Companies use a variety of software tools, like website trackers, beacons, and other tracking files to observe how you interact with their websites — a process known as website visitor tracking — and to follow you around the internet to see what else you’re doing. And just what are these tracking files? They’re often referred to as cookies — we’ll learn more about them in a bit.
Some people use the terms website tracking and web tracking interchangeably, but they’re not exactly the same. In contrast to how we’ve just defined web tracking, website tracking is simply the practice of monitoring how a website changes over time. Browser tracking and other techniques described in this article are all examples of web tracking.
Some companies handle data collection themselves, while data brokers are companies dedicated to compiling and selling data for other companies to use.
First-party vs. third-party tracking
First-party tracking is performed by the website you’re visiting. Website visitor tracking of this type monitors your behavior to remember your preferences, such as the type of content you usually prefer, as well as your language settings, location, and other information you share. Generally, there’s not much to worry about with first-party tracking of your preferences, since you probably want the sites you visit frequently to load in your preferred language and so forth. (The situation gets murkier if first-party sites sell access to your data to marketers.)
Third-party tracking happens when parties other than the website you’re using also track your activity there. For example, you may visit a news site to read their content, without realizing that that site also loads a bunch of third-party cookies that track your behavior both on their site as well as other sites you may visit in the future.
Later on, we’ll look more deeply at why companies track you across the internet and what they do with the information they glean.
Common web tracking methods
Now that we know these sites are following your every move, a question arises: how do websites track you around the internet? Most website user tracking can be sorted into a few broad categories based on how the tracking works. Let’s take a closer look at some of the most widely used web trackers and website tracking systems.
IP address tracking
Your IP address is a series of numbers that identifies your device on the internet. Every device online — not just your computer, phone, or router, but also the servers that power the websites and services you use — has an IP address. IP addresses are an integral component in the structure of the internet, because they ensure that web traffic gets delivered where it’s meant to go.
Many network admins use IP tracking software to monitor the devices connected to their networks — your school or company likely has such a system in place. There are also consumer-tier IP address trackers available for anyone who’d like to automatically find their IP address at any given time.
Since your IP address indicates your general physical location, websites use IP tracking to keep tabs on where their visitors are coming from. They can also use IP addresses to identify behavior patterns and determine whether or not repeat visits originate from the same individual. These sorts of insights can then be further used to predict your preferences, though cookies are far more efficient for that (more on those next).
By using web beacons — another tracking tool — companies can see the IP addresses of people who have opened their emails. That’s one way that companies can judge the efficacy of their email marketing campaigns.
IP tracking works only if your IP address is visible. If you hide your IP address with a proxy or a VPN, this tracking method will be much less effective against you.
Cookies are perhaps the most well-known type of browser tracking. A cookie is a tiny snippet of code that gets stored in your browser when you visit a website that uses them. First-party cookies are created by the website you’re visiting, and they mostly help that site remember what you like and what you’re doing.
For example, when you’re shopping online and add an item to your cart, a session cookie tells that ecommerce website to remember that you’ve done so. Without a cookie, you wouldn’t be able to move easily through the different check-out screens to enter your shipping info, payment details, and so on, because the site would lose track of your items as soon as you clicked through to the next page.
A first-party persistent cookie saves your longer-term preferences, such as the time zone you live in and your login credentials. In most cases, first-party cookies are necessary for site functionality, or at least helpful in improving your experience on the site.
Third-party cookies are created by parties other than the website you’re visiting. These are the tracking cookies that follow you as you browse from one website to the next. Website analytics and advertising are two of the primary uses for tracking cookies — in fact, one recent study found that 99% of all cookies are tracking and ad cookies. Some browsers, like Avast Secure Browser, block third-party cookies, and any that don’t should give you the option to enable or disable cookies within the settings.
Websites and emails use web beacons — often in the form of a single-pixel transparent graphic image — to log user behavior. These beacons are like tiny hidden cameras: they’re invisible, and they monitor what you’re doing.
