In our new series Getting It, we’ll give you all you need to know to get started with and excel at a wide range of technology, both on and offline. Here, we’re walking you through all the different ways your information is tracked online, and how to protect your data from prying eyes.
It used to be that tracking a person involved a deep knowledge of nature, a keen eye and maybe a dog or two. Nowadays it doesn’t involve more than a bit of code and a few mouse clicks.
As you already know from apps that ask you to check in the second you arrive at a destination, or websites that serve you ads based on the last thing you were shopping for on Amazon, your digital maneuvers are closely tracked. If that makes you uncomfortable, there are certain steps you can take to avoid Big Brother constantly looking over your shoulder. Here, we’ll take a look at some of the more common ways you’re tracked online and a few steps you can take to gain back a bit more of your cyber privacy.
You can think of cookies a bit like an event wristband. If you attend a concert and put on your wristband, the door staff will recognize you if you leave and come back.
First and Third Party Cookies
One of the oldest methods of tracking online movements, cookies are bits of text that are placed on your computer by certain websites based on your browsing activity. When you return to a website you’ve visited, the site reads the text and recognizes certain information about you.
While cookies have gotten a notorious reputation over the years, they can actually be quite helpful. Because each visit to a website is unique, cookies can serve to communicate a relationship you have with a website that would otherwise be lost. So if you set up an account with Amazon, for instance, a cookie will direct the site to access items left in your shopping cart or your wish list during your last visit. Some cookies also allow you to remain logged into a site until you deliberately log out. So if you visit Facebook several times a day for example, even if you close the browser tabs in which you view the site, you won’t have to login each time.
You can think of cookies a bit like an event wristband. If you attend a concert and put on your wristband, the door staff will recognize you if you leave and come back.
Cookies that are placed on your machine by the sites to which your browser is pointed – such as from Amazon in the example above – are considered first-party cookies, and most people don’t have too much of a problem with them. Where things get a bit tricky are with third-party cookies. These are cookies placed on your machine by ad-servicing companies that are parked on websites that aren’t their own. Read an article on an online magazine, for instance, and an ad served up in the middle of the text could drop a cookie on your machine that could then track your surfing from that point forward. Ostensibly, this helps advertisers serve relevant ads to you, but the practice can definitely feel like spying to some.
Fortunately, it’s easy to keep the functionality of first-party cookies and eliminate the privacy concerns of third-party cookies simply by controlling the settings in your browser. You can simply perform a search on how to block third-party cookies based on the browser you’re using or just click here for Chrome instructions; here for Firefox instructions; here for Safari instructions; here for Opera instructions; and here for Microsoft Edge instructions.
Cookies 2.0
While first-party and third-party cookies are pretty simple fare—like sugar cookies—there are more complicated cookies in use in today’s online world which are more akin to, say, oatmeal raisin chocolate chunk cookies. Chief among these are flash cookies, also known as locally stored objects or LSOs. These work like regular cookies but instead of storing bits of text in the same place your browser stores information, the code is stored with your Adobe Flash data. As this lives on your computer and is browser independent, the information these cookies hold can be accessed by advertisers across browsers. Fortunately, deleting your cookies as described in the links above will also delete your LSOs.
If you actually enjoy getting targeted ads during your surfing sessions but oppose long-term tracking, one option that might appeal is to set your browser to clear you cookies when you close it down each day. Following the links above will get you into each browser’s security settings area where you can find this option.
Fingerprinting
Cookies aren’t the only way in which advertisers can track you online. A technique known as canvas fingerprinting can get the job done as well. It works via JavaScript through a capability in web browsers known as the Canvas API that can access a computer’s graphics chip. The advertising service use this script to get the computer to generate a unique image that’s then used to track the computer’s browsing activity. Because the image is not stored with your cookies, clearing your cache or blocking cookies is not sufficient to eliminate canvas fingerprinting.
There are canvas fingerprinting extensions you can install in browser such as CanvasFingerprintBlock (Chrome only), but they are not always the best way to block this tracking method. That’s because while it’s true that using the blocker will prevent your browser from showing the image, the fact that you’re using a blocker in the first place can act as an identifier to help fingerprint you. Instead, try using an extension like Canvas Defender, which is available for Chrome and Firefox, or Canvas Blocker (Firefox only), which actually adds noise to the image you computer draws, helping to hide your identity.
So that’s how trackers can exploit the visual component of your computer to track you. What about the audio?
A 2016 study carried out by Princeton University researchers revealed that some companies can send an audio signal to your browser when you land on certain web pages and can use the way in which your computer processes that signal as an audio fingerprint. It does this through another JavaScript known as AudioContext. You can check out both the audio exploit and canvas fingerprinting using your own computer here. As AudioContext fingerprinting is relatively new, there are no plug-ins designed to block it at this time, although it’s probably a pretty safe assumption that the technique isn’t being used widely. Still, if you’re worried about these methods of fingerprinting, you can disable JavaScript in your browsers. This will keep the tracking methods at bay, but it will also limit which websites you can see, as JavaScript is widely used across the internet. It’s up to you whether the trade-off is worth it.
Still another form of fingerprinting can take place by trackers that monitor the battery on your device. In the same Princeton study referenced above, the researchers found that advertisers could use a battery status API that is embedded in HTML5, the code according to which much of the internet is designed. Ostensibly, the code is meant to let sites know how much battery a device has left and, if it’s low, modify the content served to use up less juice. But it seems that it also helps fingerprint as another data point that paints a picture of who you are as a surfer.
“Some companies may be analyzing the possibility of monetizing the access to battery levels,” wrote one of the researchers on his blog. “When battery is running low, people might be prone to some – otherwise different – decisions. In such circumstances, users will agree to pay more for a service.”
