Who can track which websites I’ve visited?

06 May 2019

We often get asked who by users who it is that is tracking their browsing habits. The questions most often come up based on some creepy ads that are very specific to the user’s browsing habits.

How you’re tracked
Your browsing habits can be tracked based on a cookie (a file that is dropped on your computer so it is specific to your computer), your IP address (which may be shared by your family members at home or potentially some or all of your co-workers at work), your browser (based on specific configurations in your browser including the type, plugins installed, browser size, and other characteristics that, when combined, make for a unique fingerprint).

Why you are tracked
You most often will be tracked so companies can keep a history of all of your browsing habits. However, sometimes it is only for a rolling period of time (i.e. the past 3 months). This information is put through algorithms or AI (Artificial Intelligence) that identifies which ads you would most be susceptible to click on. There are other situations where this information might be used outside of advertising (i.e. law enforcement or, on the other extreme, hackers). Sometimes, the ad networks are not the ones that have tracked you directly. They will sometimes buy your data from third parties.

So who is selling my data?
There are several entities that can and do track you, sometimes for themselves and sometimes to sell the information to third parties:

  • ISPs – those companies you pay to get access to the Internet will collect this information and use it in different ways. This method captures all of your requests as long as you are connected to this ISPs Internet.
    Some people try to avoid being tracked by their ISPs by utilizing a VPN
  • VPNs – Virtual Private Networks allow you to route all of your requests securely (encrypted) through their servers, hiding your requests from the ISPs. However, sometimes they will sell your information or even utilize your network to make other requests without your explicit permission.
  • Ad Networks – You might have been on a website that has opted in to an ad network (either by showing ads or by paying ad networks to be able to track you on their site). They will track you, usually with a cookie, as you browse from website to website that has the tracking code. Therefore, you will be tracked only on some of the sites (how many sites depends on the size of the ad network
  • Web Browsers – Some browsers are set up to report back on which sites you have visited. This could apply to both desktop and mobile browsers. This method tracks all websites you have been to as long as you are using those browsers.
  • Browser Plugins – even popular browsers by large companies allow plugins. Several of these plugins allow for tracking of sites you go to in order to see if their purpose is applicable.
  • DNS – there are several free DNS providers. DNS servers are what your computer talks to when they need to visit a website. Several companies provide free DNS services whether it is for speed, security, or access management (i.e. for your children). When you request a website, the domain name needs to be translated into a series of numbers and dots (an IP Address) in order to find that website. Any requests made by your computer (not just websites you visit in a browser) will send these requests to DNS servers (though some requests will be cached so you will not have to make the same request within a small period of time).
  • Free Internet (i.e. free wi-fi at a cafe) – all requests to websites are tracked as long as you are accessing it through these Internet services.
  • Access Points – an access point can be a router or similar device that exists at your house or that you can carry with you when you travel. These devices can track every request you make through these devices.
  • Employers / Schools / Businesses – when you use someone else’s Internet, you open yourself up to being tracked. Often, by accepting terms when you log in to a network or by signing a contract when you attend a school or work at a company, you are explicitly agreeing to being tracked. Often, this is done for security reasons and to make sure users aren’t abusing the network. However, you can assume all of your website visits are being tracked utilizing this method.
  • Social Media or other large networks – we stated earlier that Ad Networks are tracking you across sites by running a little bit of code on a large network of websites. However, they aren’t the only ones. Other services also do this. The next time you are on a site and see a button to share it on a social network, that bit of code that shows that button is probably tracking your browsing habits as you go from site to site that has these buttons. However, social networks could potentially take it a step further than ad networks. Usually, an ad network may look at you as a faceless user with some unique cookie (though there are services that attempt to take that unique cookie and translate it into a real-life person with home address, phone number, email, etc). However, some social networks will it is specifically you that is browsing across those sites (sometimes, even if you are logged out).
  • Downloaded Software – be careful as some of the software you utilize might be tracking your every move, including Adware, spyware, and malware. These can go beyond simply tracking your sites and might even be tracking other habits!

There are many ways that users try to avoid being tracked including deleting cookies, using browsers that route you through anonymous networks, utilizing trusted VPN services, logging out of services you are not currently using, utilizing spyware and virus scanners, etc.