On websites, beacons work like cookies in that they’re used to track users for website analytics and advertising purposes. These beacons monitor how you use a page or navigate through a series of pages, and companies use this information to tailor their services and offerings to your behavior and preferences.
The Facebook pixel is a nearly ubiquitous web beacon that equips site owners with massive amounts of data to use in Facebook ad campaigns. This data lets advertisers show you ads for products you may have added to your cart and then abandoned, deciding not to buy. By tracking when, how often, and how much you buy, the Facebook pixel lets advertisers target ads to people most likely to buy again, as well as to people with similar behavior and preferences as their existing customers (this is referred to as a Lookalike Audience). The pixel even knows if you saw a Facebook ad on one device, but switched to another to visit the advertiser’s website.
Beacons also facilitate IP address tracking in emails. When you open an email containing an embedded beacon, that beacon will log the exact time and date at which you did so as well as your IP address. These beacons can also tell if and when you click any links or download any attachments in the email.
Browser fingerprinting is a relatively new technique that allows websites to identify unique visitors via web browsers. When you connect to a website, your browser relays a bunch of data that the website uses to optimize your experience. This data can include your device model, screen resolution, operating system (OS), preferred language, history, time zone, any plugins you’re using, and all kinds of other information.
Since the chances are very small that any two users will have exactly the same browser data, this set of parameters becomes your “browser fingerprint.” Once a website assembles your browser fingerprint, it can confidently assume that any future connections with the same fingerprint as yours are coming from you as well. Browser fingerprinting lets websites track your behavior every time you visit.
You can disguise your browser fingerprint with effective anti-tracking software. Avast AntiTrack exposes and blocks trackers on every site you visit, so you know exactly who’s trying to track you and where. And our advanced anti-fingerprinting technology keeps your identity safe against even advanced tracking techniques like browser fingerprinting.
Browser fingerprinting is also used as a security technique. Banks use browser fingerprinting to detect whether someone is logging in to the same account from multiple devices, which may be an indication of fraud.
HTML5 — the latest version of the HTML coding language that developers use to build websites — includes a “canvas” element. Originally used for drawing graphics and animations on a website, it’s now been co-opted into a powerful fingerprinting tool.
Canvas fingerprinting results from websites learning how your browser responds to graphical instructions. When you visit a website that uses canvas fingerprinting, that website instructs your browser to draw a hidden image. Due to variations in each person’s device hardware, graphics card, and settings, your browser renders the image slightly differently than someone else’s would, providing information about your unique digital fingerprint. When paired with other tracking information, canvas fingerprinting is highly accurate.
Because there are many legitimate uses of the HTML5 canvas element, blocking it outright is not an effective anti-tracking solution. And unlike cookies, which you can easily block or delete, canvas fingerprinting doesn’t rely on adding anything to your browser. For those reasons, it’s one of the trickiest tracking methods to avoid.
Why do companies track you on the web?
Wondering who’s tracking your internet activity? Pretty much everyone: Google, Instagram, Facebook, WhatsApp, and almost every other website, service provider, or app that you use. Your data is also in the hands of plenty of companies that you don’t interact with at all, thanks to data brokers — companies that aggregate data and sell it to other parties.
In today’s digital age, your data is extremely valuable. Companies want to learn as much about you as they can. This knowledge allows them to tailor their apps to your preferences, and it allows advertisers to target you with messages you’re more likely to engage with. Some websites that track you allow you to download the data they have on you — try downloading your Google data to see just how much of your personal life you’re exposing on the internet.
Companies use a variety of tools and methods to gather insights about your behavior and preferences on the web.
Sometimes you can control whether or not a company can access a certain type of your personal data. For example, if a site or app wants you to share your location, they’ll ask, and you can say no. So can websites track your location? Not if you don’t share it in the first place. But in general, if you aren’t already using dedicated anti-tracking tools, you don’t have any sort of guarantee of privacy on the internet.
