What are trackers?
Trackers come in many forms. Generally, regardless of what form of tracking is used, trackers are designed to either 1) track you across different websites, web services, and web apps or 2) collect identifying information about you and your device(s).
Frequently, they do both.
Trackers - or rather, tracking techniques - have existed since the internet was conceived. They're nothing new, per se.
However, especially in the last decade or so, tracking techniques have evolved tremendously. Worst yet, they continue to evolve and are frequently aided by machine learning capabilities.
They have become more sophisticated, becoming harder to detect while collecting increasing amounts of information. Consistently we see that the tracking techniques of Big Tech, Big Data, Ad companies, and even state-sponsored organizations have become downright invasive.
Tracking Cookies
Cookies are bits of data that get stored on your web browser by websites. You've probably heard of first-party and third-party cookies; first-party cookies are placed by the website itself whereas third-party cookies are placed with a different entity that loads on that same website, such as ads served by an ad network.
Some cookies are essential for certain websites to function. Some websites have many cookies that retain many bits of differing information - things like login session information and saved preferences.
There are specific types of cookies? Not every cookie is made the same - some are placed on your device for tracking purposes. Enter the tracking cookies.
Tracking cookies are stored on your device to typically track you across the different websites you visit. They don't do the active tracking themselves, but they store information that websites can retrieve (read) later on.
Not all cookies are necessarily bad, but you'll want to block known tracking cookies and only let cookies from websites you trust be stored on your device(s).
Additionally, you should be aware that even cookies that are "benign" can be read by the different websites you visit, which can be used to create/add to a shadow profile of you and your browsing activity. This is especially true if your browser isn't set up to keep cookies in "containers."
It's also worth mentioning that while tracking cookies are on their way out, this isn't the end of pervasive and intrusive third-party tracking; they're just taking a different form. Case in point, Google Chrome's pivot away from third-party cookies to its Topics API.
Social Media Trackers
These trackers don't necessarily have to identify you or have to rely on if you have an account. They have the capability to track you across the websites that implement them.
What they typically do is link data collected about the websites you visit to your established account. In some cases, you may find that despite not having an account with a social media service, they may have a "shadow profile" on you and your internet activities anyway.
If you do have an account with any given social media service, you should be aware that the data social media trackers collect is on top of the information you share directly on the platform (for example, to follows) and with the platform itself (for example, your email address or phone number).
Let's take Facebook - the "top social media network" - for example...
They've been at the "top" for so many years because of their extensive data collection - all courtesy of their ever-expanding tracking network. This is in addition to Facebook's overall unfriendly stance on fair competition .
Facebook pixel is a part of this tracking network. Facebook pixel is an analytics tool that webmasters can place on their websites via code. It will track the user's interaction with a website that's completely off Facebook's platform: clicks, page scrolls, length of time on page, timestamp of page accessed, exact exiting links, etc.
So, in addition to what Facebook knows about you on its own platform, it now has access to what you do completely outside of its platform too via social media tracking.
Fingerprinting
In general, the larger topic of fingerprinting can be thought of as a "catch-all" when it comes to tracking techniques.
It's also a major component when it comes to web tracking because it uses the information found on/sent by your device to identify you and subsequently track you. Identification by unique properties such as (but not at all limited to) browser settings, device, and connected networks (to include nearest cell towers) are the building blocks of creating a user profile.
Fingerprinting takes into account your entire device and factors directly surrounding it - your browser, connected networks, the operating system (exact build and version), browser settings, browser add-ons/extensions, Do Not Track preferences, and more. Fingerprinting is as invasive as it is accurate; for example, the EFF has estimated that only 1 in 286,777 browsers will share the same fingerprint.
That leaves the question of how fingerprinting is carried out. The short answer is: fingerprinting techniques vary wildly. Frequently, you'll find that websites fingerprint your browser through the likes of scripts written in a common web language such as JavaScript. These scripts are usually executed silently, without user knowledge.
For example, a website can use a script to silently pull your IP address via WebRTC (which you should disable) without your knowledge. And that's just one bit of information a website can gather from your device and browser.
Fingerprinting has evolved so much so that it is next to impossible to simply "block all fingerprinting" techniques. In fact, it has been demonstrated that on some devices - such as smartphones - some fingerprinting attacks are not possible to block.
What data do trackers collect or store?
Since trackers come in different forms, the data they collect varies. Because of this, you'll find that many different websites use a combination of different tracking techniques to collect as much data on users and visitors as possible.
Tracking cookies can store (for collection by the calling websites):
- What sites you visit
- How long you stay on a site
- How you interact with a site (ex: how many page links you click on)
- Information you put into web forms
- Location data
- Personal information you give to a website
Social media trackers can collect:
- Precise location data
- Ads (within the Ad network) that you've clicked
- Click-throughs on websites
- What sections of a web page you interacted with; did you place an item in your cart?
- Length of duration on a site
- Browsing habits
- Information within stored cookies on your device; are you signed into another service?
Browser/device fingerprinting can collect:
- Information in your browser's referer header; typically the exact URL of the website you were on previously
- User agent string (browser, operating system, device type and/or brand)
- Browser settings (ex: is Do Not Track enabled?)
- Cookies settings
- Device information; this can go as far as pulling device IP addresses
- Precise location data
- Connection header of browser
- Session storage configuration
- Local storage configuration
- Screen resolution
- Operating system of your device (to include exact build/version)
- Browser plugins (including modifications made by add-ons/extensions)
- Timezone
- Fonts (size and type)
- Network information (are you using Wi-Fi or cellular data?)
