Website tracking is hardly surprising to anybody anymore.
Collecting user data and tracking your digital footprint is a completely legal, standard practice that nearly every website uses to profile each visitor.
Some of this information is used for marketing purposes, while the rest is stored indefinitely by the website – and the log is enriched with each subsequent user visit.
Some of this information is obvious and some less so, but at the end of this article you’ll be surprised at how much info any website you visit can collect about you.
1. Your IP Address
Stating the obvious here – every website you visit will record your IP address.
Unless you’re using a VPN, it will also know your ISP and your approximate geographical location.
2. Cookies!
A cookie is a text file which contains small amount of data generated by a website and saved by your web browser on your local machine.
Cookies are for your convenience, so that you do not have to fill in your details again when you log back in, want to buy something, leave another comment, etc.
When you change any setting on a website, a cookie can store that change and make it persistent for future browsing sessions.
(While we’re at it, take a quick look at my privacy policy for osintme.com)
Normal cookies aren’t all that bad, but third party cookies are a real privacy scourge.
A large proportion of websites relies on third-party advertising scripts, which are also a type of cookies. The privacy implications are that if two or more different websites use the same advertising scripts, your browsing history across all these sites can be linked and tracked.
3. Any activity while on the website
When you browse and interact with content hosted on somebody’s website, you should remember that any activity there is open to scrutiny and can be logged.
To illustrate this point, I recommend you visit https://clickclickclick.click and interact with it for a while.
In this case the monitoring is a bit of fun, but it will make you think outside the box about what you’re doing online.
4. Your browser user agent
A browser user agent is a string of plain text information identifying your browser and your operating system to a particular web server.
This is what it looks like:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
The web server hosting the website you visit can use this user agent to serve different web pages to different web browsers. For instance, if a website detects a mobile browsers, it will send the mobile version of itself to that browser.
In the background, the website will gather statistics related to the use of various browsers and operating systems, as well as how the users interact with a particular version of a website in their browser.
5. Your browser fingerprint
There are only so many browsers out there for millions of people to use…
However, browser are really very unique. The following browser characteristics are collected when you visit a website:
- your operating system,
- your screen resolution,
- your current time zone,
- your language settings,
- your browser version,
- your browser plug-ins and their versions,
- your installed fonts.
Sometimes the more effort you put into anonymising your browser, the more unique it becomes!
6. Your browsing metadata
Metadata is “data about other data”. It’s basically a number of characteristics that can describe any object (or activity) without directly revealing it.
So in the case of browsing, without revealing your identity, the websites can collect the following metadata about you:
- your queries / items you search for using a website search engine;
- the frequency of your returning visits to a website;
- what you click on;
- how much time you spend on a website;
- your scrolling speed and mouse movements;
- your comments;
- your interaction with other user-generated content present on the site.
“Everything we do in the digital realm—from surfing the web to sending an email to conducting a credit card transaction to, yes, making a phone call—creates a data trail. And if that trail exists, chances are someone is using it—or will be soon enough.”
– Douglas Rushkoff, “Throwing Rocks at the Google Bus.”
A couple of useful links:
https://ipleak.net – check what information will the websites collect; but more importantly, check for DNS leaks or other possible deficiencies.
http://webkay.robinlinus.com – what every browser knows about you…
http://whatsmyuseragent.org – information on your browser user agent string.
https://panopticlick.eff.org – find out how identifiable your browser is and what kind of a fingerprint it has.