Tracking Online, What You Need To Know

26 Oct 2023

Are you happy allowing someone to listen in on your private conversations, read your mail, or go through your desk, in order to sell you something?  In all likelihood, we are all allowing it unknowingly every day whilst we are online.

Businesses use different techniques to track our behaviour and send us “targeted” advertising – and to create complete user profiles. All this is performed under the guise of providing us with “personalized” online experiences.

How Do Cookies, Pixels and Tags Make This Possible?

Cookies

Are small “files” that allow websites to store user information and online activity are broken down into two types;

1. First-Party

   • These connect you to a single website. They hold on to some personal information to make the website easier to use (for example, remaining logged into the site).

2. Third-Party

   • These allow someone to track your shopping or other activity across the internet.

Websites in certain countries are required to provide an opt-out or opt-in mechanism, via cookie banners that many of us know. Moreover, these have long been considered a threat to privacy, so-much-so, Google has been pressured into deprecating them by the second half of 2024 (for 1% of internet users).

Pixels

Small images (1x1 or 0x0 pixels in dimension) embedded in the code of webpages - are “invisible” and can “send” all sorts of personal data to marketers. This can include data on how a user interacts with a web page, specific items a user has purchased, or information users have typed within an online form.

Pixel tracking can be monetized: for example, audiences that have visited certain types of sites can be sold to companies wishing to advertise with more targeted advertisement content.

Facebook’s pixel-tracking technology has been found to directly violate the GDPR and the so-called ‘Schrems II’ decision on transatlantic dataflows and has been ruled illegal.

Tag

These are small pieces of code inserted in the website code - are even more invasive: they collect all the javascript parameters from a browser.  If you have a Facebook or X icon – social media sharing buttons - on your website, you cannot control tracking by third parties on your website anymore, since it is third-party code

Example: Bank websites – many of them have javascript tags on their login page – these tags for example can harvest keystrokes (which includes the passwords you type when logging in). This should give us pause: How secure is it to have tags on a website where you enter personal access codes and other information accessible through keystroke logging

Summary

Tracking consumer’s online behaviour is a multi-billion dollar industry which isn’t going away anytime soon, tech companies are building new mechanisms to harvest user data in place of the third-party cookie. And, the greyish legal environment of the metaverse presents a wealth of opportunities for tech companies to completely rewrite the rulebook.

Reviewing our current state of play, blocking third-party cookies is not yet 100% effective. Useless ads keep being fired at us – because we looked at something, because we belong to a certain demographic – or because the “internet knows” that we experience depression or have faced fertility issues - all of which should absolutely stay private.

Yet, Google and Co. know all of your secrets and if you have ever searched for information on a medical condition on Google, this is likely to be found on your profile. Google sells search history data to companies who want to personalize the user experience – also in Europe

How should consumers keep themselves safe online, and how do organizations ensure they only collect what is absolutely necessary?

Recommendation

Consumer

There is a desperate need for more consumer literacy around data privacy, and as more of our lives move online it is important for all internet users to better understand how their information is being used.

• This article lists a host of organizations that aim to help protect consumer rights online and have a lot of great content.

• Use an ad-blocking browser like Brave or Firefox. These block the ads and the tracking pixels and tags discussed above.

• Additional Chrome extensions such as Ghostery and Adblock can help you identify how many trackers a website has (and help you block them), whilst also stopping unwanted ads.

• Apple products have a feature that allows you to block tracking at source, which makes it really simple to turn off unwanted advertising.

• As a personal preference, I would also recommend you install Malwarebytes, which is a powerful (and cost-effective) cybersecurity software.

• Our good friend Augustine Fou developed a tool which allows you to view all the trackers on any given site, and see where that data flows

Organization

The rallying cry from most marketing departments now is that ‘data is king’!

But, the important questions organizations need to be asking themselves are:

• How ethical are our data processing frameworks?
• Have our vendor’s practices been properly vetted?
• Are we keeping our customers safe?

A recent study by the Mozilla Foundation found that car manufacturers are some of the worst perpetrators of bad data practice, collecting data including anything from the user’s name, address, phone number, and email address to more intimate data like photos, calendar information, and even details on the driver’s race, genetic information, and immigration status.

How necessary is this to the manufacturer? Probably not much, but they don’t use it, they sell it to third-party data brokers, who then sell it to advertising companies.

Final Statemen

Trust 3.0 is a data privacy advocacy group committed to helping consumers and organizations develop a better understanding of data best practices. We convene the brightest minds in data to debate the best way for organizations to build sustainable and equitable solutions that consumers can trust.

As part of our Champions of Digital Trust series you can watch our interview with Augustine Fou here

Written by Lydia Knab, Greig Dowling, with help from Dr Augustine Fou.