Home > Paid Traffic Sources > Mobile

---

What's the Best Way to Send Sub ID Info to the Advertiser Without Revealing it? (7)

---

Hey STM gang, looking to get into some CPI campaigns and think I should be sending some extra data to the advertiser in order to better optimize my camps rather than have them tell me to stop running altogether. What I would like to do is encrypt my placement IDs and traffic source IDs. Unfortunately, since I am using Amazon S3 I am unable to run PHP, leaving my "secret key" out in the open if I use JS alone. This would then allow the advertiser to decrypt my placement IDs and traffic sources if they were so inclined.

Is there a way to maybe run a php script from my shared hosting server I have with Bluehost? Perhaps this would be too slow to even think about doing on pops though? Will I need to upgrade to a different server that has PHP?

Maybe all of this isn't even necessary, but I'd rather not leak my info to the advertisers if possible.

---

This is a really McGyverish way of going about it, but invent yourself a way to encrypt it, and decrypt it. It doesn't have to be 100% secure but likely the advertiser won't bother.

You could do a bunch of math operations on it to encode it, and to decode just do the reverse. Left-shifts, right-shifts, multiplications, divisions etc. Then if advertiser tells you to eliminate a siteID you can just plot it into your decode function and get the siteID you need to eliminate. All you need for this is an encode-function written in js, and pass the result as a subID.

---

I suppose that could work, but if they really wanted to they could easily reverse engineer it, and if I have a campaign that takes off I can definitely see that happening. I'm assuming the only safe way to do it would be with php.

---

Why not just encrypt it with javascript on your landing page? Are you assuming the advertiser will have access to your landing page as well? Even if they did that's a decent amount of work to go in and figure out the encryption and run it on the data you are passing to them.

Blue host would be way too slow. However there are plenty of hosting services you could use that would let you have php on your page and I doubt the php would really slow the page down that much. Look into digital ocean droplets. You'll need to understand how to run an ubuntu server and how to modify apache files but if you need help let me know.

skype: pauldemott

---

How about passing them something that is not so easy to identify? Campaign ID or banner/creative ID ... I sometimes do this Its gonna be a random number and it won't be so easy to detect.

---

Two. I pass different random numbers on s1 and only I know which traffic source is each but the advertiser can still optimize or ask me to pause x or y instead of kicking me out of the offer.

---

The only 100% safe would be PHP, but you could still:

Make a really intricate encyption - decryption function, then on top of that, you could cloak your lander under a totally identical lander with a dummy encryption function that produces similar looking outputs.

If you make the encryption function really intricate, then scramble it up, minify it and obfuscate it, it would be a headache to reverse engineer it. + If you have traffic source IDs you could make that a part of the key, and pass only IDs that are hashes of TS ID + siteID and some other random stuff (OS, connection, device, carrier). Sure you could reverse engineer it, but if you hash TS ID + siteID you should be pretty safe.

You could also place the encryption function in some external js file, a library, like jQuery. Or chop it up into multiple functions and spread them throughout one or multiple libraries, and many many more things depending on how much time youu're willing to spend on this

---

Home > Paid Traffic Sources > Mobile