7 Surprising Facts About Web Tracking

by Brad Johnson, on Nov 4, 2015 4:52:00 PM

What We’ve Observed Using Privacy Watch

web watch.png

We used Privacy Watch to see who was tracking us. Privacy Watch is the free browser extension for shedding light on data trackers.

Ethan Zuckerman, internet activist and father of the popup ad, referred to digital advertising as “the original sin of the web.” But he wasn’t referring to the annoyance of ads, Zuckerman was instead talking about the race to the bottom internet ads created: online surveillance. Better and more invasive user tracking is the backbone of every new company’s promise that their “ads will be worth more than everyone else’s ads.”

By continuously developing more sophisticated tracking technologies for ad targeting, analytics companies have created an imbalance in how the economy of the Internet operates, at the expense of internet users. Users are generally aware that they’re consenting to some level of tracking by websites in order to receive free content, but they lack visibility into the extent that this tracking occurs. We developed Privacy Watch to help bridge this awareness gap for users and nudge the Internet back towards a balance where both users and content providers benefit equally.

How Ads Changed the Way Websites Work

The quest for a more valuable ad has made an enormous impact on the anatomy of a website, probably more than you realize. You see banner ads, pop ups, ads in the side margin and ads just about everywhere else, but oftentimes advertisers are a bigger presence where you can’t see them.

Websites are chock full of invisible tracker technologies like cookies and “one pixel images” that are tracking your behavior and preferences. Almost all of these invisible trackers are dynamically loaded from websites other than the site you’re actually visiting and can affect the web page. Every time you reload a page, you may be exposing yourself to a completely new set of trackers. We used the Privacy Watch browser extension to see how prolific these third-party trackers really were. Here’s what we found:

1. There’s a lot of tracking occuring on News sites

We looked at a handful of the most popular news sites and were astounded at the number of trackers we uncovered. The New York Times alone relies on over 500 external sites to deliver the news, serve ads and observe site visitors. We also encountered over 4300 unique cookies, many of which were collecting information for third-party analytics companies. And it doesn’t matter which site you go to. TMZ.com, Fox News and Huffington Post indirectly shared data with over 680, 250 and 400 sites, respectively, making News sites some of the most tracking heavy sites we’ve observed.


The green dot is nytimes.com. When you visit nytimes.com,
your data could end up with any number of the other dots.

2. Trackers are even on your online banking site

Just about every site you visit, including your bank’s website, has embedded third-party trackers. Privacy Watch has identified trackers on banking sites, websites of health insurers, other medical sites and even on government sites.
You can be pretty confident that your bank (and any other site that possesses sensitive information) has good intentions regarding the use of trackers on their website; often these trackers are simply for monitoring site performance or some other benign function. However, it’s worth noting that while banks take the necessary precautions to protect their website from malicious attacks, third-party analytics companies don’t necessarily exercise that same care.

3. There are a few awesome sites with no trackers

Wikipedia is pretty cool. If you have been a student in the internet age, this isn’t that shocking. What is shocking is that we didn’t observe a single tracker or cookie on Wikipedia, not even for performance purposes. This is partially due to Wikipedia’s commitment to not showing ads.

There are a few other sites that also share Wikipedia’s commitment to no ads (or not tracking users). DuckDuckGo is a search engine for those concerned about online tracking and also has a spotless tracking record according to Privacy Watch. The Electronic Frontier Foundation has a few trackers on their page, but they restrict their third party dependencies to performance trackers from reputable vendors.

4. Social media connects you with more than just your friends

You probably had an idea that social media companies were tracking you, but the extent may surprise you. Social media widgets (for example, a Facebook “Like” button on a website) often include tracking scripts in them, so when you see one on a page there’s a good chance it sees you too.

Savvy websites will avoid third-party hosted social media widgets in favor of using their own. Though they look the same, self-hosted social media widgets are much more user-friendly with respect to tracking.

social media privacy watch.png

Social media sites are some of the most prevalent data collectors on the web.

5. Sites have you profiled, even if you don’t have an account

Companies tout their ability to identify users across devices, but it’s even easier to detect you across websites. Even if you never create an account with a specific site, as long as they have a tracker that has previously identified you then they probably know who you are.

We’ve detected Rubicon and other prominent trackers (like RocketFuel and Quantcast) on the majority of sites. Because analytics and marketing companies regularly share data with each other in order to augment their own datasets, it’s a safe assumption that just about every site that you visit has used your IP address or some other tracking identifier to know who you are and what ads to show you.

6. Many sites have incomplete privacy policies

Most sites discuss their tracking practices in their privacy policy and we’ve found that they generally address the extent of their own privacy related data collection. However, it seems many sites are unaware of the extent of data collection by the affiliated (and unaffiliated) partners on their site. While most websites mention that they share with affiliated third parties, we’ve observed cases where these third parties are using scripts and cookies to collect attributes outside the scope of the original website’s privacy policy.

7. Safe browsing modes aren’t exactly safe

Thought you were safe when you’re browsing incognito (or any other safe browsing) mode? Not so fast. Your browsing habits may be hidden on your computer (or device), but every site that you visit can still be logged by data trackers and included in their version of your browser history. Many of the tracking events that we detected with Privacy Watch involved the sharing of browser histories.

In other words, if they want it, most companies have access to your personal browsing history. In order to derive the metadata necessary for business analysis, which companies use to focus their marketing efforts, there’s likely a database with your (and everyone else’s) browser history on it.

browsing history.png

Your browsing history tells a lot of information about you.
Topics:Privacy Watch