10 ways websites betray your privacy
Websites want more than just your attention
There are dangers to your privacy lurking in every nook and cranny of the internet, although not everyone takes them seriously. You may trust that larger companies wouldn’t stoop so low as to collect information from you and exploit it to make money, but here at TechRadar Pro, we wouldn’t put it past them.
When you visit virtually any website, the chances are that the company behind that website is learning more about you. Typically, this is so they can show you more relevant advertising based on what you’ve searched for and looked at in the past, a technique called targeted advertising. In other cases, though, they’re selling your information to other companies who want your money.
We’ve looked into 10 specific methods that websites use to pry information out of your devices, usually without your knowledge or consent. Despite the common misconception that the internet is anonymous, this couldn’t be further from the truth, as more and more organizations find ways around laws like the GDPR, which prohibit them from simply taking your name and address straight from your Contacts app.
While complete anonymity on the internet is impossible, there are a number of simple steps you can take to prevent almost all forms of online tracking. Where possible we’ve listed these alongside ways bad actors can track you, so you can stay safe. There’s no one magic bullet solution though, so make sure to keep reading in order to find the different methods you need to use.
1. Tracking your browsing history
The moment you land on a website that wants your data, it’s going to start swiping your browsing and search history from right under your nose, and save it for later analysis. More often than not, as we've mentioned, this is then used for marketing products and services that are relevant to your online behavior.
This is one area where using the best VPN won’t necessarily help, as if you’re signed into your account e.g. on an online retailer they can still link your activity to your name through using cookies. Rather worryingly some cookies are “cross site”, so for instance if you visit a website to get a quote for life insurance they may see a cookie that tells them you’ve previously bought a book on quitting smoking.
Some sites do allow you to opt out of being tracked, although we can assure you that this feature isn’t especially easy to find on the rare occasion that it exists at all.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Most “do not track” options are simply a way for your browser to request that the website doesn’t retain your information but often there’s no way to check if this is actually being done.
Some browsers such as Mozilla Firefox take a more aggressive stance on tracking and actively try to prevent it. You can also protect yourself further by using a privacy-oriented search engine like DuckDuckGo.
Read more about this kind of tracking and ways to protect yourself in our online guide.
2. Super cookies
If a cookie keeps track of your site visits and activity, then a ‘super cookie’ is a cookie that tucks itself away from the main cookie database. Some of these go as far as storing themselves in more than one location, and reactivating old cookies that you went out of your way to delete.
Websites use these super cookies to monitor the routines of those who are smart enough to remove their browsing history and cache. By peering into the data of your other installed web browsers, super cookies are particularly sneaky pastries.
Technically you could reset your entire device to factory settings and not be safe from super cookies as they can be re-inserted into your browser via your ISP. This makes super cookies far worse than the regular kind.
Security researchers and browser developers have engaged in a game of cat and mouse over the years detecting where super cookies might be lurking within internet software, only for unethical companies to find somewhere new to hide them. This can be within a web browser or even somewhere on your hard drive.
Even if you remove supercookies though and use ‘incognito mode’ on your browser that doesn’t affect the data your ISP may have already gathered on your previous connections.
The best way to stay safe is to keep your connections as anonymous as possible each time you go online. This can be done through using a reliable VPN.
3. Cookie syncing
When in doubt, some websites use elaborate schemes to identify which device you’re using. This is called cookie syncing, a process that allows organizations to share information with each other and string together the identification numbers they’ve all assigned to you. A conglomerate of sites can all work together to use the data they’ve collected from you more effectively.
In theory this is done so they can serve you more targeted advertisements but the more personal data they gather on you, the greater the risk it can be abused. Once two different websites have synced your cookies, they can also keep sharing information about you in future.
And you have no idea that this is happening… well, you do now, but you get the idea. The goal is to ultimately build up a better picture of you, and your browsing habits and interests.
It’s likely this has already happened to you but you can fight back. Firstly, make sure to clear your web browser cache to erase any existing cookies on your device.
These types of cookies usually appear on websites containing advertisements, so consider installing an ad-block extension, such as AdBlock Plus or uBlock Origin.
4. Ditching anonymity
Everyone thinks they’re anonymous on the internet – and they are to a certain extent. The fact is, your real name is irrelevant to advertisers, which is why they refer to you as a number that they’ve assigned to you internally. Using this number they can determine how much you’re willing to spend, and on what.
In the United States, the National Security Agency (NSA) can use these identifiers collected by advertisers to more target suspect individuals; in effect, these newer, third-party algorithms for collecting data are doing some of the NSA’s job for it.
These are built up partly through using as you’ve already seen but also through tracing your unique IP address, especially as your ISP may not change it for months at a time. Take back control by using a reliable VPN provider. By doing this, you’ll be connecting to the internet via one of tho thousands of VPN servers they offer, so your IP address will appear to be the same as theirs.
