A tracker is a cross-site cookie used by ad companies, especially google, to monitor user behaviour and activities while on the web. These trackers can see what you’re doing on each website you visit or apps you use, and thus the power of targeted advertising. The ad trackers are the reason why the things searched for in one app or website show as ads on other sites or apps. There’s a danger, of course, but it might not be what you think. The first thing we need to understand is what a tracker really is and why it exists.
How do ads and trackers work?
When a website displays content, there may be an area dedicated to advertising. Usually, it’s a fixed-size block inside the website. What you may not realize is that if there’s an ad area on a website, then it will typically be Google Ads or some similar entity, usually in the form of an embed script from Google Ads. Therefore, a site like franklinetech.com becomes that plus the ad entity, say ads.google.com. This is usually the case across any site that is using the ad entity. The reason why it works like this is that each website property owner wants to make money from clicks, since google and other ad companies pay for clicks on the ads.
To enable this feature, the website owners sign up with AdSense or the alternative ad services and then embed the JavaScript code provided on the website. So basically every website now has a built-in Spyware because website owners deliberately insert this code as well as code for Google Analytics. The way the internet works, if you don’t put Google Analytics on your website, it might not be visible entirely to google, and you might as well hide the website from other search engines. The purpose of having a website is to have it seen by people on the internet. It would make no sense if it is hidden from Google, the biggest search engine.
An extra rule is in place to prevent nefarious use of these features on websites that affects ad programming. If a website stores information in a cookie which is a stored value on your browser, no other domain can read it. Presumably, this would keep you safe from sites tracking you on the internet. But here’s the kicker. For instance, ads.google.com can read cookies from ads.google.com, and since it is embedded in most websites, Google Ads can cheat this rule and track what you do on any website with an ad frame. So think about it. Google Ads can see everything you do on any site that has ads. They then are able to collect information about you and store and identify you on your browser.
It’s actually more complex than this because the ad frame area is not populated by Google Ads. I say google, but Google has many more domains because it bought many other ad companies. Therefore, my use of Google Ads as just a generic google domain.
The space created by the Google Ads code is auctioned in real-time and the winner of the auction gets to occupy the space in that website ad frame, which also means that there are other domains involved. Think of Google as the wholesaler from whom a retailer rents the space from Google for that one moment. While this retailer rents that space, it can also have its own domain cookies to track you beyond what is done by Google’s eyes. This is why ad blockers have to block so many more domains, since they have to deal with all the Google domains and all the ad retailers.
Let’s get back to the cookies. Ad retailers on an ad space track you by leaving an identity on the cookie that is unique to you. The data it collects on the ad window is then stored by the ad company. When you visit a different site and the same ad retailer can read the cookie, the retailer will identify and cross-check its database and find that you’ve been to a different site before and will then present you with ads related to the sites you have visited.
Why is this a problem?
What is wrong with ad companies tracking you? While the ads and ad retailers can be intrusive at times, it is not the ads that should worry us. The problem is that to push these ads, your activity on the internet which includes your locations, your IP Addresses, your clicks, your preferences, your website visits, and your purchases are recorded in various databases. This information can be used to learn about you. This information is also sold. So if improperly disseminated it can be quite dangerous because this is what is used to profile us politically, racially, financially, and so on. However, these trackers themselves are incapable of doing this profiling, hence this itself is not a source of panic.
Browser Fingerprinting
There are two additional layers of tracking going on, which barely depend on cookies. This method has become so effective that an ad company could skip cookies and will not miss a thing. The approach to tracking without cookies is using the technique called browser fingerprinting. The idea of the cookie tracker is to put out an identifier on your browser so that the ad company can check their databases to see what you have done recently.
Browser fingerprinting is based on the approach that there are unique characteristics of your browser that can make your device unique. For example, the type of device you’re using, the screen resolution, the color choice, the window size, the time zone, IP address, and the browser extensions. There is enough of this that there is a high probability of matching you based on browser characteristics alone. This is even more important because nowadays, a lot of people put ad blockers and delete cookies. Therefore, the technique of relying on a cookie is no longer reliable.
Google is attempting to block browser fingerprinting, but this plan has not been progressing for the past two years. Nothing so far has changed, and browser fingerprinting can still be done. The point is that tracking can continue without having to store a value in a cookie, hence blocking cookies does not protect you from an AD company.
Cross-Device Tracking.
There is a new technique called cross-device tracking. Cross-device tracking is heavily tied to your phone. It is also tied to google requiring two-factor authentication via the Google app and not just using a phone number for texting. The point of this move by Google is to match all your devices together so that whatever you do on all devices is seen together by Google. Many of us deal with multiple devices, and Google wants to make sure these are all tied together as a set. This idea of cross-device tracking is explained further in this article. Basically, the perpetrator of these is your Google ID, which is essentially your Gmail account. If they can tie each device to a fixed identity, then anything you do on any device can be cross-referenced. So if you search for motorcycles on your phone, motorcycles will pop out on the browser on your computer, and all this without ever needing a cookie.
With these two methods, the obsession with cookie trackers becomes an absolute waste of time. If you’re using an iPhone or google android, then there is no point worrying about trackers. It is plain and clear that you are being tracked through your phone, the same phone that is your Two Factor Authenticator for Google.
There are other moves to be made, and that is to pick a phone that doesn’t track you via this cross-device method. This also means instituting other procedures to prevent browser fingerprinting from harming you. The whole tracking industry has now centralized on the phone and without changing your approach to the mobile phone, then tracking will be absolutely accurate.
So what now with the ad blockers?
Ad blockers work like this, a list of all the domains of all the ad companies is maintained, and the companies are basically blocked from reaching the browser. This is done through DNS blocking, which is useful for blocking annoying pop-ups and irrelevant ads. It also limits the amount of information collected, since the tacking companies will be blocked from reaching your browser. But that doesn’t mean the companies won’t track you using other means. As long as you follow the procedures already mentioned above and in several other articles, you will limit the information collected.
The big picture here is to know that there are trackers. In fact, we have to face the fact that there can be no internet experience without trackers. The bigger problem is trackers with a permanent identity, like a Google ID and a Facebook ID. Temporary identities in cookie trackers are a more limited threat. All you need to do is deny giving the ad platforms a permanent identity, and they can’t do much to you. If a phone has no identity, to begin with, at least no permanent identity, then apps really can’t misuse your data. So nip the problem in the bud. Focus on stopping the identity tracking and the rest will solve itself.
Thank you for reading, and I hope you subscribe to my newsletter to see more of this content.