There are a number of ways that advertisers can track you across the web. Advertisers cast a wide net and use many different techniques at once to collect information about you, even when you're browsing incognito or using another device, such as a smartphone or tablet.
Your IP address identifies you across the internet, such as when you log into your email account or visit a shopping site.
It's the numerical address associated with your current connection, whether it's your home internet or a mobile device connected via cellular. IP addresses can and are used to track you, both as a security precaution (for example, in Gmail to record recent device connections) and to identify patterns that can help identify you as an individual.
Perhaps the most widely understood tracking technique is the tracking cookie. These are small files that exist on your device that identify you to various websites, allowing advertisers to track you down even if you've never visited a particular website before.
URL trackers are used to collect information about how you arrived at a destination. If you click on a link in an email, such as a newsletter or a promotion, URL crawlers can be used to determine whether the email campaign was successful and to build a broader picture of how visitors they end up on the website.
Tracking pixels are typically associated with email clients, but can just as easily be deployed on the web for similar purposes. A unique pixel can be served to each visitor, which is used to collect your IP address. Although you can block cookies and ads with browser settings or extensions, blocking tracking pixels is much more difficult, as your browser cannot distinguish them from standard content.
More advanced tracking techniques
A more advanced technique, known as device or browser fingerprinting, uses the unique fingerprint or “fingerprint” created by your device to set you apart from the crowd. This includes your operating system, browser and version, screen resolution, extensions you use, time zone, preferred language or even technical specifications such as your computer hardware or driver versions.
This is also how canvas fingerprinting (and WebGL fingerprinting) works. A script that runs in the background on a web page instructs your browser to draw an invisible image. Since each device draws the image in a unique way (depending on the variables used to collect your fingerprint), the image can be used to link your data across all websites without having to store anything on the device your.
If you're skeptical that your personal device isn't secure enough for an advertiser to stand out from the crowd, visit Amiunique to see for yourself. The sheer amount of data that visiting a website leaves behind can work against you to distinguish you as a unique user.
Finally, there are so-called “super cookies” that do not use local storage, but are instead inserted at the network level by the Internet Service Provider (ISP) as a Unique Identifier Header (UIDH). This information can be used by your internet service provider to track your browsing data, but also accessed by third parties to identify you online.
You cannot delete super cookies as they exist at the network level. Super cookies can be used to restore cookies you have already deleted, providing another point of identification for advertisers to use. Ad blockers or privacy-minded browsers can't stop them either, but you may be able to opt out at the ISP level.
How your data is used
Crawlers usually collect information related to their own services. These could be preferences that determine what you see when you use their website, such as your location, language, etc. This kind of data makes your experience more convenient.
Third parties, such as advertisers, track you around the web to collect as much data as possible about your browsing habits. Data is the new gold, and there's a lot of money to be made from understanding a user's browsing habits on the merchant side.
This information is eventually compiled into a database to understand how you behave, what your interests are, where you live, and so on. This may include intrusive information such as political beliefs, health conditions, or anything else you would not be comfortable with an advertiser knowing about you.
The most common use of this type of third-party data is to serve ads. The more an advertiser knows about you, the more likely it is to show you an ad you like. Instead of showing an ad for a product that has nothing to do with you, advertisers can show an attractive product that is relevant to your area at a convenient time of day to entice you to click.
These preferences are an important part of the core product used to sell ads. The more data points an advertiser has, the more they have to offer potential customers.
Is the data collected anonymous?
There are potentially more nefarious uses for this data. Advertisers often state that the data collected is anonymous, but this is not entirely true. Common practice dictates that collected data be stored with an alias (such as a random string of letters and numbers) rather than an easy identifier. It is not beyond the realm of possibility that this data can be linked to your identity, email address or phone number.
Consider what could happen if an insurance company could see your advertising profile or search history. Your premiums could increase if you were deemed to be at higher risk just because you researched a symptom or condition online (even if the condition is unrelated to your own health). This is certainly a nightmare scenario, but as long as there is a summary of your online activity in a private company's database, then the threat exists.
Dynamic pricing could also be affected if a company learns more about you. In the same way that using a VPN to access a travel site from a different country could be used to save money on flights, a travel site that understands circumstances such as your financial situation, home ownership or travel habits it could be used against you to raise prices.
What can you do about it?
Advertisers don't rely on a single technique to track and identify you, which means you need to take a multifaceted approach to avoid being tracked as much as possible. The easiest thing to do is to activate the Do Not Track in your browser preferences.
Better yet, switch to a browser that provides more control over your privacy. Safari and Firefox block third-party cookies by default, and Safari will even let you know how many trackers were blocked using the Privacy Report. You can instruct almost any browser to block third-party cookies quickly and easily.
You can use a tool like the Ghostery (available as a standalone browser or web extension) to block trackers as much as possible. Go one step further and use it Tor at the cost of browsing speed, not only to beat trackers but also to resist surveillance and censorship.
The DuckDuckGo now also has its own browser, with tracking protection and a more private search engine. For search purposes in other browsers, switch to DuckDuckGo instead of Google to stop the world's largest search engine from tracking your queries.
Email is another faucet hole when it comes to online privacy. DuckDuckGo's @Duck.com email protection removes tracking pixels and offers aliases that you can disable at will. The Apple Mail already includes strong privacy protections, with iCloud+ users having access to Hide My Email.
The Private relay Apple promises your anonymity online in a way that even Apple doesn't know what you're accessing. Alternatively, use a VPN to encrypt all your browsing data. Using a VPN and Private Relay are two different things, so make sure you understand the differences when trying to choose between them.
You can prevent super cookies (UIDH) from working by using only HTTPS websites with valid SSL or TLS certificates. Alternatively, creating an end-to-end encrypted connection using a VPN will also prevent super cookies from working.
Tracking is here to stay
The privacy implications of online surveillance are alarming to say the least. While you can secure your browsing privacy to a great extent, at some point you have to decide between privacy and convenience.
If you are concerned about protecting your privacy and activity, we would recommend using a VPN, carefully reviewing privacy policies, and using a search engine that respects your privacy more.