If you use Gmail, all it takes is a simple Google Chrome extension called Ugly Mail to see just how many of the email messages in your inbox are being tracked. The app tags messages that contain tracking pixels that are used to tell senders when you opened an email, what links you clicked on in that email and where you were when you took any action. These pixels can be found in many marketing emails and, while it’s pretty obvious that such emails are tracking your behavior, you may simply not want to reveal that data to the companies who send them out.
While Ugly Mail is only available for Chrome, if you use a different browser, you can choose to use private email services that don’t track you such as RiseUp. You can even take it one step further with email services that encrypt your communications such as Hushmail or Switzerland-based ProtonMail.
While tracking is employed by hundreds of companies around the internet, it’s worth taking a look at two in particular, as their analysis of users is so comprehensive: Facebook and Google.
It will come as no surprise that Facebook is tracking your every like, click, check-in and picture post on the service. But what you might not be aware of is that the social media mammoth is also able to track your movements around the internet through their virtually omnipresent “like” button. Any site that you visit containing that button relays information back to Facebook about your travels through the ether as long as you are logged into the service. Combined with its facial recognition software that tags you in pictures that aren’t necessarily even your own; a good idea of where you’ll be all year thanks to the events you sign up for; and quizzes from third-party apps that tell it exactly what bands you like, what foods you are most likely to binge on, and what your favorite brands are and it starts to get pretty clear just how much Facebook really does keep tabs on you.
It can also track your buying habits both from within the application itself and from sites with that “like” button, which lets it build up a pretty good picture of your financial situation—especially considering that it can easily know what kind of vacations you take, what kind of events you attend and what kind of restaurants or stores you check into.
There are steps you can take to limit how much data Facebook can collect on you, although if you’re truly concerned about privacy, your best bet is to sidestep the social network altogether.
First, to limit the app’s ability to track your movements based on where your mobile phone goes, on Android phones, navigate to your settings, go into “Apps,” find Facebook, tap “Permissions” and turn off the “location” feature.
For iOS, you can limit Facebook’s access to your location by going into the privacy menu under settings. (You can also activate the “limit ad tracking” feature here to lessen another bit of tracking you’re regularly subjected to using mobile devices. To do the same on Android devices, go under “Google” in settings, then “Ads” and toggle the switch next to “Opt out of Ads Personalization.”)
Next, to limit how much Facebook follows you around the ‘net, head here and change the top two settings to “no.”
To control how you interact with Facebook ads, this page will do the trick. Pay particular information to the “Your information” where you can limit the kind of information—such your marital status—Facebook allows advertisers to access.
Finally, you might not be aware of this, but people who have access to your information can bring that information with them when they use third-party apps on Facebook. To prevent that from happening, visit this page, click on “Edit” beneath “Apps Others Use,” and uncheck all the data fields you don’t want to have sloshed around the social network as your friends sign up for app after app.
You know how Google kind of seems to know just what you need even before you do sometimes? That’s because the search giant is very very good at tracking you and using algorithms to anticipate your needs. Some call that useful; others call it creepy. If you fall into the later camp, you can take steps to limit how much data Google gathers on you.
Whereas Facebook can track your activity on any page with a “Like” button, Google can keep a record of the majority of sites you visit or search for if you’re signed into your account while surfing. According to The Guardian, In 2016 the company changed its tracking policy to combine personal information from utilities Google owns like Gmail and YouTube with your browsing history. As most often is the case with these kind of maneuvers, the ostensible reason is to provide you with an easier surfing experience and advertising that’s relevant to your interests. But if that’s not important to you, you can turn off the feature by visiting the activity controls section of your account and unchecking the box you find there.
Fortunately, the activity controls page is also where you’ll find all of the other options you can use to take control of what Google can and cannot do. It most cases, it’s as easy as toggling a switch to the off position. Don’t want the company to track your movements? Toggle the switch next to “Location History.” Would rather not have events automatically fill in on your calendar? Turn off the switch next to “Device Information.”
One of the more interesting areas to explore on the Activity Controls page is the “Voice and Audio” settings. You might not realize it, but Google not only saves your typed search history, but it also stores recordings of your voice searches as well. Here’s where you can not only hear them, but delete them as well and block them from being stored in the future if you don’t relish listening to yourself beg Google to tell you where the nearest place to get ice cream was that night you were in the deep grips of a munchie attack.
Equally fascinating is Google’s Timeline feature that shows you where you’ve been on the planet. But again, if that fills you with more woe than wonder, there’s a button at the bottom the page where you can turn the feature off.
Lastly, if you’re tired of seeing ads all over the ‘net for a product you looked at once or—worse—just purchased, then you’ll want to visit Google’s ad settings. Here you can not only see and delete the interests Google thinks you’d like, you can turn ad tracking off completely by toggling the switch next to “Ads Personalization.”
Other Ways To Protect Your Privacy
The specific steps offered above can certainly help limit how easily you are tracked online. Beyond those tips, there are a few other ways you can keep your online movements more private including using a VPN, surfing via the Tor browser, and enabling private browsing mode in your browser. (These are all detailed in our article about how to surf the internet without leaving a trace.) You can also set up “do not track” instructions for your browser: instructions are here for Chrome; Safari; Firefox; Opera; Edge.
Additionally, you can look into browser plug-ins that protect your privacy by letting you control how you are tracked. Ghostery is one well-regarded option, as is Disconnect.
Lastly, visit the Digital Advertising Alliance or the National Advertising Initiative to see the dizzying number of companies that are already tracking you and opt out of all or some of them.
Check-Up
Once you’ve taken steps to limit how much you are tracked online, head over to Panopticlick or visit Am I Unique to examine your browser’s fingerprint. If you’re not happy with the results, take a few more of the steps recommended above and you’ll certainly be able to lighten the tracks you make as you traverse the web.