Cookies and fingerprinting: tracking methods clearly explained
Share This Post
You have probably heard of cookies and perhaps fingerprinting in connection with online tracking. But do you also know what is behind it and what different variants there are? We introduce the most common techniques that tracker operators use to track you across the web to monitor your browsing behavior. We also explain how you can protect yourself from the different tracking methods.
A cookie is a small text file that is stored on your computer or mobile device for a certain period of time when you visit a website. It contains, for example, log-in data or the current content of your shopping cart. Browser cookies are used to “mark” a visitor of a website in order to recognize them and their settings later on.
Cookies are the most common method of tracking users across multiple websites. Third-party tracking cookies store data about visited websites to log the user’s browsing history over a long period of time. They land on your device via embedded image files (advertising banners or counting pixels). Fortunately, it is pretty easy to delete or block third-party cookies in your browser settings. More information below.
Supercookies contain a unique identifier which allows trackers to link records in their data to track your browsing history and browsing behaviour (e.g., visited websites including the length of your stay). One example are Flash cookies (aka Local Share Objects or LSO) which, in contrast to standard cookies, work browser-independent and do not have an expiry date. They are stored locally and can be removed manually. To prevent them from being stored on your device at all, you should set the Flash plugin in your browser to not load flash objects at all or only with your consent. To do this, select the options “Never activate” or “Ask to activate”.
Evercookies are extremely persistent and difficult to get rid of once they got on the device. Their purpose is to identify a user even after they removed standard cookies, Flash cookies, and others. Evercookies use different storage mechanisms to store data in different formats in multiple locations on your device. If cookie data is removed, it is immediately recovered from an alternative storage location.
Fingerprinting can be used to identify individual devices or users and track them across multiple websites even when cookies are turned off. As the name implies, a “fingerprint” of the system is created, which serves as a unique identifier. For a long time, this tracking technology was only successful if the user did not use several browsers in parallel. Today fingerprinting also allows tracking of a user across multiple browsers on the same device.
The most common fingerprinting method is canvas fingerprinting. A tracking script generates a so-called canvas image, which is loaded in the background and contains a short text. The rendering of the image varies slightly depending on operating system, browser, graphics chip, graphics driver, and installed fonts. This minimal difference is sufficient to identify the device and thus, the user with a high probability of recognizing them when they visit another website which uses the same tracking method.
Other fingerprinting methods
Using all these methods, tracking operators collect massive amounts of data from which they create detailed user profiles to use them for marketing purposes or resell them. They deliberately ignore the users’ desire to browse the Internet unobserved. The more the advertising industry knows about users, the more money they can earn. Highly personal information is stored in the databases of the tracking companies, from which conclusions can be drawn, not only about an individual’s financial situation, interests and shopping plans, but also about his or her sexual orientation, health, political views and religious beliefs.
How to protect yourself
Modern browsers provide basic protection against cookie tracking: In the settings you can specify that cookies are automatically removed when they expire or when you exit the browser. You may also block third party cookies in your browser settings. Setting up a new user profile in your browser is also often helpful to get rid of cookies. With Cliqz you are always on the safe side: No matter what settings you have in your browser, our anti-tracking does intelligent blocking of third-party cookies so that they cannot be used for tracking purposes.
Cliqz’s AI-powered anti-tracking technology implemented in the Cliqz Browserand Ghostery’s anti-tracking tool reliably protects users from being identified by third-party cookies or fingerprinting. It detects when a third-party tracker tries to retrieve unique identifiers or values that could be used as such and replaces the requested data with random values. This ensures that your identity and privacy on the web is always protected. Another advantage of our smart anti-tracking technology is that it protects you from trackers without breaking websites functionalities.
The Current State of GDPR
Online privacy has become a point of contention in recent years, particularly surrounding Facebook and Google. There is a lot being done behind the scenes...
VPNs: How do they work and things to consider
What’s a VPN? Virtual private networks, or VPNs, are a «connection method used to add security and privacy to private and public networks.»...