Now you track me, now you don’t
Online tracking is a common practice, and it is something most of us are aware of and likely accept, albeit perhaps grudgingly. Some organisations may track users online in order to gain insight into how their websites are used, with a view to improving content, functionality, and user experience. Others may use online tracking to build user profiles for targeted marketing. The reasons for online tracking can vary – as do the means for doing so.
‘Our website uses cookies to…’
One of the most common ways to track users is the use of cookies. However, despite their ubiquity, many people have a vague or little to no understanding of what a cookie actually does, let alone what it is (besides a delicious edible treat).
Essentially, a cookie is a small file of text that is placed on your web browser when you visit a website that uses cookies. The cookie itself doesn’t hold much data, but it provides a kind of anchor for other computers (servers) on the web, which provide or collect data whenever the cookie is loaded by your web browser. Cookies are commonly used to save information about your visit to the website, and can track different things depending on the type of cookie. Some examples include log-in details, user settings and preferences (language, font size etc.), browsing activity, documents downloaded, geographic location, search terms used – the list goes on. Some cookies disappear automatically once the web browser is closed, while others can last for much longer (but eventually expire). Cookies can be set by the website itself or by third parties, such as advertising companies with ads displayed on that website.
While cookies can provide many benefits (such as enhancing user experience and keeping track of what’s in your online shopping cart), they also raise some privacy issues; for example, they build user profiles (which can be quite detailed), and enable users’ web habits to be tracked. It’s therefore no surprise that a lot of people disable or delete cookies – because who wants to be tracked, right?
Beyond the cookie
Cookies have been around for quite some time now, having been invented in 1994 (almost as old as the world wide web itself!). Although cookies are still widely used, the ability to disable, delete, and block them has led to many websites and third parties using other means to track users, without the use of cookies. Enter browser fingerprinting.
Browser fingerprinting – also known as device fingerprinting – is another way to track users online, even if they have taken measures to try and prevent it from happening (for example, by disabling or blocking cookies, using a VPN to mask an IP address, or using private browsing or incognito mode). When you visit a website, your browser or device provides the website with access to highly specific information about its systems and settings. This may include the type and version of browser and operating systems being used, screen size and resolution, plugins, time zone, supported fonts, and cookies preferences, amongst other characteristics. Together, this information creates a unique profile (in other words, a ’fingerprint’) about you, and it can be used to distinguish you from other users or recognise you when you revisit a website.
Another method of online tracking is through a ‘web bug’ or ‘pixel tag’. This is a small, practically invisible graphic that is loaded on a website. Often, it’s something like a single white pixel loaded on a page with a white background, so you aren’t aware that it’s there. The pixel tag lives on a server somewhere on the web, and whenever your browser or email client loads it, various pieces of information can be collected and sent to the web server, such as the time and date of your visit, your location, IP address, or activities on the website during that visit.
Like cookies, there are some privacy-enhancing measures that users can take to try and stop being tracked through browser fingerprinting or web bugs. However, there is no single or perfect solution to prevent being tracked via these and all the other methods out there. Given the value of our information, there is little doubt that online tracking methods will only increase and/or become increasingly sophisticated.
So… what does this mean for privacy?
The idea of being tracked online can be quite disturbing, and can feel like an invasion of privacy. Yet protecting one’s privacy online is no easy feat, what with the multitude of different online tracking methods that can be used.
Fortunately, there is some help at hand. Many companies are constantly working to implement better privacy protections for online users. Apple, for example, introduced anti-tracking features for its web browser Safari back in 2017, and more recently, announced more new features that would limit the browser information accessible to websites. Other web browsers such as Chrome and Firefox also have similar ad blocking or anti-tracking features.
Users themselves can take some steps to enhance their privacy when browsing the web, such as disabling or deleting cookies, installing browser plugins or tools to help impede online tracking, or choosing a browser that offers stronger privacy settings and features. Doing some research and deciding what measures work best for you is one step towards protecting your privacy online.
This article was written by Tricia Asibal, Policy Analyst, Office of the Victorian Information Commissioner.