How do websites track you online and how to avoid it ?

Tien Nguyen

The Internet is the largest company network and more than three billion people are using it. Due to the continuous development of the Internet and technology, advertisements have never ever been more invasive and more unescapable nowadays. Thanks to the wealth of data, that is available to each and every user. A single site or map might contain dozens of trackers building a detailed profile of who you are and what you do online. The bad thing is we don’t even notice. Privacy is a buzzword with all big tech companies these days. But many large companies simply don’t play along and keep creating data profiles on us even when we have opted out in the browser. Mostly, it is not clear to users when or by whom they are being tracked and for what exact purpose their data is being used. So what do websites use to track you?

Which way do websites use to track us online ?

At first, we should understand how web tracking work

  • Collecting Cookies: It contains information about your web activity. Basically understanding. they remember your login info, language settings, or the items you add to your shopping cart.
  • IP Address Tracking: Your IP address identifies you online.  Every device on the internet has an IP address
  • Pixel tracking: Pixels are tiny images that are invisible to the human eye, but can track and record what you’re doing
  • Device Fingerprinting: Device fingerprinting is a way to combine certain attributes of a device — like what operating system it is on, the type and version of web browser being used, the browser’s language setting and the device’s IP address — to identify it as a unique device.

Cookies

The most common tools to collect information about us are cookies. It sounds sweet but cookies are in fact tiny files placed on your computer by your browser when you visit websites. A cookie is a piece of data from a website that is stored within a web browser that the website can retrieve at a later time. Cookies are used to tell the server that users have returned to a particular website. When users return to a website, a cookie provides information and allows the site to display selected settings and targeted content.

Cookies also store information such as shopping cart contents, registration or login credentials, and user preferences. This is done so that when users revisit sites, any information that was provided in a previous session or any set preferences can be easily retrieved.

There are two basic types: session cookies and persistent cookies. They enable us to move from one part of a website ( a product page) to another (checkout page) without having to constantly relog in for every page.

  • Session cookies are stored only as long as your current session and should automatically be deleted when you close your website.
  • Persistent cookies can be good or bad depending on how you look at it. They are placed in your computer and they stay in your computer. They are used primarily by marking firms to track your browsing history. For example, if you keep visiting shoe stores, you will soon find ads for shoes following you wherever you go. And that’s regardless of which site you are visiting. In some cases, it can be intrusive while in others the relevancy of ads maybe welcome

To get a better understanding of cookies, you can refer to our article here. Internet companies track all of our online behaviors. You can delete cookies but persistent trackers will respond to them. Trackers share cookie ID, so even if you delete your cookies, if a single tracker responds to one, it will effectively merge all of your history for all of their partners.


IP Address Tracking

An IP address is an unique identifier assigned to each device connected to a computer network. The most common analogy for an IP address is the postal service. For the postal service to work, every house needs to have its own unique address. And if you need to send a letter, you need to write a destination on the envelope. That way, when you send the letter, the postman knows exactly where to deliver it. The address must be unique, otherwise your post could end up going to somebody else or you could start receiving somebody else’s post. Computers work in the same way. Each computer in a network needs to have a unique address called an IP address. And when sending data to a computer, just like letters, we need to add the destination address. We also need to include a return address so they know where to reply.

IP address is something which we use to determine the location of a device which is connected to the Internet. Just like you describe your physical location by mentioning your physical address, in the same way on the Internet, we use IP addresses to determine where a specific internet connected device is located on the earth. Using this IP address, you can basically track or tell from where the user is visiting or using the Internet.

The IP address itself is separated in two parts, the first part represents the network and the second part represents the host. The host address or host ID is what’s assigned to hosts within that network such as computers, server, tablets, routers and so on. So every host will have a unique host address.

To know which part of the IP address represents a network, we used to rely on the first few binary bits (the digits 0 and 1) but since the early 90s we have something called a Subnet Mask.

A Subnet Mask is always paired with an IP address and is used to identify the network section and the host section of the address. In its simple form, whenever you see 255 - this is the network part of the address. Whenever you see a 0 this is the host part of the address.

It can get a bit more complicated than that. When learning about the network and host and what they mean, it’s good to think of it like your address. You share the same street name as your neighbors but it is the house number that makes your address unique. On the other hand, you can also have multiple streets with the same house number.

It’s the same with computer networks. Instead of street addresses, you have network numbers and instead of house numbers you have host numbers.

