checkered history. This all could be related to that relationship.
The Nielsen/eXelate Tag is separate and a part from the Criteo tag, and yes Criteo is another very interesting actor in this drama. Dealers are in way over their head and the risk/reward of these tools/vendors has never been explained to them as few people understand how it all works.
 
  • Like
Reactions: Rick Buffkin
Great posts thus far - to clarify your points Jeffrey, at least with respect to Dealer Inspire, and other sites I've encountered - I've never seen 'eXelate' added or requested to be added as a primary tracking pixel - it has only be in subsequent loads via a third-party carrier. There are ZERO instances of Nielsen/eXelate being "native" - like Joe said earlier. In the case of Spin Car, I examined the same script, and while I found it passed Year Make Model information via the pixel, I didn't see anything that would capture form fills or extra data about the visitor themselves, other than what any other browser request would send. My worry with using the word 'siphon' in this case, is that any tracking or retargeting pixel is going to have additional information, due to the network effect of these pixels - that doesn't necessarily mean anything is 'leaked'. These words have meaning, and in the context of data security, especially so.

Further, the third-party nature of these scripts means their own code can change to include something that, while covered legally, could have other purposes. It makes our jobs all the more difficult. That said, this is where I would hugely agree with your last point about the risk/reward of these tools - and explaining what ultimately could be included with them. Explaining this in the limited time we all have with our customers is very difficult. The pressure on them to deliver is quite high.

There is value in providing as much data as possible about consumers to our dealers - much like using Google Analytics (which has so much more data than eXelate, but happily these tools are put on the sites based on trust) - the thirst for an advantage helps me understand why Spin Car would include them - I don't excuse it, just that I understand it.

I won't vilify them, but I would certainly treat them with extra scrutiny.
 
  • Like
Reactions: Alexander Lau

"I won't vilify them, but I would certainly treat them with extra scrutiny."


To be clear when make & model is captured along with MAID (Mobile AD ID - if applicable) a cookie sync’d, IP Address, browser and more collected that is the crux of what makes up a data segment. So regardless of form fills, the visitor and their browsing behavior coupled with a way to target them is being collected, syphoned off and sold unbeknownst to the dealer. It is the equivalent of stealing the $ Money a dealer spent to drive that person to their site. If not it is not disclosed it is the same as a person robbing your house after you just bought furniture and selling it to your neighbor for pennies-
 
Last edited:
  • Useful
Reactions: craigh
Great posts thus far - to clarify your points Jeffrey, at least with respect to Dealer Inspire, and other sites I've encountered - I've never seen 'eXelate' added or requested to be added as a primary tracking pixel - it has only be in subsequent loads via a third-party carrier. There are ZERO instances of Nielsen/eXelate being "native" - like Joe said earlier. In the case of Spin Car, I examined the same script, and while I found it passed Year Make Model information via the pixel, I didn't see anything that would capture form fills or extra data about the visitor themselves, other than what any other browser request would send. My worry with using the word 'siphon' in this case, is that any tracking or retargeting pixel is going to have additional information, due to the network effect of these pixels - that doesn't necessarily mean anything is 'leaked'. These words have meaning, and in the context of data security, especially so.

Further, the third-party nature of these scripts means their own code can change to include something that, while covered legally, could have other purposes. It makes our jobs all the more difficult. That said, this is where I would hugely agree with your last point about the risk/reward of these tools - and explaining what ultimately could be included with them. Explaining this in the limited time we all have with our customers is very difficult. The pressure on them to deliver is quite high.

There is value in providing as much data as possible about consumers to our dealers - much like using Google Analytics (which has so much more data than eXelate, but happily these tools are put on the sites based on trust) - the thirst for an advantage helps me understand why Spin Car would include them - I don't excuse it, just that I understand it.

I won't vilify them, but I would certainly treat them with extra scrutiny.

