Web tracking

The uses of web tracking include the following:

• Advertising companies actively collect information about users and make profiles that are used to individualize advertisements. User activities include websites visited, watched videos, interactions on social networks, and online transactions. Websites like Netflix and YouTube collect information about what shows users watch, which helps them suggest more shows that they might like. Search engines like Google will keep a record of what users search for, which could help them suggest more relevant searches in the future.{{Cite web|url=https://edu.gcfglobal.org/en/internetsafety/understanding-browser-tracking/1/|title=Internet Safety: Understanding Browser Tracking|website=GCFGlobal.org|language=en|access-date=2019-12-13}}
• Law enforcement agencies may use web tracking to spy on individuals and solve crimes.{{Cite news|last=Valentino-DeVries|first=Jennifer|date=2019-04-13|title=Tracking Phones, Google Is a Dragnet for the Police (Published 2019)|language=en-US|work=The New York Times|url=https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html,%20https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html|access-date=2020-10-23|issn=0362-4331|archive-date=2022-10-30|archive-url=https://web.archive.org/web/20221030154139/https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html,%20https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html|url-status=dead}}
• Web analytics focuses more on the performance of a website as a whole. Web tracking will give insight on how a website is being used and see how long a user spends on a certain page. This can be used to see who may have the most interest in the content of the website.{{Cite book |last1=Kleinberg |first1=Samantha |author-link=Samantha Kleinberg |title=Proceedings of the 17th international conference on World Wide Web |last2=Mishra |first2=Bud |date=2008 |publisher=ACM Press |isbn=9781605580852 |location=New York, New York, USA |pages=1143–1144 |chapter=PSST |doi=10.1145/1367497.1367697 |s2cid=15179069}}
• Usability tests is the practice of testing how easy a design is to use. Users are observed as they complete tasks.{{Cite web|url=https://www.interaction-design.org/literature/topics/usability-testing|title=What is Usability Testing?|website=The Interaction Design Foundation|language=en|access-date=2019-12-13}} This would help identify usability problems with a website's design so they can be fixed for easier navigation.

Every device connected to the Internet is assigned a unique IP address, which is needed to enable devices to communicate with each other. With appropriate software on the host website, the IP address of visitors to the site can be logged and can also be used to determine the visitor's geographical location.{{Cite web |url=https://computer.howstuffworks.com/internet/basics/what-is-an-ip-address.htm |title=What is an IP address?|date=2001-01-12|website=HowStuffWorks|language=en|access-date=2019-12-13}}{{Cite web|url=https://privacy.net/stop-cookies-tracking/ |title=How cookies track you around the web & how to stop them|date=2018-02-24| website=Privacy.net|language=en|access-date=2019-12-13}} Logging the IP address can, for example, monitor if a person voted more than once, as well as their viewing pattern. Knowing the visitor's location indicates, besides other things, the country. This may, for example, result in prices being quoted in the local currency, the price or the range of goods that are available, special conditions applying and in some cases requests from or responses to a certain country being blocked entirely. Internet users may circumvent censorship and geo-blocking and protect personal identity and location to stay anonymous on the internet using a VPN connection.

A HTTP cookie is code and information embedded onto a user's device by a website when the user visits the website.{{Cite journal |last1=Kobusińska |first1=Anna |last2=Pawluczuk |first2=Kamil |last3=Brzeziński |first3=Jerzy |date=2018 |title=Big Data fingerprinting information analytics for sustainability |url=https://linkinghub.elsevier.com/retrieve/pii/S0167739X17329965 |journal=Future Generation Computer Systems |language=en |volume=86 |pages=1321–1337 |doi=10.1016/j.future.2017.12.061|s2cid=49646910 |url-access=subscription }} The website might then retrieve the information on the cookie on subsequent visits to the website by the user. Cookies can be used to customise the user's browsing experience and to deliver targeted ads.{{Cite journal |last=Martin |first=Kirsten |date=2015-12-22 |title=Data aggregators, consumer data, and responsibility online: Who is tracking consumers online and should they stop? |journal=The Information Society |volume=32 |issue=1 |pages=51–63 |doi=10.1080/01972243.2015.1107166 |s2cid=205509140 |issn=0197-2243 }} Some browsing activities that cookies can store are:

• pages and content a user browsed,
• what a user searched online,
• when a user clicked on an online advertisement,
• what time a user visited a site.