Here we have two networks 192.168.5.0 and 192.168.10.0, both with a subnet of 255.255.255.0. When you talk about the network as a whole, you often just use 0 for the host section. Inside our network we have our host .1, .2, .3. It’s common in a network diagram to just show the host section of the address if you already know the network section. In fact these IP addresses would be 192.168.5.1, 192.168.5.2 and so on. With all of that, we have some data to send to 192.168.5.3 with a subnet mask of 255.255.255.0.

Where would we send it ? If we look at the subnet mask, we can see that the network is 192.168.5, so we know that 3 is our host number, so we send it over to the host in the network on the left.

Virtually every website on the World Wide Web (Web) will track and record IP addresses as visitors click through the site’s pages. Two primary reasons for this are security and site improvement.

Website policies generally refer to IP addresses as “anonymous” data. However, with the help of computer cookies there are many ways for websites to link identities to IP addresses, even when the address is dynamic, or changes with each Web session. Many websites also contain “Web bugs” or a few pixels linked to an advertising firm that can track and record IP addresses across the Web, from one site to another, surreptitiously compiling detailed surfing profiles of individuals over a period of months or years.

Due to these concerns, many savvy netizens prefer to surf anonymously. In this case a proxy server stands between the surfer’s computer and the Web. All browser requests are sent to the proxy which relays them to the Internet. Web servers return pages to the proxy’s IP address, logging its address instead. The proxy receives the page, forwarding it on to the surfer, acting as a go-between. Web servers have no record of the surfer’s IP address, (however, the proxy server will track and record IP addresses)

Pixel tracking

Have you ever been browsing online shops, looking for something like clothes, only to then see advertising for those on websites like Facebook. The question is, how does facebook know that you are looking at these clothes ? The fact is, behind the scenes, the web shop owner is using tracking pixels. It’s not a physical pixel that makes up your display, that’s other virtual pixels that are added to your web page to spy on you and retarget advertisements.

Pixel is just a small piece of code that your company adds on to their website. Its purpose is to place a specific cookie on the browser of anyone who completes a certain action on your side. Regular cookies remember everyone that comes into your site These small pieces of code can transform your digital campaigns when used in the right way.

Getting back to the web shop example, the web shop only has the conversion rate at around 2%, meaning that only 2% of visitors actually buy something. The remaining 98% look around but then leave without making a purchase. To solve this problem and to increase their conversion rate, shop owners track you around their website to see which product page you visited, how long you stay on them and whether or not you revisit any of them. All of these information called events are sent to advertisement networks like the ones from Google, Facebook or Amazon. Once it’s there, it can be used to create highly targeted ads, like showing its ad to people who have looked at a particular pair of shoes at least twice. And now you start seeing these shoes you are down to buy on Facebook or your Google search result. This technique is called retargeting or remarketing.

It’s not Google or Facebook that are secretly spying on you (sure they probably do), but the case of readvertisement is the website you visit that shares data with them. This extracted data allows them to buy more targeted ads, which perform better.

How does this data transfer between the site you visit and platforms like google or Facebook? That’s where tracking Pixel comes in. Let’s retake the web shopping example. The owner of the shop wants to be able to put ads in front of Facebook users that have visited their store but haven’t bought anything. To do that, he plays Facebook tracking pixel on every page of his site. Tracking pixels is just like any other images on the website, that has your URL that tells the browser from where did you load these images. But instead of adding a tracking pixel, the shop owner can also add custom data to the URL of these images. This can be any data that the shop owner wants to reuse at a leverage state for advertisement.

Looking at a pair of shoes and the extracted data might show your interest in these shoes. If the web shop owner wants to be more specific, he can add these exact pairs of shoes you are looking at http://facebook.com/tr/?id=a17&ev=viewproduct&type=NikeAir

or maybe he wants to send these items you have in your basket

http://facebook.com/tr/?id=a17&ev=basket&basket=converse

Every time someone visits a page of the shop, the tracking pixel is loaded in with all of this extracted data.

We’ve used facebook for example, but the same is true for other advertisement networks, like the one from Google and Amazon. And it’s not just limited to web shops either. Any website can use it.

Besides it, tracking pixel can also be used by email newsletter to measure how many of their subscribers are opening up their emails, or to test which types of email content people appreciate more. You too can use it to keep track of how many times someone has opened up your email. Each email you send gets a unique tracking pixel. Every time someone opens up your email, the tracking pixel is downloaded, then you’ll get notified when your email was read.

