How Companies Track You

Cookies

Small text files held by your browser, which are used by webservers to serve the correct user session to you. Well that’s the legitimate use of them, but they can record searches you've made and sites you've visited.

Have you ever searched for something on Amazon or eBay, and then upon visiting another site been served adverts for products you just searched for? That's Cookie Tracking in action.


Mitigation options:
You can reduce Cookie Tracking by Blocking third-party cookies in your browser.

Pixel tracking

A 1x1 pixel image embedded in a web page, which your browser will automatically download. Webservers log each request made to this single pixel image, and the logs will give the site owner a fair idea of what pages their visitors look at.

Why a 1x1 pixel image? A single pixel image is the smallest file your browser will silently process.


Mitigation options:
Block all images – hang on your web experience won't be particularly enjoyable with no images.
NoScript – NoScript will block any requests made within client run javascripts. But if the request comes from the basic html page NoScript won't help all.


Example where NoScript will fail to block a tracking pixel:
<html>
<img src="pixel.facebook.com/gotcha.gif">
<h1>Some Gash Stuff</h1>
...
</html>

Other Tracking Methods

Since HTTP Cookie blocking is so easy to do, tracking companies employ more complex methods to identify what users do. I could go on further, but here is a list of methods and links to pages with further detail:


Canvas Fingerprinting
https://en.wikipedia.org/wiki/Canvas_fingerprinting

Canvas-Font Fingerprinting
https://www.browserleaks.com/canvas

AudioContext Fingerprinting
http://www.zdnet.com/article/think-youre-not-being-tracked-now-websites-turn-to-audio-fingerprinting-to-follow-you

WebRTC Local IP Discovery
https://webtransparency.cs.princeton.edu/webcensus/webrtc_scripts.html