A first-party cookie is created by the website the user is visiting. These cookies are considered "good" since they help the user rather than spy on them. The main goal of first-party cookies is to recognize the user and their preferences so that their desired settings can be applied.{{Cite web|title=What are first-party cookies?|url=https://www.ionos.com/digitalguide/hosting/technical-matters/what-are-first-party-cookies/|access-date=2022-01-13|website=IONOS Digitalguide|language=en}}

A third-party cookie is created by websites other than the one a user visits. They insert additional tracking code that can record a user's online activity. On-site analytics refers to data collection on the current site. It is used to measure many aspects of user interactions, including the number of times a user visits.{{Citation |last1=Loshin |first1=David |title=Chapter 4. Customer Lifetime and Value Analytics |date=2013-01-01 |url=http://www.sciencedirect.com/science/article/pii/B9780124105430000044 |work=Using Information to Develop a Culture of Customer Centricity |pages=23–31 |editor-last=Loshin |editor-first=David |publisher=Morgan Kaufmann |isbn=9780124105430 |access-date=2019-11-11 |last2=Reifer |first2=Abie |editor2-last=Reifer |editor2-first=Abie}}.

Restrictions on third-party cookies introduced by web browsers are bypassed by some tracking companies using a technique called CNAME cloaking, where a third-party tracking service is assigned a DNS record in the first-party origin domain (usually CNAME) so that it's masqueraded as first-party even though it's a separate entity in legal and organizational terms. This technique is blocked by some browsers and ad blockers using block lists of known trackers.{{Cite web |date=2021-02-27 |title=Online Trackers Are Now Shifting To New Invasive CNAME Cloaking Technique |url=http://thehackreport.com/online-trackers-are-now-shifting-to-new-invasive-cname-cloaking-technique/ |access-date=2021-04-14 |website=The Hack Report |language=en-US}}{{cite arXiv |last1=Dimova |first1=Yana |last2=Acar |first2=Gunes |last3=Olejnik |first3=Lukasz |last4=Joosen |first4=Wouter |last5=Van Goethem |first5=Tom |date=2021-02-23 |title=The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion |class=cs.CR |eprint=2102.09301}}

{{excerpt|HTTP ETag|Tracking using ETags}}

• Canvas fingerprinting allows websites to identify and track users using HTML5 canvas elements instead of using a browser cookie.{{Cite web|url=https://www.andreafortuna.org/2017/11/06/what-is-canvas-fingerprinting-and-how-the-companies-use-it-to-track-you-online/|title=What is Canvas Fingerprinting and how the companies use it to track you online {{!}} So Long, and Thanks for All the Fish|last=Andrea Fortuna|date=2017-11-06|language=en-US|access-date=2019-12-13}}
• Cross-device tracking are used by advertisers to help identify which channels are most successful in helping convert browsers into buyers.{{Cite web|url=https://www.bigcommerce.com/ecommerce-answers/what-cross-device-tracking/|title=What is cross-device tracking?|last=BigCommerce|date=2019-12-12|website=BigCommerce|language=en|access-date=2019-12-13}}
• Click-through rate is used by advertisers to measure the number of clicks they receive on their ads per number of impressions.
• Mouse tracking collects the user's mouse cursor positions on the computer.
• Browser fingerprinting relies on your browser and is a way of identifying users every time they go online and track your activity. Through fingerprinting, websites can determine the user's operating system, language, time zone, and browser version without your permission.{{Cite web|url=http://koofr.eu/blog/posts/what-is-online-tracking-and-how-do-websites-track-you|title=What is online tracking and how do websites track you?|website=Koofr blog|language=en|access-date=2019-12-13}}
• Supercookies or "evercookies" can not only be used to track users across the web, but they are also hard to detect and difficult to remove since they are stored in a different place than the standard cookies.{{Cite web|url=https://www.trendmicro.com/vinfo/us/security/definition/cookies|title=Cookies - Definition - Trend Micro USA|website=www.trendmicro.com|access-date=2019-12-13}}
• Session replay scripts allows the ability to replay a visitor's journey on a web site or within a mobile application or web application.{{Citation|title=Session replay|date=2019-10-15|url=https://en.wikipedia.org/w/index.php?title=Session_replay&oldid=921328991|work=Wikipedia|language=en|access-date=2019-12-13}}{{Cite web|title=FullStory {{!}} Build a More Perfect Digital Experience {{!}} FullStory|url=https://www.fullstory.com/resources/the-definitive-guide-to-session-replay|access-date=2021-04-05|website=www.fullstory.com|language=en}}
• "Redirect tracking" is the use of redirect pages to track users across websites.{{Cite web |title=Redirect tracking protection - Privacy, permissions, and information security {{!}} MDN |url=https://developer.mozilla.org/en-US/docs/Web/Privacy/Redirect_tracking_protection |access-date=2022-06-29 |website=developer.mozilla.org |language=en-US}}
• Web beacons are commonly used to report that an individual who received an email has read it.
• Favicons can be used to track users since they persist across browsing sessions.{{Cite web|last=Goodin|first=Dan|date=2021-02-19|title=New browser-tracking hack works even when you flush caches or go incognito|url=https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/|access-date=2021-02-21|website=Ars Technica|language=en-us}}
• Federated Learning of Cohorts (FLoC), trialed in Google Chrome in 2021, which intends to replace existing behavioral tracking which relies on tracking individual user actions and aggregating them on the server side with web browser declaring their membership in a behavioral cohort.{{Cite web |title=Federated Learning Component |url=https://source.chromium.org/chromium/chromium/src/+/main:components/federated_learning/;drc=3d7d70920a92c08f6a16597f9f44bb28ac98d9a4/ |access-date=2023-02-27|website=source.chromium.org}} EFF has criticized FLoC as retaining the fundamental paradigm of surveillance economy, where "each user's behavior follows them from site to site as a label, inscrutable at a glance but rich with meaning to those in the know".{{Cite web|last=Cyphers|first=Bennett|date=2021-03-03|title=Google's FLoC Is a Terrible Idea|url=https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea|access-date=2021-03-05|website=Electronic Frontier Foundation|language=en}}
• "UID smuggling" (method of tracking users on the Internet that allows user identifiers (UIDs) to be synchronized across different sites) was found to be prevalent and largely not mitigated by latest protection tools – such as Firefox's tracking protection and uBlock Origin – by a 2022 study, which also contributed to countermeasures.{{cite news |last1=Patringenaru |first1=Ioana |title=New web tracking technique is bypassing privacy protections |url=https://techxplore.com/news/2022-12-web-tracking-technique-bypassing-privacy.html |access-date=18 January 2023 |work=University of California-San Diego via techxplore.com |language=en}}{{cite book |last1=Randall |first1=Audrey |last2=Snyder |first2=Peter |last3=Ukani |first3=Alisha |last4=Snoeren |first4=Alex C. |last5=Voelker |first5=Geoffrey M. |last6=Savage |first6=Stefan |last7=Schulman |first7=Aaron |title=Proceedings of the 22nd ACM Internet Measurement Conference |chapter=Measuring UID smuggling in the wild |date=25 October 2022 |pages=230–243 |doi=10.1145/3517745.3561415 |publisher=Association for Computing Machinery|isbn=9781450392594 |s2cid=250494286 }}

Web browsing is linked to a user's personal information. Location, interests, purchases, and more can be revealed just by what page a user visits. This allows them to draw conclusions about a user, and analyze patterns of activity.{{Cite book|last1=Mayer|first1=J. R.|last2=Mitchell|first2=J. C.|title=2012 IEEE Symposium on Security and Privacy |chapter=Third-Party Web Tracking: Policy and Technology |date=May 2012|pages=413–427|doi=10.1109/SP.2012.47|isbn=978-1-4673-1244-8|citeseerx=10.1.1.388.5781|s2cid=14652884}} Use of web tracking can be controversial when applied in the context of a private individual; and to varying degrees is subject to legislation such as the EU's eCommerce Directive and the UK's Data Protection Act. When it is done without the knowledge of a user, it may be considered a breach of browser security.

