The rallying cry for transparency in ad tech has been intensifying across the industry, but it looks like the programmatic stacks deployed by many publishers are more opaque than many would hope.

A recent report by Canadian security firm Feroot looked at monitoring software on more than 1 million webpages and found that in many instances, audience data was passed on to third parties, often without the publisher’s knowledge.

The study examined the data transfer of roughly 270,000 web trackers and tracking pixels across 1.1 million webpages and discovered that on average, each site loaded 20 trackers.

Websites examined in the study ranged from news publishers to international government agencies, which often contained snippets of JavaScript used to target ads, deliver content and track conversions, completely independent of the cookies that a user can accept or reject upon visiting the site.

As Feroot’s CEO Ivan Tsarynny pointed out, while publishers can have relationships with these vendors, it’s not uncommon for ad-tech companies to nest JavaScript code.

This nested JavaScript could potentially loop in an untold number of other tools from other vendors.

The text above is a summary, you can read full article here.