Privacy is becoming a major concern for many internet users, specifically the implications of our browsing activities being tracked. And yet it seems like many people are still unaware of the risks associated with some of their habits. And neither do they know how to mitigate those risks.
So how do website track users? And how can you legally stop your online activities bring traced?
Tracking Cookies
Cookies are a way to store user settings for websites locally in the browser. For example, you might set your preferred time zone, which would result in a cookie being created in your browser with that setting. It’s a lightweight way of managing user preferences without the need for server-side accounts.
Or at least, that was the original intention. Cookies see a lot of use for more nefarious purposes, usually related to marketing.
The general idea is that sites that serve ads to you can use cookies to figure out if you’ve visited certain other sites. That way, they can monitor your behavior as you move across the internet, and serve you with more relevant content.
This has raised many concerns with industry specialists in recent years. It’s the reason why every website now has that annoying popup asking you to confirm your cookie preferences. Regulators decided that this was a good solution to the problem, giving users more control over how their cookies are used.
In reality, malicious site operators just focused on using confusing wording to trick their users into accepting cookies while thinking they’re doing the opposite.
Browser Fingerprinting
And that’s just the tip of the iceberg. Cookies are old news at this point, and site owners have moved on to more advanced and accurate techniques.
Fingerprinting is the most popular approach right now, and it’s scary how effective it is while also being practically impossible to block.
It’s based on the idea that every computer configuration is unique in some way. And a lot of that data is directly available to the sites you visit, usually for compatibility purposes. Here are some examples of data points which can be used to build a profile of you:
- Browser and its version
- Operating system
- IP address
- Installed fonts
- Versions of specific plugins, like Java (though these are being deprecated at least)
- Hardware
Taken separately, none of those are identifying factors, even your IP address. But put them together, and the resulting profile is going to be unique to the scale of one in several million, sometimes much more—in any case, more than enough for site owners to figure out it’s you.
Your browser needs to provide sites with access to these data points so they can work correctly. For example, a site might want to look at the list of your installed fonts to know which ones it can and can’t use. You can block some of these features, but that won’t go far.
There are some very advanced techniques that can be used to extract information about you, even if you’re trying to block that.
For instance, different browsers are known to have their own little quirks when working with JavaScript. A site can use that to verify which browser you’re using.
Or for something more advanced, the site might execute algorithms with known complexity and measure their performance in an attempt to figure out your hardware configuration.
Does Incognito Mode Stop Sites Tracking You?
Some people see Incognito mode as a “safe zone” where they can do whatever they want without tracking. Modern browsers even specifically brag about the measures they’re taking to combat tracking when you open a new private tab.
But when you consider all of the above, that’s practically useless.
All you’re doing is hiding your logged-in account identity and nothing else. Tracking cookies will still work, even if they can’t be saved after this session. Fingerprinting will ensure that you leave a recorded trace.
How Can You Stop Sites Tracking You?
That’s not to say that all hope is lost. There are some things you can still do to minimize the impact of this data collection.
We already touched on one of those points above. The next time you’re presented with a pop-up to confirm or reject cookies, take a more careful look at it before clicking “reject”.
Some sites will try to trick you into accepting cookies when it seems like you’re doing the opposite. Common tricks include masking the reject button as “reject recommended” or something along those lines. Or the site might ask you to explicitly pick your desired cookies from a list. They’re hoping that most users just don’t want to bother.
VPNs and similar services have been touted as a solution to the problem in recent years, but they have a mixed solution. No, VPNs don't stop cookies, but they do mask your IP. They're certainly a strong part of your security arsenal, but they're not foolproof.
And it largely depends on which VPN service you use. For example, you don’t know where your connection is going through and who might be listening in. Even with an encrypted connection, there’s still some potential to extract useful information about you.
But they're certainly better than nothing. You'll need to go the extra mile to properly limit tracking, though.
Go through your browser extensions and plugins: think about which ones you’re actually using and need. The more you have installed, the more unique your fingerprinting profile is going to be. Make sure to keep them up to date as well, instead of staying on the same version for a long time.
Is This the Future of Browsing?
For better or worse, this is something you’ll have to get used to. Companies have an active interest in tracking your activities across sites, and that isn’t going anywhere.
But we can certainly do a lot more to improve how we react to this. It’s more important than ever before to take a long, critical look at your browsing habits, and start working on some of them.