Skip to Main Content

Everything you need to know about web tracking plus how to help stop it 

You may think that whatever you do online stays between you and your laptop screen, but the disconcerting reality is that you’re being watched by an army of invisible eyes. Every click. Every scroll. Every website. And drawing the blinds won’t help. To corporations, you’re a hot commodity and potential customer whose every action and interest can be manipulated and monetized. Learn how web tracking works and how to shield yourself. A simple first step to help safeguard your data starts with browsers dedicated to greater privacy, like Avira Secure Browser.  

 

Welcome to our modern world of web tracking 

George Orwell wasn’t far off when he wrote his famous novel about a dystopian surveillance state. Remember “1984” where citizens were relentlessly monitored by government cameras that had access to their most intimate information and daily lives? Fast forward to 2023, and anyone using an internet-enabled device is granting private companies similar powers. Yet many of us are either blissfully unaware or accept that being monitored, monetized, and manipulated with every click is a price worth paying. The internet packs our days with endless shopping, banking, browsing, posting, messaging, video streaming…and most of us couldn’t imagine a day without it.  

Yet it’s important to remember that it’s your data so it’s not unreasonable to ask questions. What’s being harvested? Why and how? And ultimately, what’s happening to it? Find out the answers below as we delve deeper into web tracking—plus you’ll learn how to reclaim your privacy with the help of tips and tools that can help cover your digital tracks.  

What is website tracking or internet tracking? Is it all bad? A quick overview 

As we navigate the web and interact with websites, ads, and other digital content, our online activities are monitored, and our data is continuously collected and shared. That’s “web tracking” (or website tracking) and it goes by many names, including browser tracking, internet tracking, digital tracking, and data tracking. It’s carried out for various reasons, and many do have the user experience at heart. In a nutshell, web tracking helps companies and website owners understand their visitors better so they can improve their products and services. They also use this information to make their websites more user friendly and to deliver a personalized browsing experience, including adverts that are customized to your interests. While many of us will instinctively recoil at the word “advert”, don’t be too hasty. If you’re a Netflix or Amazon fan, you’ll probably appreciate suggestions on what to watch or buy next! 

So far, so good. Your data isn’t necessarily at risk, and you’ll generally be rewarded with faster, more productive browsing, and ads you might find useful. Yet what about your right to privacy? That’s why internet tracking is a contentious issue and continues to raise important questions about user consent and data ownership—and, of course, the potential for misuse. Efforts are being made to curb it and give the user greater control. Data privacy laws like The General Data Protection Regulation (GDPR) in the European Union, for example, requires websites to obtain your consent before implementing tracking mechanisms.  

It’s important to remember that you play the biggest role in safeguarding your privacy. Better understanding data tracking, including the methods implemented and reasons behind it, will help you control what you share. Web tracking can serve you well—but it’s not primarily about your online convenience and happiness.  

Who tracks you online and why? 

Pretty much everyone is doing it—the apps you use, your favorite social media platforms, the websites you visit, Google, the YouTube influencers you love… And that’s not all. Companies you’ve never interacted with nor heard of are being fed your data too. That’s because data brokers collect information from various sources to build up a detailed picture of you and then sell this information on. Data broking is big business and you and your online habits are their goldmine. Did you know that some websites allow you to view the data they have stored about you? Here’s how to download your Google data so you can see how much of your personal information has been exposed online! 

It’s not just your personal data. To companies and other content owners, it’s also a:   