If you are curious about the technique of pixel tracking, you can discover it further in this article.

Device Fingerprinting

Another method is browser fingerprint. As cookie-based tracking becomes more difficult, the tracking business is moving toward this method. When you visit a website, the web server has the ability to transfer a snippet of JavaScript code to the browser you browse, then execute that script locally. That means on your device, the code can then collect information about installed extensions, browser types and names, time zone, screen resolution, adblock presence, list of available fonts, computer hardware and many more. The JavaScript creates a hash of collected data, this is called browser fingerprint. Then it sends it back to the web server where it’s typically stored in a database. Provided that the fingerprint is unique to you, you can be tracked when you re-enter the site. You can also be tracked across different websites if multiple sites share your fingerprint.

The advantages for websites is that they don’t need to create and store cookies to save data on you. That’s why browser fingerprints are also called “less-monster cookies”. Another aspect, a website’s web server is able to read and understand your IP address. If you use a virtual private network or VPN, your real IP address can be disguised. But that only changes one of many points of data that make up your browser fingerprint. This means you are still susceptible to being tracked. Of course many people brushed off privacy saying they have nothing to hide. But let’s have a look at what information is collected about us: gender, age, personal status also address and current location, what music we listen to, which TV series we like, where we buy online and what individual profiles are created from this data. This allows personal situations to be drawn. As well  as monitoring your behaviors and purchases, the worst thing about these profiles is they are worth a lot of money and they are being sold. Especially interested in our data are banking, landlords and insurers. It helps them to assess how reliably a customer might pay and the marketing industry uses the data to generate personalized ads.

Your devices send data about itself to the sites you visited and the app you use to optimize content, but embedded trackers can use the same data to create a fingerprint for your devices. So they can identify you even without cookies.But whether it’s cookies or fingerprints, trackers want to track you across all of your devices. Services can see you when you sign in across devices. Facebook and Google bows to advertisers that they see over a billion people across devices, but hidden trackers can do the same thing. They watch your work, and the computer connects from your office alongside your mobile phone. They can check the latitude and the longitude of these connections. All of these devices share common online behaviors so now they know that you are one person behind all of these devices. It’s hard to know how many trackers have this data because it’s done invisibly. But all of these companies offer cross device tracking services

Tips to stop being tracked online

To be honest, completely avoiding tracking is impossible, at least if you still keep using your social account, keep using Google services or playing free game apps. But there are a couple of things you can do to reduce the amount of information you are giving away.

  • The first method is classic: cleaning your Internet browsing history after every use and don't forget the cookies.
  • Second, use a privacy browser, for Example Firefox, Safari or Brave. They already have built-in protections. Or you can choose incognito mode while surfing, installing some extensions like Privacy Badger. Ghostery, or just any other ad blocker with a privacy list.
  • Third, pay attention to app permissions requests. Sometimes, apps ask for more information than they really need. That information can be sent to companies who might use it. Checking your app permissions regularly is a good practice. It will give you more control over your privacy and stop apps from potentially spying on you. Positive side effects, it can also read out apps that are constantly running in the background, which can in turn improve your device’s battery life.
  • Fourth, stop and think before you willfully give data. There’s a little you can do about the legal collection of your data. The principle here is to think of it as a trait and make sure you are happy with the terms . Ask yourself these questions: Is Facebook sufficiently important to me to trade my privacy or my data for its services?. Is an online form collecting info necessary? If you are not satisfied with the terms of agreements, just walk away.
  • Finally, the most optimal solution that can completely protect you from being tracked online is using an Anti-detect Browser like Hidemyacc. The software is ideal for people who are doing MMOs or need multiple accounts or profiles for an effective work and make more money. It can solve all of the problems we’ve listed above, because Hidemyacc lets you control your fingerprints and manage your profiles and you still remain anonymous using the Orbita antidetect browser at the same time. You can replace your IP, browser, operating system, platform, geolocation and 15 more parameters that can not be tracked if you are using HideMyAcc.

Hidemyacc software will help you hide original computer parameters and create multiple new computer parameters for each profile, supporting users to access the internet with multiple accounts without being detected. Download Hidemyacc and start your 7-day trial now!

DOWNLOAD


If you have any further questions, comments, or suggestions, feel free to contact us via Telegram, Skype, or Facebook Messenger support.

Read more