UTM
What is a UTM parameter?
A UTM is a parameter that can be appended to the end of a website address (or URL), and share information about where you got the URL from. UTMs are a common way for marketers to learn how visitors are finding their site, and are often associated with tracking.
UTM stands for “Urchin Tracking Module,” which was a Web analytics software product from Urchin Software. Google acquired Urchin in 2005, and the software formed the basis of the present-day product Google Analytics.
Companies that advertise want to know how effective their efforts are at bringing people to their website. One way to measure this effectiveness is to include UTM parameters on the link URL (whether that link appears in an ad, social media post, or elsewhere). When a user clicks a link with a UTM parameter, the website records the UTM parameters, and often begins tracking the user as well.
What sorts of data do UTM parameters include?
UTM parameters can contain information about where the link was posted, which ad campaign it was part of, and more. By recording the parameters when a user arrives, the company can measure the effectiveness of each ad. The company can also track the user’s subsequent behavior (like buying or downloading something), which helps indicate how likely each type of ad is to bring in a user who takes some action that benefits the business.
What do UTM parameters look like?
In a URL, you may see a question mark character. The part of the URL after the question mark comprises the query parameters of the URL. Within the parameters, you may see some or all of the words “utm_source”, “utm_medium”, “utm_campaign”, “utm_term”, or “utm_content”. Each of these are UTM parameters. You’ll see each word followed by an equals sign, followed by the information they hold. For example, if you click a link in an email, you may see “utm_medium=email” in the parameters.
Note that not all URLs have query parameters.
Are UTM parameters bad for privacy?
In some cases UTM parameters are benign; in others, they can be bad for privacy. Often, the information UTM parameters hold isn’t specific enough to identify an individual user—the level of detail is along the lines of “user clicked a link in our summer sale email campaign” or “user clicked the link in our X (formerly Twitter) bio.” These UTM parameters can give website owners useful information about their visitors without violating privacy, and are relatively harmless. However, UTM parameters can be privacy harming by themselves if they target one—or a small number—of individuals. In this case it can be very easy to track individuals.
Essentially, it’s not possible to determine the privacy harm simply by looking at the UTM parameter itself.
The bigger problem arises when UTM parameters are used together with more invasive forms of tracking. Then, a UTM parameter’s information about user activity can be combined with data about user activity from elsewhere, to build a detailed “profile” of online activity.
UTM parameters are one example in the general category of tracking parameters. There are other parameters that are invariably associated with invasive tracking, such as “gclid” (Google click identifier). Brave includes a feature called “query stripping” that automatically removes such parameters. Note that Brave’s Copy Clean Link feature can also remove UTM parameters, if users choose to do so.