What you need to know:
When you’re browsing the web online, websites often use unique IDs stored in “cookies” (data files stored in your browser) to identify you. They function as the site’s short-term memory and can remember your settings, preferences, activities and login status while you visit different pages on the site or when you leave the site and come back. These are known as “1st party cookies” and can only be accessed by the website which created it.
However, large advertising networks, technology companies, social media platforms and data brokers can also create and store in your browser what are known as “3rd party cookies” when you visit websites across the web that have their code placed on that site. This allows these companies to be able to identify you as you navigate across the web and collect your online browsing data. This data is then utilized to facilitate advertising between brands that want to show ads and publishers (sites with content) that can place these ads on their pages. This mechanism for example, enables marketers to show you ads for a product you browsed on website A, while you are visiting website B.
Keep in mind that the majority of the internet has incentives aligned around data collection, where brands/retailers wants to serve consumers ads to drive purchases, publishers wants to sell ad space to brands/retailers and advertising/technology companies want to facilitate and enable that transaction in order to profit. This means the entire internet ecosystem is dependent on knowing and tracking you.
Beyond tracking from websites and tech companies, your internet service provider (ISP) also has access to everything you do online, including websites and apps you’ve visited, when and where you visited those sites and what devices you are using. This type of data can be incredibly powerful for targeted advertising.
When you visit a website that uses the unencrypted protocol “HTTP” (a good chunk of the web), then your ISP can see the full URL and content of the webpage. When you visit one using the encrypted protocol “HTTPS”, then the ISP can see the top level domain name (i.e. google.com).
Federal protections that had prohibited ISPs from selling your online behavior data without consent was repealed in 2017, giving these companies free reign to monetize your data. Investigations are ongoing by the FTC to understand these companies’ data practices, but some states (like Maine), have taken matters in their own hands and barred this practice.
Learn more about cookies
How some browsers are phasing 3rd party cookies
How publishers are tackling the fall of 3rd party cookies and looking to create alliances to share data amongst themselves
How Facebook uses pixels to track you across websites without cookies
Digital fingerprinting, an alternative method to track users across the web
How Verizon used “supercookies” in 2016, cookies you can’t delete
Learn more about the 2017 repeal that allows ISPs to monetize your online data without consent
What to do:
Check this website to see if your browser has 3rd party cookies enabled.
Considering changing to a browser with 3rd party cookies automatically blocked like Safari and Firefox or use extensions that help you block trackers like Ghostery. Read here for a summary of privacy focused browser options.
If making purchases online consider using a disposable email service to limit the ability to trace that data back to you. Also consider using services that can mask your credit card for additional levels of data and identity protection.