  • Revenue stream
    Websites don’t just store your data but sometimes sell it too, usually to advertising companies who then target you with the relevant products and services. In this way, information about you and your online behavior becomes valuable financial support for the website owner. Think of all the digital content you enjoy for free—whether it’s an online newspaper or a YouTube video. Journalists, influencers, video producers, and others all rely on advertising revenue (and the users who watch the ads) so they can continue to create their wares. You won’t need to open your wallet—your online data will do!  
  • E-commerce driver
    E-commerce websites exist to sell you as much as they possibly can, and web tracking helps them achieve this. They take a deep dive into your habits, likes/dislikes, and shopping styles. Did you let an item languish in your basket before walking away or did you click “buy now”? And if you left the site, did you come back later? Do you usually compare prices and reviews before buying? Have you ignored something and bought it once it was reduced? Retailers use specialized platforms to collect, store, and manage this data, and craft multiple threads of information into a single overview that can inform their sales and marketing strategies.  
    E-Commerce companies have been accused of (and hotly deny) using data to manipulate prices and product selection. For example, if you’re searching for a laptop using an expensive device with an IP address in an area with a high cost of living, beware! You may be served up only premium products. And if you’re looking for a cheap flight to Mallorca for your summer holidays, avoid that expensive laptop and think about disguising your IP address again—or you may end up paying more for your ticket.  
  • Targeted advertising tool
    As touched on above, providing the data that powers targeted ads is a top priority of website tracking. We’ve all seen the usual “We use tracking cookies to improve your experience on our website”—and by “experience” they mean the ads you’ll see, not your personal happiness index after browsing. Websites use third-party cookies to show you ads tailored to your needs and interests. If you want to thwart the ambitions of this targeted advertising (also called relevant or personalized), it’s easy to block third-party cookies. Here’s how to clear, manage, and block cookies in Chrome 
  • Website analytics and business performance measure 
    Web analytics is the study of how visitors behave on a website. It utilizes web tracking technology to harvest visitor data and organize it meaningfully. Web administrators can then use it to gain actionable insight into where users spend their time, what they avoid, where they come from and what products and services they engage with most (or avoid). Web analysis helps guide a company’s web content strategies and even the release of new products and services. You may just be choosing the teddy bear in blue trousers over the one wearing green, but your child’s birthday present helped shape a future company decision. 
  • Website usability tester
    Users are invited to try out a new app or website to review its performance, ease of use, strengths, and weaknesses. This is called usability testing, and the results help design and development teams optimize their work and iron out any problems before the final product is coded. Web-tracking technology turns us all into potential testers! Companies can use these tools to conduct remote testing on site visitors and gather reams of data on user behavior and preferences. For example, how quickly did you find the information you needed and what path did you take?  

Why website tracking is the real cookie monster 

Websites are always finding new ways to track us, but cookies are still the most common, which is why we’ve whipped up a whole section devoted to them here. Internet cookies are text files that contain small pieces of data—such as a username, password, and user preferences— instead of chocolate chips. These files are used to identify your computer when you’re connected to a network. As soon as your device is online the server creates a cookie containing your unique data label (like an ID). This cookie is passed between your device and the network server and when the server reads your ID it recognizes you and knows what information to serve you.  

Without cookies, no website would remember you and your progress online would be slower and more tedious. You’d need to log in to a site every time you leave it, for example. E-commerce sites typically use cookies to track the items you previously viewed so they can suggest other products you might like. But it’s not all about sales or the user experience. Web developers benefit too because your computer serves as the cookie storage “tin”. Any cookies are stored locally on your device which helps free up space on a website’s servers, reducing server storage, admin, and maintenance costs.   

Previously, packets of data called “magic cookies” were passed around. Later, these were optimized for web browsing and today’s internet cookies are HTTP cookies designed specifically for web browsers to track and gather analytics data. To make things slightly more confusing, there are two types of HTTP cookies. As the name implies, session cookies last for a single session (that’s the time between when you launch a website or app and then close it). The information they contain is stored in random access memory and because RAM is temporary memory, its contents are deleted when the session ends. That’s why they’re also known as non-persistent cookies or temporary cookies. They also differ from other cookies in that they’re usually exempt from consent requirements because as “strictly necessary cookies”, they’re essential for a website to function properly. To see session cookies in action, head to an online shopping site and pop a few items into the shopping cart. Throughout your browsing session, it’s the session cookies that keep your shopping basket full and let you add items to your basket before you log in. They also help the website remember your selections and recall your preferences—for example, do you like sports news or politics? Session cookies know.   

Then there are persistent cookies which, as you can imagine, remain on your computer indefinitely or until they expire. These cookies that don’t go stale can be broken down into two types: Authentication cookies track whether a user is logged in and what details they used to log in. Tracking cookies are like a tenacious police dog. They’ll sniff out all your visits to the same site and monitor your activities there (like the pages and products you viewed). Over time, a profile can be built based on your web history on that site. Tracking cookies are specific to a single website, which is why you must “accept” or “decline” them every time you visit. 

Cookies and other legitimate online tracking tools shouldn’t be confused with malware or stalkerware though.  

Where do cookies come from? First-party vs third-party cookies 

There’s a last batch of cookies to get a handle on because internet cookies can be broken down into two further categories: first-party and third-party cookies, depending on where they come from. Understanding their role is critical to helping you gain some control of online advertising and your privacy.    

The “good” cookies: First-party cookies are created by the host domain, so the website you’re on. They’re generally considered safe, if that website is trustworthy and hasn’t been compromised by a recent data breach or cyberattack. These cookies do all the good deeds we discussed above, such as remembering key bits of information so you can enjoy a faster and better user experience.   

The “not-so-good” cookies: Third-party cookies are generated by websites other than those you’re currently surfing on—usually because they’re linked to the ads you’re seeing on that page. You could innocently visit a site without realizing that it has invited a group of strange guests—third-party cookies that track your behavior on that site and other sites you visit in the future. You’ll never know how many invisible eyes are watching, what data they’re harvesting, nor what they’re doing with it. This type of tracking is often popular with advertisers. While third-party cookies aren’t inherently bad, users are right to have privacy concerns and to question their necessity. After all, websites don’t need them to function.  

