• ARTICLES
SEARCH

How-To Geek

HTG Explains: Learn How Websites Are Tracking You Online

cctv cameras header

Some forms of tracking are obvious – for example, websites know who you are if you’re logged in. But how do tracking networks build up profiles of your browsing activity across multiple websites over time?

Tracking is generally used by advertising networks to build up detailed profiles for pinpoint ad-targeting. If you’ve ever visited a business’ website and seen ads for that business on other websites later, you’ve seen it in action.

IP Addresses

The most basic way of identifying you is by your IP address. Your IP address identifies you on the Internet. These days, it’s likely that your computer shares an IP address with the other networked devices in your house or office. From your IP address, a website can determine your rough geographical location – not down to street level, but generally your city or area. If you’ve ever seen a spammy ad that tries to look legitimate by mentioning your location, this is how the ad does it.

image

IP addresses can change and are often used by multiple users, so they aren’t a good way of tracking a single user over time. Still, an IP address can be combined with other techniques here to track your geographical location.

HTTP Referrer

When you click a link, your browser loads the web page you clicked and tells the website where you came from. For example, if you clicked a link to an outside website on How-To Geek, the outside website would see the address of the How-To Geek article you came from. This information is contained in the HTTP referrer header.

The HTTP referrer is also sent when loading content on a web page. For example, if a web page includes an ad or tracking script, your browsers tells the advertiser or tracking network what page you’re viewing.

“Web bugs,” which are tiny, one-by-one pixel, invisible images, take advantage of the HTTP referrer to track you without appearing on a web page. They’re also used to track emails you open, assuming your email client loads images.

Cookies & Tracking Scripts

Cookies are small pieces of information websites can store in your browser. They have plenty of legitimate uses – for example, when you sign into your online-banking website, a cookie remembers your login information. When you change a setting on a website, a cookie stores that setting so it can persist across page loads and sessions.

image

Cookies can also identify you and track your browsing activity across a website. This isn’t necessarily a big problem – a website might want to know what pages users visit so it can tweak the user experience. What’s really pernicious are third-party cookies.

image

While third-party cookies also have legitimate uses, they’re often used by advertising networks to track you across multiple websites. Many websites – if not most websites – include third-party advertising or tracking scripts. If two different websites use the same advertising or tracking network, your browsing history across both sites could be tracked and linked.

Scripts from social networks can also function as tracking scripts. For example, if you’re signed into Facebook and you visit a website that contains a Facebook “Like” button, Facebook knows you visited that website. Facebook stores a cookie to save your login state, so the Like button (which is actually part of a script) knows who you are.

Super Cookies

You can clear your browser’s cookies — in fact, we’ve got a guide to clearing your browser’s cookies. However, clearing your cookies isn’t necessarily a solution – “super cookies” are increasingly common. One such super cookie is evercookie. Super cookie solutions like evercookie store cookie data in multiple places – for example, in Flash cookies, Silverlight storage, your browsing history, and HTML5 local storage. One particularly clever tracking method is assigning a unique color value to a few pixels every time a new user visits a website. The different colors are stored in each user’s browser cache and can be loaded back – the color value of the pixels is a unique identifier that identifies the user.

When a website notices that you’ve deleted part of the super cookie, the information is repopulated from the other location. For example, you might clear your browser cookies and not your Flash cookies, so the website will copy the value of the Flash cookie to your browser cookies. Super cookies are very resilient.

image

User Agent

Your browser also sends a user agent every time you connect to a website. This tells websites your browser and operating system, providing another piece of data that can be stored and used to target ads. For more information about user agents, check out our explanation of what a browser user agent is.

image

Browser Fingerprinting

Browsers are actually pretty unique. Websites can determine your operating system, browser version, installed plug-ins and their versions, your operating system’s screen resolution, your installed fonts, your time zone, and other information. If you’ve disabled cookies entirely, that’s another piece of data that makes your browser unique.

