In this article, we look at the many different ways we are being tracked online, plus which measures users can take to avoid being tracked.
Internet tracking is used for several reasons, including:
– Improving user browser experiences on websites.
– For analytics to improve business performance and inform/feed into marketing content strategies and monitor a website’s usability.
– To enable the targeting of users with advertising, and to generate revenue by selling data about our browsing activities.
Some of the risks associated with tracking include:
– Privacy and security risks, i.e. our personal data being taken and potentially falling into the wrong hands / being used by cybercriminals, and companies building profiles of users based on sensitive information gained from trackers in websites.
– Matters of transparency and losing control of personal data. For example, where user data is stored and who has access to it is difficult to ascertain, and feeds into privacy and security worries.
– The possible contravention of a user’s legal rights and matters of consent. For example, GDPR, the California Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) and others have meant that tech companies can no longer legally track everything that users do and share that data with multiple other third parties as they wish without permission. For example, in the UK, since GDPR’s introduction, websites must display cookie consent and privacy information displayed on the home page.
Over 80 per cent of websites use one or more tracking tools (Epic) and reasons for private browsing may be to avoid having your browsing history recorded, perhaps being on a shared or public computer (to avoid being tracked by your browser), or to avoid downloading cookies (to prevent being tracked by websites), or to be able to sign into multiple accounts simultaneously.
The different ways that your browsing and free searching behaviour on the web can be tracked include:
– IP address tracking. The IP address (a string of numbers), set by the ISP, is a way for each computer using the Internet Protocol to communicate over a network. The IP address is necessary for accessing the internet so that web servers know where to send the information that’s being requested.
– Cookies. These are text files loaded into a folder on the user’s web browser by the sites they visit. Cookies record details such as users’ preferences and the last time they visited the website. Session cookies are used when a person is actively navigating a website, but tracking cookies can be used to create long-term records of multiple visits to the same site. From the user’s point of view, cookies can serve a useful purpose (e.g. for logins) or can be used for targeted advertising. Google recently announced an end to its third-party (tracking) cookies within two years for its Chrome browser following similar, earlier announcements by Safari (Apple), Mozilla’s Firefox (Mozilla) and Brave.
– Signed-in accounts. The accounts a user is signed-in to (e.g. Google or Facebook) can also track what a user has viewed, liked and more.
– Agent strings. When a user sends a request to a webserver to view a website, the request comes with information about the user attached to the User-Agent HTTP header. This ‘agent string’ contains information such as the browser (type and version) and the operating system used.
– Web beacons. These web bugs/tracking beacons track how a user engages with a specific webpage, including the content a user clicks on.
– Mouse tracking/cursor tracking software which records online users’ mouse movements to reveal how they interact with a website.
– Session replay scripts, i.e. programs that record a website visitor’s activity, such as mouse movements, clicks, and scrolls.
– Favicons (super cookies). These work similarly to cookies but are more challenging to decline or remove.
– Browser fingerprinting. This involves gathering and combining a variety of information about a user’s device to create a unique online identity which can be tracked.
– Cross-device tracking. This is the matching up of a user’s browsing habits across devices.
All mobile apps gather basic data, e.g. the user’s phone number and email address. Also, users are now tracked by 60 per cent of the world’s most used mobile apps (i.e. harvesting and storing data generated through private conversations). Eighty per cent of mobile apps collect data on messages their users send and receive.
In addition to collecting data, some mobile apps also try to collect cookies, and 50 per cent of them can access a user’s photos and videos.
There are many ways that users can try to avoid tracking, including using the following:
– Incognito/private browsing mode.
– Private Browsers and Private Browser Extensions.
– VPNs.
– Other privacy tools
Different browsers have different names for private browsing mode, e.g. InPrivate browsing (Edge), ‘Private’ for Firefox (Mozilla) and Safari, and Incognito for Google Chrome.
Switching to this browser mode loads a new private window. This means that the new window is not signed to any accounts, so it can’t be tracked by them, cookies are not used, and any browsing is not added to the browser history. In this mode, however, the user’s IP address can still be tracked.
Neeva is a new advert- and tracker-free search engine which has just been launched in Europe by former Google executive Sridhar Ramaswamy, using funding from investors. Neeva offers a free-to-use search and a password manager, and VPN (for a subscription). Neeva also stresses that its investigations are free from bias / corporate influence, suggesting a more impartial experience.