What are other common web-tracking tools? 

Although advertisers and user-experience designers love cookies, there are many other commonly used data website tracking methods—and the list keeps growing.  

Web beacons are also known as pixel tags, web bugs, and clear GIFs. These transparent images are tiny (usually just one pixel) and are embedded into web pages and emails. When a user opens that page or email, the web beacon unobtrusively tracks their online journey, as well as their IP address and the type of browser they use. Perhaps the most famous web beacon is the Facebook pixel. When this tiny bit of code is inserted on a website, it provides owners with huge amounts of data to use in targeted Facebook campaigns. Ideally, companies that use web beacons must be transparent about it and what information they’re collecting. 

IP address monitoring takes advantage of IP addresses, the unique identifiers that are assigned to every device when it connects to the internet or a local network. Websites can use this information to track where a visitor is coming from to analyze web traffic and serve up personalized content. If Amazon “sees” you’re in the UK, for example, you won’t be shown products from its US site. Read up on types of IP addresses here and what they can reveal about you.  

JavaScript code and tracking scripts capture information about user actions, such as page views and clicks. Analytics services like Google Analytics use these scripts to provide website owners with detailed insight into the customer journey and behavior. This can help sites improve their marketing ROI.  

Device fingerprinting collects information about a device, including the hardware and software configurations and which browser it’s using. This data helps create a unique “fingerprint” for that computer so it can be tracked as its user browses the web.  

Browser fingerprinting: This is like device fingerprinting but involves collecting information about a user’s browser configuration, including browser extensions, installed fonts, and other settings. The result is a unique, identifying “fingerprint” for that browser. If you’re curious about what you could be revealing about yourself when you land on a website, see this blog on browser fingerprinting 

Session replay scripts record your activity as you browse on a website, including every click, scroll, and u-turn you make. Hover over something at your peril—it’s watching! This is useful for web designers who want to enhance the user experience. Are site visitors getting lost and rage-clicking, for example?  

Mouse-tracking or cursor-tracking tools are much like the above and record mouse movements to analyze how a user navigates a website. 

Favicons are basically super-cookies. They operate like cookies but are more tenacious, making them difficult to decline or remove. 

Social media widgets are small programs that are integrated into social media platforms and blogs to allow users to interact with other users and share content. If you’ve ever pressed the “like” button on Facebook, you’ve engaged with this widget. These codes can track the number of visitors to a post and how often it’s shared, for example.  

Click-through rates measure the number of times an online user visits digital content that’s been advertised or otherwise flagged to them. This provides useful insight for marketers and advertisers looking to improve their content strategies.  

Every mouse movement and every data crumb…As you’ll have seen above, online tracking is relentless, sophisticated, and difficult to spot. It’s also a minefield that can put your privacy at risk. Tools like Avira Secure Browser can help. This free Google Chrome extension offers anti-tracking powers and a Private Mode, so your browsing history, cookies, and site data are less visible to prying eyes.  

 

What are the legal implications of web tracking? 

Is it legal…or not? That depends on various factors, including the type of tracking, whether the user has given informed consent, and the jurisdiction of the website owner. Regulations governing online privacy and data protection vary greatly around the world, adding to the muddle.  

In the European Union, General Data Protection Regulation (GDPR) governs the processing of personal data. Under its laws, websites must obtain explicit and informed consent from users before collecting and processing personal information. Users have the right to know what data is being collected and for what purpose. Importantly, they can opt out. In addition, the ePrivacy Directive legislates the confidentiality of communications and rules around tracking and monitoring. 

Similar protections for users exist elsewhere. Over the pond in the United States, the California Consumer Privacy Act (CCPA) grants California residents certain rights regarding their personal information. Businesses subject to these laws must inform users about the types of personal information collected and what it will be used for. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) oversees the collection and use of personal information. 

Some rules apply only to certain industries. For instance, healthcare-related websites may be subject to additional privacy regulations to protect confidential health information and patient details. 

Remember to always check a website’s Terms of Service and Privacy Policies which outline how their user data is collected and used. These should always be transparent and allow you to opt out of certain cookies and other data-gathering tools. Be careful though, as sometimes your consent is assumed as soon as you use the website!  

Businesses and website operators must comply with the relevant privacy laws and regulations. If they don’t, they could face legal consequences, including fines and other penalties. As a user, you can hold them accountable too. Know your rights and demand clarity in any data-collection practices. If you’re not happy with your options, shop or browse elsewhere—and play it safer by assuming that more of your data than you suspect is tracked. While pop-ups will gleefully proclaim “We value your privacy!”, the truth is, you may be the only one who does. If you’d like to explore the current trends in data protection, and possible strategies for a safer digital future, this article by the European Data Protection Supervisor is essential reading. 