The Electronic Frontier Foundation’s Panopticlick website is an example of how this information can be used. Only one in 1.1 million people have the same browser configuration I do.

image

There are surely other ways that websites can track you. There’s big money in it, and people are brainstorming new ways to track every day – just see evercookie above for evidence of that.


To surf as anonymously as possible, use the Tor Browser Bundle.

For information on tweaking your browser’s privacy settings and determining what exactly each setting does, see our guides to optimizing Google Chrome, Mozilla Firefox, Internet Explorer, Safari, or Opera for maximum privacy.

Image Credit: Andy Roberts on Flickr

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 06/1/12

Comments (23)

  1. Cat

    The “Do Not Track” option in Firefox doesn’t work on my system at least. When I’m reading a certain news website, I get all sorts of adverts from a store I’ve previously visited.

  2. Kit Lueder

    Um, google’s uber-policy allows google to track your usage on other pages, if you are signed into any google/gmail/chrome site. You need to open a new webpage in an new browser window, rather than as another tab in an existing browser window, if you want to avoid google tracking you.

  3. Jzme

    I know that its scary to have people tracking you, but really, this is the future. No, scratch that, its now. And, if I had to choose a company to track me, heck, I’d choose google.

  4. StevenTorrey

    OK. I clicked on Panopticlick. User agent OF; HTTP_ACCEPT, OK; Browser Plugin Details, OK. Time Zone, OK; Screen Size and Color Depth, OK.

    But System Fonts: a listing of all the fonts on my computer? What the heck is that all about? What in God’s name does that say about me or my computer usage? That info seems downright lunatic.

  5. dog

    Why do teenagers begin every sentence with “Umm” and end it with “Y’know.”

  6. Sainik Biswas

    Mozilla’s collusion is a good way at looking which sites are tracking our data although we have not visited them.www.mozilla.org/collusion

  7. cam2644

    I don’t share Jzme’s choice of Google.

  8. UltimatePSV

    I checked out that evercookie, and if you close your browser, then run CCleaner with the right settings, it destroys it entirely.

  9. Spartan4085

    No one has the same browser configuration I do.

  10. Anonymous

    You’re not going to stop it all but there are a few things you can do to stop most of it.

    For starters, don’t let your browser retain cookies when you close it. Don’t let it keep any caches and you might even opt to not save encrypted pages too. These are all fine details that you can tweak. I hope I don’t have to point out that letting your browser retain passwords is about as stupid and playing patty cake with a man hole – you’re just asking to be digitally sodomized if you do that.

    When you’re done browsing a web page – CLOSE THE BROWSER! I know it’s called “Windows” and the idea is to window your apps, but if you’re not using your browser (or any other app) then save yourself the headaches and close it.

    Don’t go nuts with the add-ons and plugins either. Less is more here. You may want/need the flash add-on and perhaps the latest Java stuff but you can probably live a long and happy life having never installed any tool bars.(Thanks Yahoo! Thanks a lot!) You really need to pay attention when installing anything even if it’s benign software that has nothing to do with online anything, since that too can be a very common “port of entry.”

    One particular offender in my experience is CNet and their Download web page (http://www.download.com). Not the actual web site so much as it is all the software! Still, this is a great place to go to get software, and it is relatively virus free as they claim, but that’s about all you can say. You may notice that CNet doesn’t say one thing about being spam free or having software that isn’t full of malware/spyware. Therefore, you have to pay attention not only to the original installer but now you need to pay attention to the little downloader app that CNet sends you in order to get the software you want to try – or even just download.

    I think UltimatePSV said it best: “…run CCleaner with the right settings…” Not only that but you may even want to set your browser to a blank home page (about:blank) so that you can temporarily launch your browser in order to completely clear things out with the Ctrl-Shift-Del key combo (in IE and FF, anyway). I occasionally just fie up my browser to a blank page, do the three-finger salute and then close the browser. Then I run CCleaner with just about every option turned on and watch all that nasty code go bye bye.

