In the vast digital landscape, web tracking has become an invasive force, quietly dissecting our online lives. It's the silent observer that follows our every move online, meticulously noting which websites we visit and what piques our interests. But why are websites and organizations so keen on this relentless pursuit of our online breadcrumbs? Let’s dive in.
Web tracking is where website trackers and organizations monitor users’ behavior online, what they do online, learn which pages they visit, and then analyze those preferences.
The number of websites that perform tracking is increasing. Websites claim to provide users with personalized online experiences so they can later monetize user-specific information, for example, through targeted advertisements.
While the ever-expanding amount of information that trackers collect about users allows them to build more powerful and fine-grained profiles that can help them target users in a more precise way.
Recent research conducted by Norton Labs has unveiled a detailed picture of the tracking ecosystem, revealing a complex network of trackers who mutually exchange information and include each other’s content in web pages — sometimes without even the webpage owners’ knowledge.
We discovered that in most webpages, identifiers are set and shared by organizations at the end of complex chains that involve several middlemen.
We’ve defined a set of roles in the cookie ecosystem, related to cookie creation and sharing. We saw that organizations can follow different patterns (as shown in the image), including behaviors that previous studies could not uncover.
For instance, many trackers send first-party cookies they created to themselves, which makes them able to perform cross-site tracking even for users who have deleted certain or all third-party cookies from their browsers.
While some organizations concentrated the flow of information for themselves, others behaved as dispatchers — allowing other organizations to perform tracking on the pages that include their content.
We also defined cookie ghostwriting, a new tracking approach to hide from current detection systems.
Cookie ghostwriting relates to cookies that are set for a party (e.g., the website the user is visiting), but are actually created by a different entity (e.g., a script loaded from an advertiser).
In this complex tracking landscape, it’s hard for consumers to gauge how much information tracking organizations know about them. Which portion of the user’s browsing history and sensitive information is known to trackers? How many tracking entities do users encounter and how frequently?
By leveraging our telemetry data, we’ve quantified the number of different tracking organizations encountered in one week — revealing an average of 177 trackers for a typical user. However, users find half of those just in the first two hours of browsing.
This implies that even if the user cleans out their browsing history every day, it will only take two hours on average to re-encounter 50% of all trackers. Additionally, those who browse continuously for extended periods are more likely to be watched by a wider variety of trackers.
We investigated the percentage of users’ browsing history known to trackers, finding that major organizations have broad visibility into users’ browsing behavior.
For example, based on a study by Norton Labs, on average, Google has information about 63% of websites the user has visited in the past (or has tracked users’ visits).
As for other major companies, on average, Facebook has information about 30% of websites the user has visited in the past, while Microsoft has 23%.
Nonetheless, these statistics only reflect sites where we directly observed the presence of the organizations' trackers. It’s worth noting that trackers share information among themselves behind the scenes.
In our study, we estimated how much additional knowledge organizations can gain if they cooperate, from an increase of at least 5% if two organizations cooperate up to more than 50% with broader sharing of data.
This comes to show that major organizations possess extensive insights into our online lives.
Browsing on certain websites can reveal more personal information about a user than browsing on others. Our research shows how much visibility trackers have into websites in several sensitive categories (Political, Legal, Financial, Religion, Health, and Sexuality) that could reveal personal information about users. We find that tracking activity is not uniform across sensitive categories.
The best way to help safeguard your online privacy is by using a privacy-focused browser, like Firefox, Brave, Norton Secure Browser, or even Tor.
These browsers allow you to block web trackers easily, and some even use anti-fingerprinting protection to help keep your actions unprofiled.
For example, Norton Secure Browser allows you to control your privacy settings regarding ads, trackers, and even browser fingerprinting in just a few clicks, as opposed to market-leading browsers, like Chrome, which only blocks some third-party cookies after deeper clicking.
Using a privacy-focused browser makes it more difficult for website trackers to create a unique digital fingerprint of your online activities.
Web tracking and data collection are pervasive, and determined trackers may find ways to gather information. However, by using a secure browser with privacy protection, you can protect your online privacy to a greater extent.
Author: Iskander Sanchez-Rola, Director of Privacy Innovation for Norton
Sources: