What Should You Know About Web Trackers?
Web trackers have become a very common part of any Internet experience: all online user activity is being tracked by various means. How does it happen, what data you leave when you log in to a social network or make a Google search — and what impact can it have on you?
To answer all these questions, we asked Sergey Ivanov, a developer at AdTech Holding, to share the most important information about trackers and Internet privacy.
How Are You Tracked on the Internet?
There are two very similar but still different terms related to monitoring and recording your Internet activity: tracking and logging.
To explain tracking, let’s give an example first. Imagine you are going to your favorite cafe, ordering a cup of coffee, waiting until it’s ready, and enjoying your drink. Meanwhile, some stranger was standing right in the corner of the cafe and making notes: when you came in, what did you order, if you enjoyed your coffee or not, if you left tips to a waiter. And you might not have even noticed this stranger.
A tracker’s workflow is very similar to this. While it is a bit creepy when someone is watching you in a cafe, being watched by a tracker is absolutely legal as long as companies make sure to meet all the relevant data privacy requirements
In a nutshell, a web tracker is a mechanism that allows websites to collect particular user data and send it to a remote server for further analysis.
— What is the difference between tracking and logging?
Both are about recording particular events at a particular time, and both can be done for the same object. However, tracking is about the constant monitoring of a certain target.
And another real-life example to make it clear. You decided to do a check-up and made an appointment with a doctor. During your visit, the doctor checked your heart, measured your blood pressure, and gave you some referrals for additional tests. Later, you came back to the doctor with the test results, and he recorded them in his journal. Once your diagnosis is clear, your doctor recommends you install a special app where you will keep daily records of your current condition.
In this example, logging is your appointment, and tracking is the health records you make in an app.
Getting back to Internet terms, logging first focuses on recording events, while tracking’s main aim is to record the activity of a particular user.
Tracking Basics: Tracker Types, Mechanisms, Users
Types of Trackers
Basically, there are two types of trackers: first-party and third-party trackers. What’s the difference?
First-party trackers are created and hosted by website owners and use tracking mechanics the owners exactly require. Some trackers like these are utilized to store user data on a website or user session management for a better experience.
Third-party trackers are universal: they are embedded in multiple websites and are located on external servers. This is exactly what is used for contextual advertising: when you google some keywords and start seeing related ads at other sources later.
The main difference is that first-party trackers enable following a user path at a particular website. Third-party trackers are used for collecting data about a user journey throughout the whole net — if all the visited websites have the same tracker.
Note: you can also create a visualization of websites connected by trackers with the Lightbeam Firefox add-on.
How Does Tracking Work?
There are plenty of ways how to create and set up a tracker. However, all of them are resolved into defining and fixing a user, e.g., giving a user a particular mark and then actively redirecting them to a remote server.
It’s hard to determine precise types of tracker mechanics, as a tracker of a particular type can also use some elements of another type.
According to Sergey, you can generally separate all trackers into two big groups:
- User tracking methods:
- Browser storages
- User sessions and more
- Event tracking methods:
- HTTP requests level
Depending on a combination of one or another method, you can develop your own tracking mechanism, for example:
- Use HTTP Cookies and track user moving from page to page
- Use HTTP only, like in tracking pixels that only focus on the fact of page opening
Tip from Sergey Ivanov: you can read more about tracking mechanics and user protection in this research: Web Tracking: Mechanisms, Implications, and Defenses
Who Uses Trackers?
Now, it’s time to speak about who profits from trackers and why they are so widely used.
Overall, there are several evident groups of users:
- Ad services. Here, tracking is essential for collecting data about ad views and conversions. This data gives an idea of how to boost effectiveness and thus raise the costs of advertising campaigns.
- Analytics services. Such trackers collect information about the number of people visiting a website, sources there came from, etc. Why is this data important? For example, a website owner can focus on improving mobile UX if he finds out that the majority of visitors come from a mobile device.
- eCommerce. Marketplace and online shop owners track user behavior: collect information about clicks and conversions, visit duration and bounce rates, completed purchases, etc.
