Web trackers: What they are and how to protect from them
Learn to manage your digital traces and escape web tracking
It probably doesn't come as a surprise that your online activities are tracked every time you surf the net. Behind every search you do, every website you visit, every purchase you make, there is some - often invisible - data-hungry software ready to collect all your digital traces.
That's why the use of security tools like VPN services is getting more and more widespread among casual internet users. And, hackers are not the only ones you should be aware of. We are living in a digital economy where data is more valuable than ever.
Websites' owners, ISP providers, data broker companies, advertising agencies, big tech firms and even authorities employ web trackers to spy on everything you do online. Their purpose is to draw an accurate profile of you as a user. Sometimes they do so to make your digital experience more customized and smarter, but making money is mostly the goal. However, in some instances, web tracking has a more sinister intent.
Internet tracking is on a worrying rise, and no one is exempt from it. Take Google, for example: easily the most popular search engine around, it's thought to have its own trackers on almost 80% of the web traffic. And then, there are malicious actors that can breach these databases with harmful consequences.
But, how do websites and third-party organizations track you down? What do they do with your data? How dangerous is web tracking, really? Read on to discover everything you need to know about web trackers and how to protect from them.
What is web tracking?
Web or internet tracking is the collection and sharing of information about an internet user's activities. Web trackers are inserted into the code of the website you visit with the scope to observe your activity, and then follow you around the internet.
These technologies can be owned by websites' hosts, marketing companies, advertising agencies and even governments. They sometimes keep this data for themselves, or they may sell them to third parties in exchange of other services.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As the scope of web tracking differs, so too do the type of data collected. As a general rule though, they are likely to collect every possible piece information they can. Some examples are email addresses, login credentials, payment details, search preferences, how long users stay on websites, accurate location, the type of device used, applications downloaded, and so on.
There are five main types of web trackers:
- Tracking cookies: These are the most common web trackers used to collect your information. A cookie is a tiny snippet of code that gets stored on your browser once you access a website. While some cookies are essential to customize your digital profile - like billing address and payment method on ecommerce platforms, for example - others can be way more intrusive with the purpose of spying on your online activities even after leaving the website.
- IP address tracking: Your IP address is a unique set of numbers that determines your physical location. Many websites and organizations used these web trackers to monitor which devices are connected to their networks as well as where their visitors come from. It's worth noting that this type of tracking works only if your IP is visible. So, if you are concerned about your privacy when online, simply connecting through a secure VPN service will prevent those from snooping on you.
- Web beacons: Beacons are single-pixel transparent graphic images that can be attached to websites you visit and emails you open. They record your digital behavior and monitor everything you do online to draw a precise digital identification of your persona. When attached to emails, these tiny images can facilitate IP address tracking. As they are invisible to users, your data could be exposed without you even knowing.
- Browser fingerprint: With cookies getting more regulated - in some countries websites must allow users to choose to enable them or not - new tracking techniques are rising. Every browser connected to a certain device brings with it some unique data, including device model, screen resolution, operating system, language, browsing history, and so on. That defines its own browser fingerprint, which can then be used to track down your online activities every time you open the browser.
- Canvas fingerprint: Once used for reproducing graphics and animations on a site, they are now employed as a tracking method too. Canvas fingerprints are a piece of code within the HTML5 coding language used for building websites, and is basically how your browser responds to graphical instructions. Through the same method used by a browser fingerprint, snoopers can learn your unique digital traces. Used together with other tracking methods, they can draw a pretty accurate profile of users.
All these tracking methods can be used distinctly according the situation. First of all, there is a notable difference between first-party and third-party trackers.
First-party trackers are implemented directly by the website you visit. Not all of those are a bad thing either. Some are used to remember your log-in credentials or simply manage your sessions for a smoother experience. They usually deactivate once you log out from the website. However, malicious actors may still exploit them to access your sensitive information.
Third-party trackers can be much more intrusive. As the name suggests, other parties may use them to track down your online activities. These are mainly used by advertising agencies to tailor the ads you see in every sites you access. Have you ever noticed that after searching for a new pair of shoes or your next holiday destination, you keep seeing ads related to your searches everywhere? That means that third-party trackers are noting down your preferences.