    This is by no means all you can do. I even run the No Script Firefox addon as well as the Better Privacy addon for scanning and killing bad stuff. And STILL! I can’t seem to get all of the digital sheep herders like Google to leave me alone. But I definitely make it harder for them to find me.

  11. tallguy

    Does private browsing in Firefox help? Am i traceable?

  12. onamish

    A good option is to install Ghostery for IE, Firefox. Unsure if it is compatible with Safari or Chrome.

    Has a database of all known tracking software operating whilst browsing and provides the opportunity to block them.

    You would be surprised to seee how many are actually watching your every move!

  13. mark

    I don’t know about the Tor Bundle but I did try Tor/Privoxy a few years ago and it was horrible. It turned my broadband connection into dial-up speed. As in Welcome to 1992 slow. I’m not a political dissident fearing negative repercussions from my online activities so I decided the reduced speed wasn’t worth the anonymity.
    As onamish mentioned, Ghostery is interesting and I have tried it. It does offer a performance hit as well but nothing like Tor.
    Whatever the merits of Tor might be, this was a great article. Thanks.

  14. Chris Hoffman

    @Cat

    “Do not track” is just a request. Lots of websites and tracking networks will ignore it. They might even add that information to their databases as a data point about you — “this user doesn’t want to be tracked.”

    @StevenTorrey

    Your browser shows your installed fonts to websites, so that gives your browser a more unique “fingerprint.”

  15. Chris Hoffman

    @mark

    Thanks for the compliment!

  16. Saint Jack

    II don’t see what the problem is. Unless you have something to hide. It is not like someone someplace is looking at what you are doing. There are so many computers checking so many websites that no one can be interested in what you personally are doing. It all goes into computers and becomes part of statistics. Unless the FBI knows you are a bad guy, It really doesn’t mean a thing to your personal privacy.

  17. uncolaman

    What about hide ip programs? If you change ip[ does that connect you to the other ips?

  18. Dave

    1984 just arrived late is all this is. Tracking. Why? If it’s harmless then why do “they” do it? Trust me, somebody is making money off this crap. Botom line.

  19. spike

    @Dave: A lot of websites track the demographics of their visitors, so they know the configuration of the browser being used to view their site. This is important for webmasters who are trying to make their site display well in a very diverse world, with many browsers, screen resolutions, flash support, java support, languages, etc. Also, knowing where the traffic came from is important, so they know how they are being found. I agree that it isn’t all ‘good’ tracking out there, but some of it, anyhow, is just fine, and definitely helps improve your user experience on a lot of sites.
    Of course, paid ads require tracking at least in the form of hit counting, so the host site can bill the advertiser- people certainly are making money off of this type of tracking.

    @tallguy: Private Browsing just keeps Firefox from storing information from the session on your local computer, after the session is closed. It doesn’t affect the browser ‘fingerprint’ that websites see. (Although it would be cool if it did.)

  20. Jd Rosen

    SR Ware Iron
    I made the mistake of trying to add a language to SR Ware Iron. It assumes it’s your native language and tries to convert the entire browser to that language. Then I tried deleting the browser, and going back to a fresh install. Subsequently I still have it in the wrong language regardless of which site I download it from.

    P.S., I love how some sites will give you downloads with trashy add-ons that you must accept before the targeted program download. Even with denying all the trashy add-ons, the main program fails to download and you have three unmentioned extras sandwiched into the brew with babalon. A complete waste of time and some brain damaged geek is laughing at you.

  21. mr k.

    funny considering DNT+ just blocked 11 trackers from this page only…

  22. Satan

    I run a vpn off my desktop at home. On available devices run ghostery and dnt+. I regularly run Spybot S&D and ccleaner. The ignorance and apathy from some of these commentors is shocking. Don’t worry though nothing here resembles Oceania. I am sure you wouldnt mind letting your employer or future employers view your browsing history over the last five years.

  23. Synthetic

    Panopticlick is interesting. “Your browser fingerprint appears to be unique among the 2,239,092 tested so far.” I feel rather special.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!