Should you be worried about web tracking?  

The rise of social networks and mobile devices has taken the opportunities for data tracking and harvesting to previously unimagined heights. Particularly third-party cookies can secretly syphon data to unknown entities whose intentions aren’t known. If cybercriminals lay claim to it (via those darned third-party cookies again or by hacking into a data-broker site, for example) they could send you pop-ups laced with malware. It’s always useful to remember that there’s no such thing as a free lunch. We’re served a tantalizing digital buffet of free-to-use shopping, streaming, and social media apps every day…but our data is the price we pay.  

Remember the Cambridge Analytica scandal? Millions of Facebook profiles were harvested, and users subjected to targeted information that may allegedly have swung election campaigns.  It’s never “just” data that’s taken. Knowledge is power and can be used to manipulate more than our buying decisions. 

How to stop being tracked online: Top 10 tips 

Here’s how to become more of an online phantom who leaves no (well, less of) a trace.  

  1. Use an anti-tracking browser.
    Many, like Avira Secure Browser, are free and help block trackers so you can better control who knows what about your online browsing and search history. The integrated Web Shield from Avira also helps block dangerous URLs while the Privacy Guard helps keep fingerprinting technology at bay, so your online actions are less likely to be profiled.  
  2. Use a private search engine.
    It’s no secret that the most popular search engines collect a wealth of data about you. If you want to ditch the location tracking and filtered content, opt for a private search engine. Popular options include DuckDuckGo and the Start page.  
  3. Use a VPN.
    A Virtual Private Network can encrypt the data moving to and from your web browser and help conceal your location and IP address. A free VPN for PCs like Avira Phantom VPN helps improve your anonymity online but remember that VPNs generally can’t block cookies and other trackers.  
  4. Use a password manager.
    Delete your saved passwords and instead of allowing your browser to store passwords, choose a password manager. Avira Password Manager generates unique, hard-to-crack passwords, helps securely store them, and syncs across your devices. Strong passwords are a first line of defense for anyone serious about their privacy.   
  5. Regularly clear your cookies and search history.
    Clearing your cookies
    and deleting your browser history should be part of your internet routine. This helps your browser run more smoothly while helping prevent others from seeing what you do online. These are just a temporary fix though! As soon as you hop online, the cookies will build back up.   
  6. Adjust your browser settings.
    The most popular browsers offer basic protection against web tracking. Firefox and Safari, for example, block third-party cookies by default. You can set Chrome to block cookies too. Within your browser settings, you can send a Do Not Track request when you visit a website, but most sites cheekily ignore these.  
  7. Only visit secure websites and be ultra-careful on public WiFi.
    Make it a rule to only visit trusted websites that have HTTPS in the URL. This means that they’re encrypted and offer higher security. And be especially way when using public WiFi as these can be unsecured and more vulnerable to attack.  
  8. Don’t use an existing login when creating new accounts.
    While it’s convenient to use your existing Facebook or Google login when creating a new account, it can put your personal data at risk. You’ll be handing that website access to some of your personal data. It may be tedious, but always use a new login name and password for every online account. Some people even create a new email address for every service they access! 
  9. Create multiple browser profiles. 
    Most main browsers, like Firefox and Chrome, support the use of multiple profiles and this can improve your privacy. It means that your cookies, plug-ins, search history, and more aren’t stored in a single place so it’s harder to build a profile of you. You can also go a step further and use multiple web browsers to separate your activities and reduce the amount of information any one company can learn about you. Don’t forget: Keep your browsers (and all your apps) up to date! Outdated software may fall prey to hackers exploiting old security updates. 
  10. Switch from mobile apps to a web browser.
    Did you know that mobile apps usually access and collect more personal data than browsers? If you have a burning desire to post a Facebook update, wait until you’re at a desktop PC or laptop instead of whipping out your phone. Also look at what’s installed on your phone and delete any apps you don’t recognize or use.   
    Not all web tracking is bad but there are downsides. You don’t have to let your digital life be an open book! You can take a stand for your privacy and say no to invasive internet trackers—it just takes a little effort and some extra tools.
     

This post is also available in: GermanFrenchItalian

Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.
Avira logo

Better online privacy can start with the right browser: Avira Secure Browser

Avira logo

Better online privacy can start with the right browser: Avira Secure Browser

Avira logo

Help shield your privacy and stay safer from online threats: Avira Mobile Security for iOS.

Avira logo

Help shield your privacy and stay safer from online threats: Avira Antivirus Security for Android.