Ecommerce websites use web tracking to try to sell you more products. Everything you do on an ecommerce site is logged, measured, and analyzed in the ongoing process to optimize a website and drive sales.
How long did you spend browsing before choosing a product? When you searched for a product, which search terms did you use? Did you add the product to your cart right away? Did you buy a product at a certain price point, but not at another? Did you buy the product after adding it to your cart, or did you decide to walk away? Did you return later and purchase it then?
Ecommerce websites learn about your habits, preferences, and overall shopping style. Then, they use that data to convert you into a customer, or retain you as a current customer.
Many ecommerce sites use third-party software, called customer data platforms, to handle their customer data and use the gathered information to craft email campaigns, target you with ads, and otherwise drive sales. There’s an entire industry of customer-data platform software that makes money off of helping ecommerce sites turn customer “insights” into sales. Be sure you’re not inadvertently exposing any of your private data with our extensive website safety guide.
Ecommerce websites can also use your data to adjust the version of their website that you see. For example, someone using an expensive device with an IP address in a city with a high cost of living may see a more premium selection of products than shoppers connecting from other areas or on different devices. Airline websites in particular have long faced accusations of price-gouging based on tracking data — though the veracity of these claims remains hotly debated.
“We use tracking cookies to improve your experience on our website” — sound familiar? If you’ve seen a message along these lines, it may be less altruistic than it sounds. When websites promise to “improve your experience” with cookies, they’re usually talking about targeted ads. Third-party advertising cookies allow websites to show you ads that are projected to match your interests.
These ads are described as “relevant,” “targeted,” or “personalized,” because the ad provider is using your data to show you ads that are more likely to appeal to you. That’s why you’ll often see ads that directly relate to your recent internet searches or to videos you’ve recently watched on YouTube. Advertisers hope that you’ll be more willing to click on ads that align with your perceived preferences. And when you click on their ads, ad providers earn money.
Now that many people are learning to block third-party cookies, the benefit they bring to advertisers is dropping. Fortunately for advertisers and the websites (but not their visitors) that rely on their support, other techniques like browser fingerprinting are stepping in to fill the data void.
Web analytics refers to the general study of how visitors behave on a website. The ecommerce applications of web tracking discussed above are one example of web analytics, but any website can use tracking and analysis to gain meaningful insights into their visitors.
Web analytics allows website admins to learn how people use their site, what people like and dislike, where their visitors are coming from, and who their visitors are. Web analytics tools use web tracking technology to harvest website and visitor data and organize it so that web admins can quickly obtain valuable insights.
Usability testing is a process in which real users try out a product, such as an app or website, to assess its strengths and weaknesses. In a typical usability testing exercise, you’ll be asked to navigate a website or complete a few tasks on an app. Based on your feedback — challenges you experienced, things that confused you, or features that made intuitive sense — the final product can be tweaked and improved accordingly.
Researchers use web tracking technology to conduct remote usability testing en masse, obtaining tons of valuable data that they can use to tailor their products toward their actual visitors’ preferences.
How do sites justify web tracking?
Whether you love it or hate it, many websites and services rely on web tracking for direct financial support. YouTube content creators earn money by having ads in their videos, and they can use that money to continue creating content. Many journalism providers rely on advertising revenue to keep their content freely available to their readers.
Facebook, Instagram, Twitter, and other social media platforms serve you targeted ads as you scroll. And when you search on Google, you’ll see targeted ads as part of your search results.
Almost any website or service that you use is likely supporting itself on the back of your data. One way or another, the people creating the content you consume and the services you use need to get paid — this argument is one of the most pervasive on the pro-tracking side of the debate.
Is web tracking legal?
Web tracking is largely a legal (and unregulated) practice. Countries and regions with stricter regulations still allow for web tracking within the parameters of those restrictions. The US, for example, lacks specific anti-tracking legislation at the federal level, though similar rules do exist for telemarketing phone calls.