In a business-to-business context, understanding a visitor's behavior in order to identify buying intentions is seen by many commercial organizations as an effective way to target marketing activities.{{cite web |url=http://www.prospectvision.net/articles/full/Website-visitor-tracking-going-too-far.asp |title=Website visitor tracking going too far? |publisher=Prospectvision.net |access-date=2012-08-03 |archive-date=2012-07-19 |archive-url=https://web.archive.org/web/20120719043707/http://www.prospectvision.net/articles/full/Website-visitor-tracking-going-too-far.asp |url-status=dead }} Visiting companies can be approached, both online and offline, with marketing and sales propositions which are relevant to their current requirements. From the point of view of a sales organization, engaging with a potential customer when they are actively looking to buy can produce savings in otherwise wasted marketing funds.

The most advanced protection tools are or include Firefox's tracking protection and the browser add-ons uBlock Origin and Privacy Badger.{{cite news |last1=Wallen |first1=Jack |title=How to use Ublock Origin and Privacy Badger to prevent browser tracking in Firefox |url=https://www.techrepublic.com/article/how-to-use-ublock-origin-and-privacy-badger-to-prevent-browser-tracking-in-firefox/ |access-date=3 February 2023 |work=TechRepublic |date=24 October 2018}}

Moreover, they may include the browser add-on NoScript, the use of an alternative search engine like DuckDuckGo and the use of a VPN. However, VPNs cost money and as of 2023 NoScript may "make general web browsing a pain".{{cite news |title=Our Favorite Ad Blockers and Browser Extensions to Protect Privacy |url=https://www.nytimes.com/wirecutter/reviews/our-favorite-ad-blockers-and-browser-extensions-to-protect-privacy/ |access-date=3 February 2023 |work=The New York Times |date=10 January 2023}}

;On mobile

On mobile, the most advanced method may be the use of the mobile browser Firefox Focus, which mitigates web tracking on mobile to a large extent, including Total Cookie Protection and similar to the private mode in the conventional Firefox browser.{{cite news |title=Mozilla unveils Total Cookie Protection for Firefox Focus on Android |url=https://www.zdnet.com/article/mozilla-unveils-total-cookie-protection-for-firefox-focus-on-android/ |access-date=3 February 2023 |work=ZDNET |language=en}}{{cite news |last1=Chen |first1=Brian X. |title=If You Care About Privacy, It's Time to Try a New Web Browser |url=https://www.nytimes.com/2021/03/31/technology/personaltech/online-privacy-private-browsers.html |access-date=3 February 2023 |work=The New York Times |date=31 March 2021}}{{cite news |title=Firefox enables its anti-tracking feature by default |url=https://www.engadget.com/firefox-enables-anti-tracking-feature-by-default-130033590.html |access-date=3 February 2023 |work=Engadget}}

;Opt-out requests

Users can also control third-party web tracking to some extent by other means. Opt-out cookies let users block websites from installing future cookies. Websites may be blocked from installing third-party advertisers or cookies on a browser, which will prevent tracking on the user's page.{{Cite web|url=https://www.allaboutcookies.org/manage-cookies/opt-out-cookies.html|title=What is an Opt Out Cookie? - All about Cookies |website=www.allaboutcookies.org|date=27 September 2018 |access-date=2019-11-11}} Do Not Track is a web browser setting that can request a web application to disable the tracking of a user. Enabling this feature will send a request to the website users are on to voluntarily disable their cross-site user tracking.

