Here is a short list of some ways you can be tracked online. Please understand this is not an all-inclusive list. Some methods are old, some new. Technology changes by the hour. This is just to give our members an idea.
Trackers used by Search engines & Retailers
1. Cookies (and Similar Technologies)
• How it Works: Cookies are small text files that websites store on your computer or device when you visit them. They contain information like your login details, shopping cart items, or preferences. There are different types of cookies:
* First-party cookies: Set by the website you’re directly visiting. These are often used for functionality (remembering items in your cart) and can be relatively benign.
* Third-party cookies: Set by a different domain than the one you’re visiting. These are the big privacy concerns. They’re often used by advertising networks to track you across multiple websites. For example, if you visit a shoe store and then a news site, the same third-party cookie can be used to connect those visits.
* Other Similar Technologies: Beyond traditional cookies, there are things like:
* Local Storage: Similar to cookies, but can store more data and isn’t automatically sent with every request.
* Web Beacons/Tracking Pixels: Tiny, invisible images embedded in web pages or emails. They report back to the server when the page/email is loaded, allowing tracking of views and user behavior.
• What it Tracks: Browsing history, preferences, login information, shopping habits, demographics (sometimes inferred).
• Why They Do It: Personalization (showing you relevant ads and content), targeted advertising, website analytics, remembering your preferences, and tracking conversions (e.g., if an ad led to a purchase).
• Mitigation: Browser settings to block third-party cookies, privacy-focused browsers (Brave, DuckDuckGo), cookie-blocking extensions (Privacy Badger, uBlock Origin), regularly clearing cookies.
2. IP Address Tracking
• How it Works: Every device connected to the internet has a unique IP (Internet Protocol) address. When you visit a website, your IP address is logged by the web server. While not personally identifying on its own, it can be used to approximate your location (country, city, sometimes even neighborhood) and identify your internet service provider (ISP).
• What it Tracks: Approximate location, ISP, browsing activity (when combined with other data), device type.
• Why They Do It: Geotargeting (showing you local offers), fraud prevention, website analytics, content delivery (optimizing content for your location), and sometimes, in combination with other data, building a profile of your interests.
• Mitigation: Using a VPN (Virtual Private Network) masks your IP address with one from the VPN server, or using a proxy server. Tor browser also provides strong IP masking.
3. Fingerprinting
• How it Works: This is a more sophisticated and insidious form of tracking. Fingerprinting doesn’t rely on cookies. Instead, it collects information about your browser and device configuration – things like your browser version, operating system, installed fonts, plugins, screen resolution, time zone, and even how your mouse moves. This creates a unique “fingerprint” that can identify you even if you clear your cookies or use a VPN. It’s like identifying someone by their gait and height, rather than their name.
• What it Tracks: A unique identifier based on your browser/device configuration. This allows for tracking across websites even without cookies.
• Why They Do It: More persistent tracking than cookies, ad targeting, fraud prevention, identifying returning visitors.
• Mitigation: This is very difficult to block completely. Privacy-focused browsers (Brave, Tor) offer some protection. Browser extensions like Privacy Badger can block some fingerprinting scripts. Regularly updating your browser and OS can help, as it changes your fingerprint. Using a highly standardized browser configuration can also reduce uniqueness.
4. Web Tracking/Tracking Pixels (Beyond Cookies)
• How it Works: Similar to cookies, but often more subtle. Websites embed tiny, invisible images (tracking pixels) or JavaScript code from third-party services (like Facebook Pixel, Google Analytics, etc.). When you load a page with these embedded elements, your browser sends a request to the third-party server, revealing information about your visit.
• What it Tracks: Pages visited, time spent on page, links clicked, referral source, browser information, IP address. This data is often linked to your profile on the third-party platform.
• Why They Do It: Website analytics, ad tracking, retargeting (showing you ads for products you viewed), building user profiles, measuring ad campaign effectiveness.