And although you can have your browser send a Do Not Track message to any websites you visit, those sites are under no legal obligation to honor your request, unless they’ve previously agreed to do so. Many other countries also currently lack specific web tracking regulations — meaning that web tracking is legal until it’s not.
Web tracking and GDPR
In May 2018, the European Union (EU) began enforcing the General Data Protection Regulation (GDPR), which gives internet users more control over how their data is collected and shared.
Under GDPR, websites with EU-based visitors must clearly disclose their web tracking practices and ensure that the data they share cannot identify individuals. Additionally, internet users in the EU must give their consent before websites can place tracking cookies on their browsers.
While many websites permit visitors to decline tracking cookies and continue browsing, others have responded by making their content an all-or-nothing offer: either you allow tracking cookies or you have to go elsewhere. Other websites offer a choice of premium subscription models in lieu of tracking.
What are the implications of web tracking?
While most web tracking is geared toward the purposes outlined above, it can be — and has already been — redirected toward other aims. In the infamous Facebook–Cambridge Analytica scandal, political consulting firm Cambridge Analytica obtained the Facebook data of up to 87 million people without their consent, using it to help create political ad campaigns.
Though disclosed in 2018 by whistleblower Christopher Wylie, Cambridge Analytica’s data collection practices had already been used to help then-candidate Donald Trump in the 2016 US presidential election.
In her 2019 book The Age of Surveillance Capitalism, Harvard professor Shoshana Zuboff examines the implications of web tracking in the commercial space. Her work showcases how tech giants such as Google and Amazon use web tracking to understand your behavior perhaps even more intimately than you do. Anticipating your actions and desires, they can place the right ad on your device at precisely the right time.
How to stop your online behaviour from being tracked
Whether or not you live under the EU’s GDPR regulations, you can prevent web tracking on your own. Here are a few ways you can block tracking cookies and beacons, disguise your device against browser fingerprinting, and keep your activity safe from online trackers.
Change your browser settings
Most mainstream browsers already offer a few basic protections against web tracking. Firefox and Safari block third-party cookies by default, and you can set Chrome and Edge to do so as well. In your browser settings, you’ll also be able to configure your browser to send a Do Not Track request whenever you visit a website. But as mentioned above, most sites ignore these.
Switch to a secure browser
If you’re happy with your current browser, anti-tracking software is a particularly effective solution. But if you’re willing to switch, a secure browser — like Avast Secure Browser — can outfit you with anti-tracking protection built right in. Not only will Avast Secure Browser block ads and web tracking, but its built-in encryption and anti-phishing technology will strengthen your online security as well. Download free Avast Secure Browser today and enjoy a smooth and fast internet browser loaded with privacy-protection features.
Download anti-tracking software
Specialized anti-tracking software like Avast AntiTrack is designed with one goal in mind: keeping web trackers out. These tools find and block trackers, including cookies and beacons, showing you which websites are tracking you and with what type of technology.
Regularly clear your cookies
Clearing your cookies and periodically deleting your browser history are two habits you should make part of your internet routine. Deleting these files helps keep your browser running smoothly, and deleting your browser history can prevent others from knowing what you do online. But as anti-tracking countermeasures, these tips are only a temporary fix. As soon as you go back online, the websites you visit will load their cookies right back onto your browser.
Turn your back on the trackers
Anti-tracking software and secure browsers are your allies in the battle against unwanted web tracking. If you’re looking to enhance your privacy and security with a complete browser upgrade, the free Avast Secure Browser provides comprehensive protection from threats to your data. And if you’re looking for incredibly powerful, industry-leading anti-tracking protection regardless of whatever browser you’re on, then Avast AntiTrack has you covered.
Prevent advertisers and web trackers from following you around the web, and take a stand against invasive web tracking with a privacy tool that fits your internet lifestyle. Give Avast AntiTrack a spin today.