You Are Being Tracked — Here's How
Every time you visit a website, multiple parties are working to identify and track you. Understanding the specific methods they use is the first step toward meaningfully reducing your exposure. The tracking landscape has evolved well beyond simple cookies, and many newer techniques are harder to block.
1. Cookies
Cookies are small text files stored in your browser by websites. They come in two flavors:
- First-party cookies: Set by the website you're actually visiting. Often necessary for functionality like keeping you logged in.
- Third-party cookies: Set by advertisers and analytics companies whose code is embedded on the page. These track you across many different websites, building a behavioral profile.
Major browsers have been phasing out third-party cookies, but many advertising companies have already shifted to alternative tracking methods.
2. Browser Fingerprinting
Fingerprinting is one of the most sophisticated tracking techniques and is very difficult to block. When you visit a website, your browser reveals information like:
- Your operating system and browser version
- Installed fonts and plugins
- Screen resolution and color depth
- Time zone and language settings
- Graphics card details (via WebGL)
- Audio processing characteristics
Combined, these attributes create a "fingerprint" that is often unique enough to identify you — even if you clear cookies or use incognito mode. You can test your own fingerprint at coveryourtracks.eff.org.
3. Pixel Tracking
Tracking pixels (also called web beacons) are tiny, invisible images embedded in web pages and emails. When your browser or email client loads the image, the server logs your IP address, the time you loaded it, what device you used, and sometimes your location. Email marketers use pixels to know exactly when (and on what device) you opened a message.
4. Local Storage and IndexedDB
Beyond traditional cookies, browsers offer storage mechanisms like Local Storage and IndexedDB that websites can use to store tracking identifiers. These aren't cleared by the same browser settings that clear cookies, making them useful for "supercookies" — persistent identifiers that survive cookie deletion.
5. CNAME Cloaking
A more advanced technique used by some first-party analytics providers: they use a subdomain of your website (like analytics.yoursite.com) that actually points to a third-party tracker. Because it appears to be a first-party resource, many ad blockers and browser protections won't catch it.
6. Cross-Site Tracking via Login Buttons
"Sign in with Google/Facebook" buttons aren't just convenient — they allow those platforms to know which sites you're visiting and when. Even if you don't click the button, simply loading the page tells the platform's servers that your IP address visited it.
What You Can Do About It
| Tracking Method | Effective Countermeasures |
|---|---|
| Third-party cookies | Enable "block third-party cookies" in browser settings |
| Browser fingerprinting | Use Brave or Firefox with privacy hardening; Tor Browser |
| Tracking pixels (email) | Disable automatic image loading in your email client |
| Local Storage trackers | Use browser extensions like uBlock Origin; clear site data regularly |
| Social login tracking | Avoid social login buttons; use dedicated accounts per service |
The Takeaway
No single tool eliminates all tracking, but layering a few good habits — a privacy-focused browser, a solid content blocker, and sensible browsing habits — dramatically reduces your exposure. The goal isn't perfection; it's making tracking expensive enough that most advertisers simply move on to easier targets.