• Mitigation: Browser extensions like Privacy Badger, uBlock Origin, and Ghostery can block many tracking scripts and pixels. Privacy-focused browsers also offer built-in protection.
5. Account-Based Tracking & Loyalty Programs
• How it Works: When you create an account on a website (e.g., Amazon, online retailer, social media) or participate in a loyalty program, you’re essentially giving them permission to track your activity within their platform. They can link your purchases, browsing history, and other interactions to your account. This data is often combined with data from other sources (e.g., third-party data brokers).
• What it Tracks: Purchases, browsing history within the platform, demographics (if provided), interests (inferred from your activity), email interactions.
• Why They say they Do It: Personalization, targeted marketing, customer relationship management, building detailed customer profiles, improving product recommendations, and increasing sales.
• Mitigation: Minimize the number of accounts you create, use strong passwords, review privacy settings, and be cautious about sharing personal information. Consider using a separate email address for online shopping and accounts.
Ways your Government may track you online
1. Mass Surveillance Programs (Collecting Data in Bulk)
• PRISM (Revealed by Snowden): This program allowed the NSA to collect internet communications from major US tech companies (Google, Facebook, Apple, Microsoft, etc.). It wasn’t direct access to servers, but rather legal orders compelling companies to hand over data when presented with valid warrants/court orders. The data included emails, search history, file transfers, and more.
• Upstream (Revealed by Snowden): This program involved tapping into the physical infrastructure of the internet (backbones of major telecom companies) to collect a vast amount of internet traffic. This was even broader than PRISM, as it captured data before it reached specific servers.
• Stellarwind: An earlier program that involved warrantless surveillance of communications, later subject to legal challenges and reforms.
• Data Brokers: The government increasingly purchases data from commercial data brokers. This allows them to bypass warrant requirements for certain types of information, as the data was originally collected by a private entity. This is a growing concern for privacy advocates.
2. Targeted Surveillance Tools (Focusing on Specific Individuals)
• Carnivore/DCSNet: An older system that allowed the FBI to monitor email traffic. It was controversial and eventually replaced by more modern systems.
• Network Investigative Tools (NITs): A suite of tools used by law enforcement to analyze network traffic, identify patterns, and track individuals.
• Cell Site Simulators (Stingrays): These devices mimic cell towers, tricking mobile phones into connecting to them. This allows law enforcement to track the location of phones and intercept communications. Their use is often shrouded in secrecy, and legal regulations vary.
• Social Media Monitoring Tools: The government uses various tools to monitor social media platforms for keywords, hashtags, and user activity related to investigations or potential threats. Some tools use AI and machine learning to analyze content and identify relevant information.
• Malware and Remote Access Trojans (RATs): While controversial, intelligence agencies are known to develop and deploy malware to gain access to computers and networks for surveillance purposes. This is subject to strict legal oversight (in theory).
3. Data Analysis and AI Tools
• XKeyscore (Revealed by Snowden): A system that allowed analysts to search vast databases of internet traffic using keywords, email addresses, IP addresses, and other identifiers. It was a powerful tool for identifying individuals of interest.
• Mainway: Another data analysis system that integrated data from various sources, including phone records, email, and internet activity.
• AI-Powered Analytics: Intelligence agencies are increasingly using artificial intelligence and machine learning to analyze large datasets, identify patterns, and predict future behavior. This includes facial recognition, natural language processing, and predictive policing.
4. Legal Authorities Enabling Surveillance
• Foreign Intelligence Surveillance Act (FISA): This law allows the government to conduct surveillance for foreign intelligence purposes, often without a traditional warrant. The FISA court operates in secret and has been criticized for its lack of transparency.
• USA PATRIOT Act: Passed after 9/11, this law expanded the government’s surveillance powers, including the ability to collect bulk data on citizens.
• Executive Orders: Presidents can issue executive orders that authorize surveillance activities, often in the name of national security.
• National Security Letters (NSLs): These are demands for information issued by the FBI, often without a warrant. They are typically used to obtain records from businesses, such as phone records or internet history.