What is Cross Website Tracking | A Guide to Cross-Website Tracking
“If you’re not paying for the product, you are the product.”Andrew Lewis
When the 2020 documentary, ‘The Social Dilemma,’ directed by Jeff Orlowski, dropped on Netflix, it sounded the alarm bell that was already ringing loudly. It highlighted the familiar quote among millions of viewers globally by driving the point of how Big Tech has been misusing our data without our consent.
The documentary came in a backdrop of tumultuous times – with the CEOs of Google, Facebook, and Twitter questioned by the US Senate Judiciary and Senate Commerce Committees. If you had followed the Facebook hearings minutely, you must have frequently come across the term ‘cross-website tracking’.
During one such grilling session, Missouri Senator Josh Hawley questioned Facebook (now Meta) CEO Mark Zuckerberg about a tentative internal tool named ‘Centra.’ The tool purportedly tracked all Facebook users across the internet.
While tracking user activity was not an alien concept, very few could grasp its implications and the extent to which it is used. With the Facebook hearings and the viral Netflix documentary, suddenly, it was out in the open. The practice of cross-site tracking ushered in serious privacy concerns and rightly so among the billions of internet users worldwide. In this article, we will try to understand cross-website tracking, its impact on user privacy, and how to minimize its effects.
Table Of Contents
- 1 So, What is Cross-Website Tracking?
- 2 How Does Cross-Website Tracking Work?
- 3 But, What is the Purpose of Cross Website Tracking?
- 4 So, When Does it Become Potentially Problematic?
- 5 How to Stop Cross-Website Tracking?
So, What is Cross-Website Tracking?
It is precisely what its name entails! Cross-website tracking refers to the practice of advertisers, businesses, and other digital agencies and entities tracking your online activity to monitor your browsing habits. The website visited by the user primarily does the tracking, but third-party apps can also gather and access this data. There are multiple reasons to justify this practice – product improvement, personalized user experience, and targetted advertising. Cross-website tracking eases your experience by remembering basic information, like your language preferences. It also makes browsing easier and publisher service better.
While Big Tech and other agencies portray cross-website tracking as an innocuous marketing act, it also poses some serious privacy threats. For one, it is a breach of privacy when websites engage in cross-site tracking without seeking consent from the users. Secondly, very few websites offer information in layman’s terms regarding how they will use the collected user data. Hence, unless you are willing to wade through the technical terms of every website you visit, it might be impossible to understand where your data might end up.
How Does Cross-Website Tracking Work?
So, how exactly do websites track your browsing behavior? Well, any user browsing the web often has trackers pursuing them and keeping a log of every activity. This is achieved with the help of widgets, scripts, or minuscule images embedded on any website user visits.
While visiting many websites, you have surely noticed those social media buttons embedded there. Sure, most of the time, they are included for the sites to gain useful analytics regarding their content. But the concerning issue is they also send your data back to those platforms to create user profiles for targeted advertisements.
Some of the most commonly used web tracking systems and web trackers are:
Cookies are the primary tools used by websites in the process of cross-website tracking. It is quite an ingenious concept. You visit a website, and a small packet of data is transferred to your device’s browser courtesy of your web server. This small packet is called a computer cookie aka web, internet, browser, or HTTP cookie. Cookies are designed specially to memorize your browsing information and online activity.
Cookies work in a simple manner:
- The browser requests a web page from the web server
- The server transmits the page along with a cookie
- The cookie gets stored in the hard drive of your device
There are three different types of cookies:
- Persistent cookie
- First-party or session cookie
- Third-party cookie
While the first two types of cookies are generally used to boost your browsing experience by remembering your passwords and language preferences, it is the third type you should be wary of. Persistent cookies come with an expiration date, and session cookies are temporary ones that get deleted with the closing of your browser. But the third-party cookie that keeps track of your online behavior is the tracking cookie.
Web beacons are used as a single-pixel transparent graphic image by a website to log user behavior. They work similarly to cookies to monitor user browsing habits and navigation for advertising and analytics purposes. One such web beacon is the Facebook Pixel, enjoying a ubiquitous presence in your browsing activities. It tracks almost every aspect of your web browsing activity and aids advertisers in putting up targeted ads for you or others exhibiting similar behavior. Beacons also enable IP address tracking in emails by logging the exact time and date as well as your IP address when you open any mail embedded with a beacon.
The practice of websites deciphering how the user’s browser responds to graphical instructions is known as canvas fingerprinting. Any website with this feature can direct your browser to draw a hidden image. This particular image varies with the individual’s device, graphics card, and hardware settings, resulting in the rendition of a unique image for every user. The distinctive image acts as a unique digital fingerprint for every user and can provide accurate information when coupled with other tracking data.
HTML5, the latest version of the coding language HTML, was developed for animations and drawing graphics on websites. However, it includes canvas fingerprinting, resulting in its co-opting of it as an effective tracking and fingerprinting tool.