5. Selling your personal information
Whenever you purchase something at a store and are asked to provide your email and/or mailing address, you run the risk of that company selling off your personal information to advertisers – it’s why you sometimes get unsolicited emails in your inbox from senders you’ve never heard of, and don’t recall giving your details to.
Larger, well-known companies don’t normally engage in this practice as they have reputations to protect. However, any company is vulnerable to data breaches, and should one occur there’s no telling how widely your private information could be disseminated.
This is a case of prevention being better than cure. Make sure to provide only the minimum necessary personal information to each website, so in case of a data breach, the damage is minimised.
Each time you register a new account with a website, use an anonymous e-mail address or alias each time. If you’re using an Apple device like a Mac or iPhone you’re in luck as iCloud supports generating unique random email addresses each time, and automatically forward messages to your main address without revealing it.
Make sure to use a different, strong password for every website or online service you use too. The best way to do this is via the best password manager.
6. Device and location-based pricing
There’s evidence out there to suggest that the prices of products and services can increase or decrease depending on the device you’re using to shop online or where you seem to be based.
Back in 2012, for instance, it emerged that travel website Orbitz was giving Mac users pricier hotel options than those searching on PCs – which is rather presumptuous, as a moderately specced PC can cost just as much, if not more, than a Mac.
Location-based pricing is also common, whereby rates for hotels and flights increase depending how wealthy an area in which you seem to be. Fortunately there’s an easy fix: if you connect to a VPN server in a different location to yours, you can appear to be in that place. The websites will then quote prices accordingly. See our guide How to change location and IP address with a VPN.
7. Social media tracking scripts
When you use a social network like Facebook or Twitter you’re agreeing to let those companies do pretty much whatever they want with your personal data, and that includes data collected by tracking scripts found outside of the networks themselves. In the case of websites that have the Facebook ‘Like’ icon embedded, for example, Facebook can store a cookie on that site to save your login state.
The company can use the information gleaned from this to identify you, and use its algorithms to target you with advertisements based on the websites you visit, for instance showing you adverts based on products you or your Facebook friends have “Liked”.
In February 2021 Apple and Facebook clashed over features like these, where Apple insisted that their App Store’s Facebook App must give users the choice over whether they’d like to be tracked.
It seems that some social media giants like Meta also inject Javascript code into links opened from their apps to better track people over the web.
Your first line of defense here is to access social media via a secure browser that takes your privacy seriously. Take some time to explore settings related to cookies and make sure to enable “do not track”, as well as install any of the best ad-blockers as we outlined above.
Remember also there are plenty of safer ways for you and your contacts to stay in touch. The open source Signal messaging program contains no ads or tracking scripts, plus supports setting up groups where you can chat using end-to-end encryption.
8. Browser fingerprinting
You may not be using your actual fingerprint to run Google Chrome or Firefox or Opera, but that doesn’t matter because your browser configuration is as unique as the pattern on your anatomical digits. The version you’re running, along with the plugins you have installed and their specific versions, make it easy for sites to identify who you are.
In a process called browser fingerprinting, companies use that data, in addition to your screen resolution, installed fonts, time zone and more, to collect information about you. And if you’ve disabled cookies to prevent such tampering, even that’s a feature that helps to make your browser distinct.
There are browsers that make fingerprinting more difficult and extensions that prevent some forms of browser fingerprinting.
9. Browser user agents
Every time you open a website your browser forwards it a line of text that identifies both your browser and your operating system, and this information can also be used to generate targeted ads.
Essentially, your browser is telling the website whether you’re using Safari on an iOS device, Chrome on Windows 11 and so on.
Using this information, a website can determine whether to tailor its ads to a mobile device or a desktop. It can also be used to deliver ‘Please upgrade your browser’ messages to those still clinging onto Internet Explorer.
One way to stay safe is to connect via the Tor Browser, which has been deliberately designed to show the same ‘agent’ data for every user. Certain browser extensions can also display.
10. HTTP referer
No, you don’t have to correct us: the ‘referrer’ in ‘HTTP referer’ is spelled incorrectly on purpose. It’s a term that describes the header that stores the details of where you’re coming from when you’re redirected to a new website. So, if you’re browsing TechRadar and you click a banner ad, the HTTP referer stores the fact that you were visiting TechRadar.
The HTTP referer can be sent to the new site and, from there, the site administrators or algorithm can deduce two things about you: where you’ve been, and where you are now. And this information can be used to – yep, you guessed it – put yet more targeted ads in front of your eyeballs.
You can just use a reliable ad-blocker to avoid being bothered by these ads. Most reputable browsers such as Firefox try to trim out any personal information from the http referer header but you can also disable it altogether in your browser settings. Check the support pages for your chosen browser with help on how to do this.