There seem to be a lot of misconceptions about how online tracking actually works or just how rife and insidious it is. While schemes like running ones computer on a ram disc or inside a virtual machine might wipe the slate clean when you reboot your computer, this does little or nothing to prevent you from being tracked while you are online. This is especially true if you use services such as Yahoo, Facebook, Photobucket, MySpace, eBay and Google products of any kind but it is widespread pretty much wherever you go online. Obviously, if you log on to any of these sites you are being tracked but logging off doesn't necessarily help you. Even dumping your cookies every time you go from site to site may not help and most people wouldn't go to this amount of trouble anyway.
The problem is that the whole business of tracking is cumulative. You are a profile! So even if you manage to dodge tracking periodically, as soon as an ad network or market research or behavioral tracking company figures out it is you then you are being tracked again from where they left off. The trackers are sending data about you to multiple companies and data bases simultaneously. You don't even have to be logged onto a site for it to happen. The schemes and technologies being deployed for tracking purposes are increasing in complexity and number at an astonishing rate.
Individual browser fingerprinting, as previously mentioned is only one example of a technology that makes disposing of cookies fruitless. And cookies are only a part of it. Much of it happens in real time. Third-party trackers using beacon technology can match the data they collect about you in real time with other databases containing geolocation, financial, medical and other information in order to expand your profile to predict your age, gender, zip code, income, marital status, parenthood, home ownership, as well as unique interests, purchasing history and ultimately to connect this data to your actual identity. If you visit other websites that work with the same ad networks that control the trackers you picked up on say, Dictionary.com, the original tracking file will take note of the connections. As this continues, your profile will become more and more specific to your interests as well as enriched by any information you willingly share with the participating websites. So, if you're seeing more and more advertisements that seem oddly tailored to you, it's probably not a coincidence.
OK, let's say that I've completely cleared my computer of any cookies, super cookies, web beacons, trackers, history and cache files and go back online fresh as a baby. If I log onto Facebook, check my Gmail, do a Google search...whatever, as soon as a tracking technology discovers I'm back online it says, Hey, There's EZO! And from that point forward I am being tracked again from site to site, with every click, search, sometimes keystrokes, mouse hovers and so on and so forth being recorded to one of many profiles being created about me by numerous tracking and monitoring companies. While most of these outfits speak in vague terms about, "anonymous data in the aggregate", it becomes a trivial matter to identify you personally as these profiles are being built. They want to know who you are and everything about you. That's the whole point!
In some cases using
beacon technology (sometimes in concert with cookies),
your keystrokes are being logged as you type, believe it or not! A simple demonstration of this is when you type a search in Google or Bing and it starts predicting and feeding you possible search terms as you are still typing. In fact, it starts presenting you with search terms
instantaneously as soon as you type a single letter! Think about this! Do you think this technology isn't being used to monitor your keystrokes elsewhere without showing it to you in real time, or not making you aware that it is happening at all? Do you think only Google or Bing use this technique? Incidentally, at least on Google, instant key stroke logging keeps functioning even if you disable cookies, web bugs and beacons and practically everything else! (Edit: you can disable this kind of keystroke logging if you disable Javascript globally in your browser preferences but you would be giving up a lot of other web functionality.) (Edit #2: Apparently, NoScript will block keystroke logging on Bing but not on Google.)
Of course, Google and Yahoo scan and "read" your personal email. You know that don't you? This is in part how they decide what ads to serve up to you. Do you really believe they ignore who you are and only go by the general content of your message? They not only scan your email and know your name and email address because you are a registered member but they are scanning, recording and analyzing the data along with names and email addresses from messages from people you correspond with who are not signed up with Gmail, or Yahoo Mail who may not wish to have their messages scanned and have their names and email addresses recorded into a database. At least it could be said that you agreed to the Terms of Service (TOS) when you signed up for your account but the people you correspond with certainly didn't. You should also be aware that messages sent or received via Gmail type systems contain beacons (web bugs) with unique identifiers that report back that you've opened the message, the date and time you've read it and other details, like if you've forwarded the message and your IP address. Every subsequent time the email message is displayed can also send information back to the sender.
Did you know that if you go to Dictionary.com to look up a word, the site instantly places 234 trackers on your computer? It's true! The top 50 websites in the United States install an average of 64 individual trackers to visitor computers with little to no disclosure. Some websites among the top 50 exceed 100 trackers. The Wall Street Journal published an important series of articles called
"What They Know" that would be well worth taking a look at. The WSJ also published a worthwhile blog posting on the same subject with an interactive graphic showing how tracking works and how pervasive it is. I would encourage anyone reading this post who is concerned about this issue to take a look and spend some time with the interactive graphic. This is where I learned how many trackers Dictionary.com places on peoples computers. You will find it
HERE. Ironically, this very page at the Wall Street Journal is full of trackers itself but to their journalistic credit, they at least put themselves on the list. (60 trackers)
There are two basic types of trackers, "first-party" trackers, which transfer benign text files to users' computers in order to enable websites to remember user information, such as items they've placed in their shopping cart or field data for forms that have already been filled out. This is how you stay logged into CPF, for example. Then there are "third-party" trackers, which also transfer files to users' computers but these are in order to gather data about much more than just their session on the tracker's site of origin. While first-party trackers are useful to users of individual websites and limited in scope to very particular data, third-party trackers, unlimited in reach, are pushing the boundaries of privacy and ethics online. While the word installation may connote visible, mechanical processes that slow things down or conjure images of slow progress bars in your mind, the actual process of placing trackers on to visitor computers is much faster, nearly instantaneous in fact, and for most users, completely invisible. The fact that it goes unnoticed by the majority of web users and that most people have only a vague sense that something so pervasive and intrusive is happening is what makes it so effective and insidious. The technology is highly complex, especially on the server side and is often proprietary so that it is difficult for even professional observers to understand how it functions.
For the time being, the only defense available is to
attempt to prevent being tracked in the first place and this is where the tools mentioned previously in this thread are most valuable.