- Social networks. Tracking becomes much easier when it comes to social traffic: there is no need to mark users, as everyone is logged into their own account. So, once a user creates an account, their path becomes easily tracked.
Besides, there are some minor user groups: for example, tracking and privacy technology researchers, or data brokers, collecting data for reselling it. Unlike the groups mentioned above, these categories are not so publicly visible.
Tracking Issues: Is It Dangerous for Users?
Thus, the advantages of tracking are obvious for commercial organizations. But is it safe for users?
The problem is, there is no precise answer to this question: you can only know a tracker is not dangerous if you find out what your data is used for.
However, let’s try to highlight the most typical problems a user might face with trackers.
Although the list of common tracker users looks harmless enough, there might be platforms that collect your data for some less evident benefits. One of the tracking problems is the lack of control over the data received by a tracker. In simple words, a tracker is a tool for getting information about you — and you might not know for sure what will happen to this information later.
Another issue is privacy. Have you noticed that when you enter some external network and start seeing new ads you have never come across? Most likely, these ads related to the other users of this network who were tracked before.
Robert G. Reeve, a content designer, shared a fascinating story in a Twitter thread related to this topic.
Manipulation based on collected data. The bigger trace you leave on the Internet, the more accurate is your data profile — all information collected about you by various trackers. It helps websites to show you relevant search results, ads, offers, and more.
It doesn’t always mean you will see content related to your interests. A made-up example to explain it in lay terms will look like this: you love cats, and regularly create cats-related search requests. After some time, you start seeing ads about dogs. It means that some cat competitors pushed their ads to you, pursuing the aim of changing your views.
In reality, such manipulation is very common for presidential election campaigns.
How to Protect Your Data?
As you see, there is a chance that trackers can abuse your data if you leave a huge trace and do a lot to help create your data profile. However, this has become only a user concern lately.
Many countries now have specific data-protection laws to define which data can be collected, the reasons for doing so, as well as how long this information can be stored. Such laws specify new requirements for data collection and processing, and here are the main principles:
- There are six legal bases for collecting user data: user consent, the performance of a contract, legitimate interest, vital interest, legal requirement, and public interest.
- Every data subject (a user whose data is collected) must have access to their personal data and have transparent information about how it will be used
- A user has the right to request their data erasure
- All information about data collection must be provided to a user in a clear and transparent manner.
- Certain types of data cannot be shared without a user’s consent
In a nutshell, this regulation allows the user to take better control of their data — so it’s essential to read all consents, including the points written with small print. In other words, you should use the right to manage what every website will know about you.
Besides, security certificates can also make a user more certain about a platform they share their data with. Issued by independent organizations, such certificates prove the website complies with the privacy, security, and safe user experience requirements.
The main certificates you should look for at a platform are ISO 27001 and ISAE 3000. We have a special article dedicated to this type of certification and what it means for AdTech Holding customers.
The latest step towards user privacy was made by Google, having announced the refusal of third-party cookies — the technology that was exactly responsible for the biggest share of data tracking.
From 2023, trackers will not get any information about users with the help of third-party cookies, e.g., those not owned by a particular website. In simple words, with third-party cookies, tracking was available across domains so that any platform could collect data users left at other websites.
The main aim of this cookieless approach is to make the overall tracking technology less intrusive and more sustainable for users.
As a big player in the industry, AdTech Holding always follows the principles of Internet safety and doesn’t use any ‘grey’ methods to collect and use private data. Overall, current AdTech trends show a responsible and user-friendly approach toward data protection — all in compliance with international regulations.
What is more, AdTech Holding and other modern AdTech and MarTech brands advocate for the novel principles of data collection and a cookieless future — and do their best to refuse to rely on web trackers and any methods that can bother user safety and privacy. With user security in mind, we are striving to deliver new technologies that don’t require intrusive tracking — and consider this as an opportunity, not an obstacle to our ad’s quality or overall performance.