But, What is the Purpose of Cross Website Tracking?
There are many legit reasons for websites to keep track of user activity. Most sites do it to boost website performances and personalize user experience. Let’s say that you are into reading books and watching movies at leisure. So, won’t you prefer advertisements from streaming services and publishing houses over furniture and bedsheets? This is exactly achieved through cross-website tracking that allows targeted advertising based on the browsing behavior of any user.
Some of the primary reasons behind cross-website tracking are:
Almost all websites glean user information by using analytics software to gauge how customers use their site and get visitors’ demographics. Information like how visitors arrive on the site and the number of pages they visit help the owners make important business decisions and optimize the site.
For easier understanding, let us take the example of any news publishing website. When publishers notice that most visitors are hitting upon one story only, they opt for better interlinking between posts. It will make the other stories easily accessible too and increase the website’s overall views and footfalls.
Google Analytics makes for the most commonly used analytics software on the internet. With an estimated client base of 29 million sites, Google Analytics is in use in 88.5% of the top 10,000 sites.
Many websites require some tracking to perform the intended way. YouTube might make the best case for this. When you are watching YouTube videos, you will find the algorithm recommending videos you might want to view next. This feature is only possible because YouTube tracks your behavior on the platform and on other sites to recommend the best possible options for you.
User-based target advertising is possibly the primary reason behind cross-website tracking. The adverts you come across on the internet are primarily because of the data collection by websites based on your location, search interests, browser history, and even the time of the day you prefer to visit certain sites. Retargeting is another common practice where you see a barrage of adverts for products similar to something you might have searched for a while ago.
Again, Google has cemented its place at the top with Google AdSense, the largest web-advertising network.
So, When Does it Become Potentially Problematic?
However, General Data Protection Regulation (GDPR) in Europe and California Consumer Privacy Act (CCPA) are taking heed of these grave concerns and have developed a set of regulations. GDPR requires websites to provide users with opt-in consent forms before collecting personal user data. The websites cannot use pre-ticked boxes in such consent forms, which ensures users take positive steps to provide permission. Also, websites are required to provide users with the option to withdraw their consent any time they want, even if they have initially consented to use their personal data.
CCPA, while not making it necessary to provide opt-in consent forms, mandates websites to mention upfront how the collected user data will be used and the parties they will be available to. Upcoming regulations will also allow users to view the data collected and the right to get them deleted if they feel so.
How to Stop Cross-Website Tracking?
Well, yes, there are steps you can take to fight this practice and even prevent websites from tracking and storing your data. While if you are based in the European Union (EU) or California, USA, there are strong regulations that prohibit tracking user data without explicit consent. However, if you are from a country that does not have strict regulations in place, you can optimize your browser settings to prevent cross-website tracking.
If you are someone who has legitimate privacy concerns regarding cross-site tracking and finds it intrusive, here are some of the steps you can take to prevent it:
For computers and laptops –
- Open the Chrome browser and go to Settings
- Click Cookies and other site data under the Privacy and security option
- Turn Send a “Do not track” request with your browsing traffic off
For mobile phones –
- Open the Chrome app on your android device and go to Settings
- Tap Do Not Track under Privacy and security
- Turn the setting off
Firefox has an in-built Private Browsing with Tracking Protection feature that prevents third parties from tracking your browsing activity across multiple websites. You can enable it with the following steps:
- Open the Firefox browser and go to Settings
- Tap on the Privacy and Security panel
- Select the Custom radio button under Enhanced Tracking Protection to select what to block
- Tick the Cookies checkbox (Cross-site and social media trackers is the default setting)
- Close the about: preferences page
- iOS devices
For Macbooks and PCs –
- Open the Safari browser on your Mac
- Go to Safari > Preferences and tap on Privacy
- Select Prevent cross-site tracking
For iPhone and iPad –
- Go to Settings on your iPhone/iPad
- Scroll down until you find Safari and tap on it
- Tap the slider and turn on Prevent Cross-site Tracking under PRIVACY & SECURITY
It is often claimed that data is possibly the most valuable resource today. As aptly put by the Former Global Head of Research and Senior Vice-President of Gartner, Inc., Peter Sondergaard, “Information is the oil of the 21st century, and analytics is the combustion engine.” While the debate whether data has surpassed oil or gold in value and importance is raging on, it is undeniable that data plays a major role in today’s world of digital information.
Hence, it is imperative that billions of internet users worldwide pay attention to their data being tracked and stored. Even though cross-website tracking may have a lot of things going for it, tracking and making your data available to third parties without any transparency or consent is a legitimate concern. To ensure a healthy trade-off, it is critical that the concerns of users are acknowledged, fully informed regarding the use of their personal information, and given a choice to not opt for sharing any data.