- Data stored via autofill (otherwise known as autofill attacks)
What is this data used for?
The general answer is that it depends.
But based on the current state of AdTech, tracking technology, the aggressive degradation of online privacy, we can safely assume that your data is used one of two ways (or both)...
- Generating profit: whether that is by using your data to improve ad targeting, to recommend things to buy, to manipulate you into consuming more content, or to simply sell your data to the highest bidder... you can bet it's usually to do with someone's bottom line. Typically this is a goal for the private sector.
- Surveillance: beyond "surveillance capitalism" for profit... some nations/states want to know everything you're doing online. Think 14 eyes, Russia, China, North Korea, or (insert your country's government organization here) who have an interest in tracking you and conducting mass surveillance online.
Ways to block trackers
Typically, there are two basic ways of blocking trackers (and ads, for that matter): on the browser (or device level) and on the network level.
Browser/device level
When it comes to blocking ads and trackers on the device level, how you go about it varies slightly depending what device you're working with.
For example, you may have some sort of advertising/analytics options specific to the device and/or operating system you're using.
In general, though, blocking trackers usually means blocking them via the device's browser. And even with the use of a properly configured privacy browser, you'll more than likely need the help of trusted privacy preserving extensions to help get the job done.
You can change the DNS settings for your device for more robust tracker protection, but that requires you to either set up your own DNS with appropriate blocking lists or to put effort in researching trustworthy DNS servers that provide adblocking.
The biggest plus to blocking trackers on the device level is that wherever you go, you generally have that same level of protection against trackers. Additionally, especially nowadays, setting up tracker protection on devices is relatively easy.
The biggest downside opting to only block trackers on the browser level is that protection for one device isn't extended to others, even on the same level. Furthermore, you're really only protecting yourself from the "frontend" so to speak (assuming you haven't touched the device's DNS settings).
Network level
Blocking trackers on a network level is far more complicated than configuring a browser and downloading trusted add-ons or extensions. It can be even more complicated than simply changing the DNS settings on an individual device.
Generally, blocking trackers on a network level includes changing DNS servers to more privacy-friendly alternatives and/or using the router itself to blacklist certain domains, such as those associated with known tracker and ad networks.
Some of what you can do also depends on the hardware (and operating system) you run; for example, if you use a router provided by your ISP, then you more than likely can't change what DNS servers it uses. This makes it impossible to use a privacy-friendly DNS alternative or to set up your own DNS server, such as a PiHole.
Furthermore, buying any type of new hardware required to run your own DNS and/or VPN may be impossible for some, due to any number of extenuating circumstances. For example, some users may not have direct acces to the router and/or network settings.
The biggest plus to blocking trackers on a network is that you provide protection to all devices on your network (assuming your router/home network settings are customizable enough to allow this and are configured correctly.)
This protection is often superior to just blocking trackers on the browser level because you can block devices, services, and applications from phoning home to remote servers.
The biggest downside is the probably the complexity for a lot of users... It is also an ongoing task, fluctuating between lulls where everything is working fine and needing to be monitored in case something breaks.
Additionally, if you run your own "servers" that do the blocking, you must leave them on constantly or else the rest of your network collapses.
Importance of blocking trackers for privacy
1. Reduces accuracy of targeted ads
Targeted advertisements and retargeting relies on the data that many trackers and tracking systems store, collect, and provide.
When trackers are allowed to run on your device(s) unchecked, you'll find that very targeted ads will follow you across many websites that you visit.
For example, if you were researching which whether you should buy the new Xbox, you'll find that many ads be about gaming - even more specifically, they may show you deals on the new Xbox from various merchants.
Want another, creepier example? Let's say you were researching plane tickets because you were considering a couple's trip to Jamaica...
Now, every time you log into your Facebook account, you see plane ticket ads to Jamaica. When you go to, Instagram, you see the ad type of ads. You go to your favorite news website and still see the same ad. You even start seeing ticket and lodging ads for Jamaica. You may start seeing ads for the "best things to do in Jamaica" or for "how to make the most of your trip to Jamaica."
The only way to stop this kind of creepy and uncanny advertising is by blocking the tracking methods and techniques that allow big data and ad companies to collect data about you.
You may also want to look into downloading and using a privacy browser and using private search engines to further reduce the accuracy of targeted ads.
2. Escape filter bubbles
You may have heard of filter bubbles.
Filter bubbles refer to the results produced by AI algorithms as we browse and search online.
These results are often produced based off data collected about you, to include both personal identifiable information you provide (either knowingly and unknowingly) and information collected by various tracking techniques.
Filter bubbles have become a large problem, and have gotten worse since the big push towards hyper-personalized marketing.
Ultimately, they manipulate what information you come across while remaining effectively invisible to many users... and the more tracking techniques that collect data about you, the more trapped in an "echo chamber" users become.
3. Helps you keep control of your data
This is probably the most important reasons to block trackers and tracking methods.
At the end of the day, tracking methods are designed to collect all sorts of information about you. This information can include personally identifiable information, and information on your device(s) and browsing habits.
Naturally, when you block various trackers, you limit what information websites, big tech, and big data can collect about you. This gives you more control over the data that you share (either knowingly or unknowingly) with web services, websites, and web apps.