Another substantial distinction is between session and persistent trackers. The first die out once you leave the website. The latter keep following your activities from site to site, sometimes tracking you down even years after being enabled on your browser.
What is web tracking used for?
As mentioned before, web trackers fulfil different purposes. Below, we've run down web trackers' most common uses.
- Advertising: Targeted advertising is an essential revenue stream for almost all online businesses. From news sites and consumer magazines to social media and search engine platforms, web tracking allows companies to tailor the ads you see, matching your interests. As for the nature of them, they are mostly third-party and persistent trackers as they need to follow you from site to site to be effective.
- Analytics: Web analytics monitor how internet users interact with the website to obtain meaningful insights into their visitors. These are then used to better organize the platform to make it more appealing and easier to browse in. This type of tracker is usually among the 'essential cookies' that you cannot disable from your preferences.
- Ecommerce: A form of analytics trackers, the best ecommerce platforms use them with the scope to sell you more products. These tools record your credentials, preferences and shopping habits to optimize the site and drive more sales.
What are the dangers of web tracking?
If monetizing your data and better-customized online platforms are the primary objectives, web tracking can be used in a more invasive and worrying way. The most scary part is that all this happen in a way that is not visible to most people.
Tracker profiling means that your data - like IP address, personal information and browsing habits - is used by tech giants and governments to build your unique digital profile. This valuable and sensitive information can be then used in many - sometimes unethical - ways.
The Cambridge Analytica scandal, for example, shows how this data can be employed for targeting and manipulating users for political purposes. In that instance, the British consulting firm harvested the data of up to 87 million Facebook profiles to back up the 2016 Donald Trump's presidential campaign as well as the Brexit referendum.
Researches also found that many government and public health sites use invisible trackers to profile users. Almost 90% of EU government sites appear to use these tools. Plus, almost all popular health apps seem to harvest users' data as a common practice.
While an investigation carried out by NGO newsroom The Markup uncovered that advertising agencies were tracking users down on more than 100 websites offering services for undocumented immigrants, domestic and sexual abuse survivors, sex workers and LGBTQ people.
Is web tracking legal?
Even though tricky at times, web tracking is absolutely legal as long as companies make sure to meet all the relevant data privacy requirements. Many countries have now specific data-protection laws to define which data can be collected, the reasons for doing so, as well as how long these information can be stored.
Amended in 2018, the EU's General Data Protection Regulation (GDPR) requires website operators to have a visitor's consent before tracking them through cookies. In 2021, the UK retains the same data-protection law despite no longer being a member of the European Union. While, in the US, the California Consumer Privacy Act (CCPA) rules similar requirements.
The fact that many website users can customize their preferences around tracking cookies is a positive step. Although, in practice most of the people simply click on 'allow everything' without even thinking through. The same applies to the 'terms and conditions' consent. Research has found that over 90% of users never reads service policies before accepting them.
On top of that, even though internet users can take some agency back when choosing which cookies to accept, there are some web trackers that are invisible to most of people.
All this shows how the route to more fair and regulated web-tracking practices still needs to be improved.
Follow these hacks to protect your privacy from web trackers:
- Use tracker blockers: You can download a tracker blocker tools as an extension to plug-in your browser. This works as an ad-blocker too, preventing third-party trackers from spying on you. However, they do not block web tracking directly coming from your browser provider.
- Switch to a private search engine: As we have seen, popular search engines like Google constantly spy on you. That's why you should opt for a more private option - like DuckDuckGo - to browse anonymously and protect your data. Some VPN providers, like Surfshark with its Surfshark One bundle, have even developed their own software.
- Connect through a VPN: As your IP address is one of the most common data points collected, securing your browsing through a VPN service is your best bet to escape this kind of web tracking. Some providers have developed new features meant to block ad-trackers too - these include ExpressVPN's Threat Manager and NordVPN's Threat Protection.
- Change browser settings: Despite not being 100% effective, most mainstream browsers offer some basic protection against third-party cookies. Head on your browser's settings tab to enable the block. But remember: some sites may ignore this.
- Regularly clear your cookies: To stay on top of your digital hygiene, you should get into the habit of clearing your cookies and browsing history on a regular basis. Although, without any other countermeasures, this practice is simply a temporary hack as every time you go online these trackers will be loaded on your browser again.
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com