The script being discussed cannot be compared to Google Analytics. GA does NOT pass IP, MAID, set and/or sync a cookie. The script referenced here must be put in specific context: It allows for the make, model of the vehicle to be passed along side browser info, MAID, IP and the "matching" or syncing of a cookie. One need only look at this removed page to get some idea.

https://dealerx.com/dataium-sells-data-to-exelate/

Old, (as is the cookie) but still relevant today

But hey, let's all live in ignorance because it's easy.
 
Last edited:
“GA does NOT pass IP” - by its very nature of being loaded by the browser it passes an IP. If you don’t think GA tracks users cross-site, I’m not sure how productive a conversation we can have.

If you’re talking about Dataium, there is an exchange of information - you receive insights about visitors from OTHER sites, and contribute their behavior on your site. It made the insights more powerful, the wider the Network. I’m speaking solely to the benefit provided to the dealer, not any relationships they may have had beyond. Calling it “stealing” is a bit of a stretch - that implies you no longer have “the furniture” - you certainly do.


Can we keep things more civil regarding “living in ignorance”? Seems uncalled for.
 
  • Like
Reactions: Jeff Kershner
“GA does NOT pass IP” - by its very nature of being loaded by the browser it passes an IP. If you don’t think GA tracks users cross-site, I’m not sure how productive a conversation we can have.

Hmm...I'm hard-pressed how to respond. But let's just establish an item or two.. I'm sure your'e somewhat savvy, but it seems as though you are trying to undermine the whole premise of the original post by a random jab at what you think I know or don't. Of course GA captures IP as passed from the browser, but GA does NOT pass it to the end user in the GA platform. To be clear I thoroughly understand how GA works and in the spirit of being a gentleman and not wanting to return a dispersion I will only say that in the the data, analytics and adtech space I have a fair amount of knowledge.. always willing to learn more, but a fair amount of knowledge. Fuck it, I'll say it, I have much more experience than most (inclusive of you) in the Data/Analytics/Adtech space.

If you’re talking about Dataium, there is an exchange of information - you receive insights about visitors from OTHER sites, and contribute their behavior on your site. It made the insights more powerful, the wider the Network. I’m speaking solely to the benefit provided to the dealer, not any relationships they may have had beyond. Calling it “stealing” is a bit of a stretch - that implies you no longer have “the furniture” - you certainly do.

Are you saying that DI does in fact use IHS Markit or a remnant of Dataium in your platform?

Seemingly so.. Your understanding of Dataium is naive and flat out wrong. They collected data from the very dealership websites they were paid for a service from and sold it to eXelate. To be clear dealers paid for a service but most if not all had NO idea (they didn’t read the fine print of their agreements) that along with that service Dataium was getting paid to provide, the very same data collected by them from their client's dealership website (sync'd cookie ID, IP, MAID along with Make Model and Behavior) to eXelate. The data eXelate paid for from Dataium was bucketed and sold as data-segments to ad firms. It’s highly possible that the data purchased by ad firms may have very well aided a competitor of the very dealer whom paid Dataium for the service to start with.

The difference is/was Dataium disclosed what they were doing.

That said, I am likening what SpinCar did to stealing, not Dataium (They - Dataium - disclosed it all in the fine print).

I really don't understand your perspective, the implication is clear, I pay for "a click" let's say from Google Adwords for arguments sake $5.00, you the vendor get a copy of all the info derived from that click via a tracking script, at no cost. The vendor (I'm paying for services) sells my visitor data to data broker whom ultimately could sell it to my competitor via their agency for pennies $0.05 (Example) with out my knowledge.

Why don't you see a problem with this?


I'll correct the use of the analogy referencing furniture by saying exactly what I believe took place with SpinCars and sparked this post: Intent to misappropriate or illegal/unauthorized transfer of IP (Intellectual property) and/or resources with out the dealers knowledge. Doesn’t SpinCars reply sum it up?

“We apologize..and it is taken off now”

As for being civil I believe I have been, the living in ignorance comment was directed at the vertical, not you or DI. To be clear we buy data on a fully disclosed basis, refine it and use it very effectively for our clients. More importantly we stop our clients from letting their data be syphoned off and used against them as is evidenced by what started our cordial dialogue.
 
Last edited: