Tutorial: How to Prevent Cross-Site Tracking

People often underestimate the dangers of advertising and tracking on the web. While hardly anyone would tolerate going to a store to be followed constantly by strangers writing down what you buy and then sharing this data with third parties, this is the norm online. After all, you cant’ see what’s happening behind the scenes and which people can view and process your data. Data collection is a huge business and often goes far beyond a personalized ad in an online store.

Political stances, intimate interests or insolvency can be recorded in personal profiles through the use of trackers. In a worst case scenario, this can lead to discrimination in online payments, involuntary outing to friends and acquaintances, or the loss of sensitive information to hackers. If you value your privacy and want to protect it, you often have to take action yourself. In this post, we’ll explain how tracking works and what options you have to navigate the web anonymously.

How is personalized advertising generated?

Accessing online content almost always leaves a trace. The data collected often include IP address, browser type, operating system, device or keywords leading to the page and much more. Advertisers want to know who views their pages, for how long, and whether they match the user’s interests. Often trackers such as pixels or cookies, which provide the user with an online ID, are used for this purpose.

An online ID is a unique string of characters identifying you when you browse different websites. For example, if you searched for clothing on one site, it’s not unlikely that a selection of clothing will be recommended to you the next time you visit. Most of the time, it also remembers which gender and price range was selected. The result is thus personalized according to your search behaviour.

There are different types of personalized advertising:

  • Behavior: The user’s browsing behaviour is analyzed and logged. A record is made of which content is viewed and for how long. If the user looks at clothing, they will generally receive clothing adverts.
  • Content: The peculiarity of content targeting is that ads are only displayed on pages that offer the same content. If you have previously looked at smartphones, you will only get ads concerning smartphones on pages related to the topic.
  • Semantic: Semantic targeting is similar to content targeting. However, the scope here is increased to include items from the same medium. If you have searched for a smartphone in one online store, you’ll receive advertising for various electronics items on another page.
  • Social Media: Personalized advertising can also be displayed on social media channels. If a user has liked a website or article via the Facebook button, advertising about the manufacturer and its products can be displayed in his or her history.
  • Psychographic: Psychographic targeting goes a little deeper and works with personal profiles. User behavior is thoroughly analyzed, and interests are determined. If a user has previously looked for expensive men’s shirts, he will receive ads about shirts for men in a higher price range.
  • Retargeting: This is about winning back potential customers. If you have placed an item in your shopping cart but have not purchased it, you will see repeated advertisements for this item.

What are the problems and risks inherent in advertisers’ tracking?

At first glance, the risks from tracking appear small. After all, the ads only seem to have adapted to personal interests. However, the price of a personalized ad can be high. The tracker installed on one website is often on thousands of other sites. The browsing history can thus be exclusively tracked. If you have looked for a mew laptop in an online store and read articles about debt on another site with the same tracker, a personal profile can downgrade your purchasing power and possibly block certain payment options.

It gets even more unpleasant when your private interests are recorded, such as visits to dating sites or a certain political party. Because not only do you not know who can view a user profile, there is also the risk that this information is sold to third parties or stolen via security gap. As seen with Cambridge Analytica, we know that recorded political leanings can be used to influence election campaigns. Also, you should not forget that certain companies like Google or Facebook are subject to the Foreign Surveillance Act (FISA), which means that data collected by these companies may have to be made available to the American intelligence service.

Despite the repeal of the EU-US Privacy Shield by the European Court of Justice, masses of user data are still being transferred to the US and processed there, sometimes without legal justification. (Image: tanaonte / 123RF)

Despite the repeal of the EU-US Privacy Shield by the European Court of Justice, which made data transfers to the US insecure, many companies still use Google Analytics or the Facebook Pixel, often without legal grounds. This is because even though European data protection regulations are considered very strict, there is still great resistance from companies to comply with them. The interest in profit either through personalized advertising or the sale of user data usually outweighs the protection of the privacy of their customers.

Furthermore, you should keep in mind that hacked data such as IP addresses, browser types and operating systems are vulnerabilities that could give attackers access to your system. This is because a hack always starts with collecting data about the target. If an attacker is also in possession of information about your interests, it could be useful for him to create a phishing mail or a list to guess your passwords.   

How can you reduce your online footprint and prevent personalized ads and tracking?

To reduce your tracks online and prevent personalized advertising and tracking as much as possible, you should resort to a whole range of measures. These including using a VPN, disabling cookies and JavaScript in your browser, and disabling geolocation features if you are surging on a mobile device. There are also various browser add-ons that can help to better protect your privacy.

Below, we address each of the aforementioned points in more detail.

Use a VPN

To be able to brows anonymously, it is recommended to use a VPN. A VPN is a virtual private communication network. You can think of it as a tunnel that is placed over the connection to the server. Your local network connects to the server of a VPN provider. If you now want to call up a page on the Internet, the corresponding server does not see your own IP address, but that of the VPN. This hides information such as your browsing history or geographical location.

Moreover, it is an encrypted connection, which is especially useful when using public networks. A VPN thus protects you from spying by third parties and keeps your activities on the web secret from your Internet service provider (ISP). It is especially safe to use a VPN provider that does not create log files, as is the case with Shellfire.

Our VPN is currently available in both free and paid versions for the following operating systems:

Click here to download the Shellfire VPN for free!

Disable cookies in your browser

In general, a distinction is made between first-party and third-party cookies. In the case of the former, the sender is the specific website accessed. Third-parry cookies originate from business partners used on the site. Although cookies have an expiration date, this is often several years. To delete or disable cookies, you must select the appropriate option in your browser settings. In most cases, you can decide whether you want to delete cookies immediately or always when you close your browser. You can also choose to block third-party cookies altogether.

Some cookies that used to be exclusively marked as third party are now first-party cookies. This applies, for example, to Google Analytics or the Facebook cookies. The sender is now often the domain of the website operator. To prevent these from being storied on the device, cookies must be blocked in general.

The pages linked below explain how to disable cookies in the most popular browsers today:

Disable JavaScript

Another approach to increase security online is to disable JavaScript in the browser. This is possible in all common browsers. In Chrome, you can find it under “Settings/Advanced/Privacy” and “Security/Content Settings”. Under the item “JavaScript” you can set the slider to “Blocked”. In Firefox, on the other hand, the configuration editor must be called up via “about:config” in the address bar. If you then enter “javascript.enabled”, you can deactivate JavaScript by right-clicking on the line that appears. In Internet Explorer/Microsoft Edge, you have the settings under “Internet Options”. Then, select “Security/Customize Level/Security Settings-Internet Zone” and disable “Active Scripting” and “Scripting of Java applets” under “Scripting”.

If JavaScript is disabled, the advertiser can no longer access cookies or store them on the device. Security is greatly increased because hackers often use cross-site scripting attacks (XSS). In these cases, malicious code is inserted on the apparently trustworthy website and executed by the JavaScript interpreter of the user’s browser client. The hacker’s goal is often to obtain technical information or to install malware. However, if you block the execution of JavaScript, such attacks become ineffective.

For mobile users: Disable geolocation features

Location data is very sensitive information that should not fall into the wrong hands. It can be used to create extensive behavioral patterns that provide information about frequently visited locations, the place of residence and vacation stays. To prevent websites from detecting your location, you should turn off the geolocation features in your browser and the GPS on your smartphone. In most browsers, you can find this in the settings under privacy and data protection. On Android, you can disable GPS tracking under “Settings” and “Location”. The equivalent on iPad and iPhone is “Location Services” under “Settings” and “Privacy”.

Use browser add-ons

Add-ons are very useful to protect yourself from tracking on the Internet. NoScript on Firefox or ScriptSafe on Chrome, for example, have the same function as disabling JavaScript in the browser settings. However, according to the user-defined rules, it is possible to set JavaScript to not be disabled in general. Ad blockers like Ghostery or Ublock block common tracking technologies of advertisers, so you can protect your privacy specificallyt.

What are the disadvantages of the above-mentioned measures?

Unfortunately, not all website operators are enthusiastic about Internet privacy measures, and the user experience when surfing the web can be severely limited at times. Streaming services like Netflix, for example, use VPN blockers, so you sometimes have to turn off your VPN client in order to use such services. The same applies to disabling cookies and JavaScript. Many websites only work through the use of first party cookies and JavaScript.

Thus, the page may appear incorrectly or be unusable. Some websites also detect adblockers in the browser and deny use of the page while the add-on remains active. However, this only applies to some websites. Likewise, the location detection is unnecessary for most websites, and the IP address and geolocation features can often remain hidden without any consequences.

Conclusion

When accessing websites, extensive user data is usually collected. This often involves much more than displaying personalized advertising. Data is worth a lot and is therefore readily sold to third parties or stolen. In principle, those who know a lot can better influence you, but unfortunately, also manipulate you. There are a handful of options you can use to protect yourself from tracking and data theft, such as using a VPN, blocking cookies, JavaScript and geolocation features, and using browser extensions.

Although there are strict data protection regulations and the requirement for many trackers to obtain user consent, this is often ignored. It is therefore often up to the user to take precautions to protect their own privacy. Unfortunately, this sometimes leads to certain websites only working to a limited extent. A VPN is generally recommended to achieve the highest anonymity online, since it stores not the IP address of the user, but rather that of the VPN server. Advertisers and hackers cannot do much with that.

Featured image: solarseven / 123RF

No ratings yet.

How did you like this post?