When a user browses on the internet, everything might potentially be tracked:
Website tracking is when users’ digital activity on a website or journey between websites is being monitored or recorded. It's very common, but the transparency leaves room for improvement:
This is a primary reason why the EU has enforced a strict regulation for protecting the privacy of its citizens in the digital realm: the GDPR (the General Data Protection Regulation), enforced 25 May 2018.
The purpose is to restore the control over one’s own data to the users, by augmenting the transparency and insight into how one is being tracked, by whom, and for what purpose, along with the possibility to prevent it from happening.
There is no simple answer to this question, because tracking is many things. Amongst the most common reasons, are:
Websites track users directly and by means of integrated third party tools such as Google Analytics, mainly in order to gain insight into how their website is being used.
This enables the website’s owner to improve and optimize the functions, functionality and features of their website, so that it meets user requirements as closely as possible.
Webshops and ecommerce websites track users in order to maximize their turnover.
Simply put, the more insight a commercial website has into its customers’ actions, interests and needs, the better it can present its products to the specific user, the more it will sell.
Websites also allow for third party advertisers to track their users and display ads to them in order to get revenue from their website.
Especially news sites and other websites with editorial content have a large presence of third party website trackers. Many of these sites provide articles for free and lack an external funding. Therefore, they have to monetize pageviews with significantly more advertising than websites promoting commercial products or websites owned by governmental or public entities.
Advertisers track users so that they can target their marketing as precisely as possible and display their ads to the most relevant potential consumers.
The technology that allows companies to place ads on somebody else's website is called display advertising.
Typically, advertisers make use of large scale ad networks to help them market their products to their most relevant audience on the internet. The largest online advertising network is Google Adsense.
In January 2016, a study from Princeton University measured and analysed the online tracking on the top 1 million websites of the internet.
The key finding of the study was that third party trackers present on the internet takes the form of a classic long tail graph:
Even though the researchers all in all detected over 81,000 third party trackers that were present on at least two websites (thereby indicating that they are third party trackers), only a handful of those were present on the majority of the 1 million analysed websites.
The top five most common website tracking tools were all owned by Google.
Google Analytics, a product used to log visitors to websites that integrates with the company’s ad-targeting systems, was found on almost 70 percent of sites. DoubleClick, a dedicated ad-serving system from Google, was found on close to 50 percent of sites.
Illustration from the Princeton Study on Web Transparency
Other known online tracking technologies are pixel tags, ultrasound beacons, and browser fingerprinting, amongst others.
The cookie is a simple string of text that is loaded on users browsers when they visit a website. Its purpose is to enable the website to recognize and remember its users.
The cookie was invented back in 1994 by Lou Montulli and John Giannandrea at Netscape, and originally served to provide websites with a ‘memory’, so that they could, for example, hold items in a shopping cart while the user browsed for goods on the site.
While the cookie still serves this purpose, it can also monitor users and give a great deal of insight into user behaviour.
The cookie is widely used for profiling and targeted marketing, and most websites set a great deal of cookies of first and third party provenance alike.
However, there has been quite a bit of negative public attention to cookies, and many users choose to block cookies from their browsers.
Read our full introduction to internet cookies.
Tracking pixels, also called pixel tags or 1x1 pixels, are transparent images consisting of a single pixel, that are present (albeit virtually invisible) on a webpage or in an email.
When a user loads the webpage or opens the email, the pixel is also loaded, enabling the sender of the pixel, typically an ad server, to read and record that the webpage is loaded or the email is opened and similar user activities.
The purpose is much the same as for third party cookies: to get insight into users for targeted marketing.
Ultrasound beacons or ultrasonic beacons, sometimes abbreviated uBeacons, are high-pitched sounds that are emitted from the device in use, e.g. when you visit a website that has the beacon installed.
The sound is inaudible to humans, but your dog can hear it, and, more importantly, all the other devices in proximity to the one you were using, react to it.
Also called Ultrasonic cross-device tracking (uXDT), the uBeacon serves to bridge the gap between the digital world and the physical one.
One of the primary benefits of the ultrasound beacon is that it enables the sender to gain insight into what devices are connected with each other: your pc, mobile, tablet, etc. - Thereby solving the headache of marketers and other trackers alike, that users can move between devices.
More and more mobile apps silently track users by means of ultrasound beacons for other sophisticated purposes:
For example, some retail stores have ultrasound beacons installed at their entrance, that interact with your mobile phone when you go inside, enabling marketers to track and target consumers in the physical world as well as online.
So, if you for instance went to a brand store for, say, sneakers, that had an uBeacon emitter installed at their entrance, this particular brand of sneakers now knows that you may be interested in their shoes, even if you never went to their website or searched for their shoes online.
Even if a user blocks tracking cookies and uses VPN to blur their IP-address, there still are other methods for tracking users.
One of them is fingerprinting. The fingerprint is the uniqueness of your specific computer, device or browser.
Whenever a user visits a website, their computer or device provides the site with highly specific information about their system and settings. The use of this information to identify and track users is known as device or browser fingerprinting.
The uniqueness can consist of your particular configuration, your setup, or even the dust on the lens of your camera!
In addition to regular cookies, pixel tags, ultrasound beacons and fingerprinting technologies, there exists other methods for tracking users, such as undeletable zombie cookies or super cookies, dynamic cookies, Silverlight Isolated Storage, IndexedDB, etc.
As the world is coming to realize, in the digital age, data is an extremely valuable asset, that can be used for everything from owning markets, affecting the masses, to even win elections.
The methods for getting insight and tracking users is always evolving, and the means are impressively creative.
The GDPR and the ePrivacy Directive are two EU initiatives to regulate user tracking and protect personal privacy. They are probably not in themselves sufficient, but they are important steps in the right direction.
It is one of the only fully GDPR and ePR compliant solutions on the market.
Cookiebot consists of three main features:
The Cookiebot scan detects and identifies all known types of tracking on the website.
It scans all the pages of your website by directing 7-8 simulated users at your website with requests every 1.5 seconds. This is few enough to not interfere with your website’s performance, but enough to detect all the types of tracking going on on your website, including dynamic cookies, ultrasound web beacons, pixel tags and fingerprinting.
When a user visits your website, Cookiebot deactivates all loaded scripts but the strictly necessary ones until the user has given their consent to the cookies, thereby complying with the requirement of prior consent.
All the cookies and other tracking technologies are listed, and grouped into four comprehensible categories, that the user can choose to opt in and out of.
All received consents are securely stored as documentation that the consent has been given, also a requirement of the GDPR.
The monthly scan results in a full report of all tracking technologies in use on the site, giving insight and control to the website owner as to what tracking is in use on their site.
As required by the GDPR, your users may go back at any time and change their settings or withdraw their consent. In the cookie declaration, features are automatically provided for the user to change or withdraw their consent whenever they want.