;Privacy mode

Contrary to popular belief, browser privacy mode does not prevent (all) tracking attempts because it usually only blocks the storage of information on the visitor site (cookies). It does not help, however, against the various fingerprinting methods. Such fingerprints can be de-anonymized.{{Cite news|title=Think you're anonymous online? A third of popular websites are 'fingerprinting' you|url=https://www.washingtonpost.com/technology/2019/10/31/think-youre-anonymous-online-third-popular-websites-are-fingerprinting-you/|newspaper=Washington Post}} When using a privacy mode, one may not stay logged into a website, and preferences may be lost, because the cookies storing those preferences are deleted by the browser automatically.

;Browsers

Some web browsers use "tracking protection" or "tracking prevention" features to block web trackers.{{cite web|title=Firefox 42.0 release notes|url=https://www.mozilla.org/en-US/firefox/42.0/releasenotes/}} The teams behind the NoScript and uBlock add-ons have assisted with developing Firefox's SmartBlock capabilities.{{cite news |last1=Katz |first1=Sarah |title=Firefox 87 reveals SmartBlock for private browsing |url=https://techxplore.com/news/2021-03-firefox-reveals-smartblock-private-browsing.html |access-date=3 February 2023 |work=techxplore.com |language=en}}

Search Engines

To safeguard user data from tracking by search engines, various privacy focused search engines have been developed as viable alternatives. Examples of such search engines include DuckDuckGo, MetaGer, and Swiscows, which prioritize preventing the storage and tracking of user activity. It's worth noting that while these alternatives offer enhanced privacy, some may not guarantee complete anonymity, and a few might be less user-friendly compared to mainstream search engines such as Google and Microsoft Bing.{{Cite journal |last1=Abdulaziz Saad Bubukayr |first1=Maryam |last2=Frikha |first2=Mounir |date=2022 |title=Web Tracking Domain and Possible Privacy Defending Tools: A Literature Review |journal=Journal of Cybersecurity |volume=4 |issue=2 |pages=79–94 |doi=10.32604/jcs.2022.029020 |issn=2579-0064|doi-access=free }}

• Behavioral analytics provides insight into the actions of people when they are online, usually when they purchase products online.
• Consumer Data Industry Association
• Employee monitoring is the use of workplace surveillance to gather information on the activities and locations of employees.
• Gemini space and Gopher as alternatives serving mostly textual content without tracking
• Google Chrome#User tracking concerns
• GPS tracking can track the location of an entity or object remotely
• Internet privacy is the level of privacy an individual has while they are connected to the internet {{Cite web|url=https://www.winston.com/en/legal-glossary/online-privacy.html|title=What is the Definition of Online Privacy? {{!}} Winston & Strawn Legal Glossary|website=Winston & Strawn|language=en|access-date=2019-12-13}}
• Information privacy
• Network surveillance
• Track and trace is used to track a product's status and monitor their location when transported
• Web analytics is the reporting and analysis of website data to improve the user's experience {{Cite web|url=https://www.usability.gov/what-and-why/web-analytics.html|title=Web Analytics Basics|date=2013-10-08|website=www.usability.gov|language=en-us|access-date=2019-12-13}}
• Web beacon is an invisible graphic that is placed on a website to monitor the behavior of the user visiting.{{Cite web|url=https://www.webopedia.com/TERM/W/Web_beacon.html|title=What is Web Beacon? Webopedia Definition|last=Beal|first=Vangie|website=www.webopedia.com|date=22 January 2002|language=en|access-date=2019-12-13}}

{{Reflist}}

• {{cite web|url=https://webtap.princeton.edu/ |title=Princeton Web Transparency & Accountability Project (WebTap)|quote=We monitor websites and services to find out what user data companies collect, how they collect it, and what they do with it. With our measurement platform, we study privacy, security, and ethics of consumer data usage|access-date=2018-02-20}}
• {{cite web|url=https://github.com/citp/OpenWPM|title=OpenWPM – A privacy measurement framework|website=GitHub|access-date=2018-02-20}}

{{WebManTools}}

Category:Internet privacy

Category:Web analytics

Category:Tracking

Category:Mass surveillance

Category:Privacy