For a more detailed picture of how much tracking is taking place when visiting web pages, Neeva’s Chrome browser extension lists the trackers installed on web pages visited. See https://neeva.com/.
DuckDuckGo is a privacy-centred search engine/privacy browsing app, which is available as a download for mobile devices and a Chrome extension. DuckDuckGo retains a user’s privacy by not saving the user’s browser history, forcing sites to use encrypted connections, blocking cookies and trackers (including ‘hidden trackers’ before they load), and stopping a user’s searches being sold to third parties for profiling and advertising.
DuckDuckGo employs Smarter Encryption which utilises a list of millions of HTTPS-encrypted websites, which has been generated by continuous crawling of the web instead of crowdsourcing, thereby keeping it current. Also, DuckDuckGo’s Smarter Encryption enables users to be extra-secure in their browsing by detecting unencrypted, non-secure HTTP connections to websites and then automatically upgrading them to encrypted connections. See https://duckduckgo.com/.
Epic is a privacy and security-focused, Chromium-based browser that blocks ads, trackers, fingerprinting, crypto mining, ultrasound, and signalling and offers free VPN (with servers in 8 countries). See https://www.epicbrowser.com/.
The Brave privacy-focused, Chromium-based browser is free and open-source. It blocks ads and trackers and allows users to use a Tor in a tab to hide history, and masks location from the sites a user visits by routing a user’s browsing through several servers before it reaches its destination. See https://brave.com/.
The Tor browser uses a distributed network (randomly selected nodes) to anonymise a user’s IP address and encrypts traffic. This makes it incredibly difficult for a user’s web traffic to be traced and very difficult for users to be tracked unless they reveal their IP address by enabling some browser plugins, downloading torrents, or opening documents downloaded using Tor. However, Tor is also used for accessing and is associated with the ‘dark web.’ See https://www.torproject.org/download/.
Another option for users to try and maintain private browsing is to use an additional private browsing extension/add-on. Examples include:
– Privacy Badger. This is a free extension that gradually learns to block invisible trackers.
– Ghostery. This is a free, open-source privacy and security-related browser extension and mobile browser app that blocks ads and stops trackers.
– Cookie AutoDelete. This is an extension for erasing cookies for a browser tab when it closes.
– HTTPS Everywhere. This free, open-source browser extension automatically switches thousands of sites from “HTTP” to secure “HTTPS”, thereby protecting the user from many different types of tracking/surveillance and account hijacking.
The short answer is no. Although a virtual private network (VPN) routes a user’s internet through another computer (where many other VPN users are using the same IP address), making tracking difficult, it does not stop tracking altogether.
A VPN makes a secure connection to another network over the internet, encrypts traffic, and hides the user’s IP address. However, VPNs do not protect a user from being tracked, from cookies, from user-agent strings, through the accounts they are logged into (e.g. Google), or from any VPNs that keep logs of user activity and which could sell those logs to third parties. Also, some services discourage using a certain VPN, and VPNs can slow down the user’s Internet connection dues to the re-routing and encrypting through the VPN server.
Some other privacy tools that users can choose to avoid being tracked include combination firewall, antivirus, and VPN tools like Norton 360 Deluxe or Panda Dome or web proxy tools like Privoxy.
Some recent ‘good’ news in the tracking world is that last year Google announced that it was phasing out third-party cookies (over two years) and would not use other technology to replace these cookies or build features into its Chrome Browser to allow itself access to that data. Google said that it would be switching to Federated Learning of Cohorts (FLoC), a method which groups what it categorises as like-minded online users together so they can be collectively tracked.
The risk of cybercrime, data breaches, and simply being targeted by advertisers mean that for most business users, the security of knowing that they’re not being tracked and that there is a high level of privacy protection by default may be an attractive and useful part of company security measures. Also, using a trusted app/extension/desktop browser may be a convenient way to get greater peace of mind and ensure that all reasonable measures are being taken to cover the many angles of security and privacy. For many businesses, it is likely to be a case of a combination of privacy solutions, e.g. VPNs, secure browsers and extensions, and other privacy tools being used as and when required in a way that is compatible with daily working practices, authorised, approved, and recommended by the company and other relevant stakeholders.