What is cross-site tracking, and how can you prevent it?

What is cross-site tracking?

Cross-site tracking, also called cross-website tracking, is a practice where companies, often advertisers, monitor your browsing activity across many websites to collect information about your browsing habits. Both the websites you visit and third-party apps collect this data. They then use it to run targeted advertising and show personalized content.

How does cross-site tracking work?

Imagine browsing an online bookstore where every book you hover your mouse over is recorded. By the time you leave the website, this ghostly observer has a clear picture of your reading preferences and favorite genres. It feels like a slight invasion of privacy, doesn’t it? In the digital world, this observer is made up of cookies and tracking pixels that monitor your activities across multiple websites.

When you browse the web, trackers continuously log every action you take. These trackers, which are small pieces of software like widgets, scripts, or tiny images, are embedded in the code of the websites you visit. Cross-site tracking uses these trackers to monitor online activity and create user profiles. Some of the most common trackers include:

Cookies

A cookie is a piece of code saved on your device that lets a website recognize if you’ve visited before. Cookies help websites remember you and load webpages faster. They also enable advertisers to target you with customized ads across the web and on your social media feeds.

The four main types of cookies include

• Persistent cookies. These cookies stay on your device until their set expiration date.
• Session cookies. These cookies are temporary and disappear when you close your browser. They often store your login details and language preferences.
• Third-party cookies. These cookies are created by domains other than the one you are visiting and are used to track your online behavior, mainly for targeted advertising.
• Super cookies. These cookies stay on your computer indefinitely and are more invasive. They are collected in a different part of the hard drive and are more challenging to remove.

The first two types of cookies improve your browsing experience by remembering your preferences and login information. However, you need to watch out for third-party and super cookies, as they track your activities across the web and may threaten your privacy.

Web beacons

Web beacons, also known as web bugs, are tiny images embedded in web pages or emails, often just one pixel in size. When you load a page or open an email containing a web beacon, it notifies the server. Web beacons allow advertisers to track who accesses the page or email and when they do so. Like cookies, web beacons also monitor browsing behavior. They also track email IP addresses, capturing the exact time and date you open the message.

Canvas fingerprinting

Canvas fingerprinting is a browser fingerprinting technique that uses the HTML5 canvas element to track visitors. This element allows websites to instruct your browser to draw hidden graphics. The way these graphics render varies based on individual device settings like the graphics card and system hardware, creating a unique image for each user. This unique rendering acts as a digital fingerprint and enables precise tracking when combined with other site data.

What is the purpose of cross-website tracking?

Cross-website tracking offers multiple reasons for websites to monitor user activity. It can provide useful analytics and improve your online experience by storing information such as your language preferences and login details. Additionally, multiple sites use this data to aid in product improvement and personalize your browsing experience through targeted advertising.

For example, if you’re an avid runner who frequently searches for athletic gear, you would likely prefer seeing ads for the latest running shoes and fitness equipment rather than for unrelated products like kitchen gadgets. This tailored advertising, enabled by cross-website tracking, aligns advertisements with your specific interests based on your browsing patterns.

When does cross-website tracking become potentially problematic?

While cross-website tracking offers benefits, it also raises significant privacy and security concerns. Not knowing how much of your data is collected and for what purposes can be alarming. Third parties, such as advertising networks and data brokers, often collect our data without clear consent using cookies and web beacons.

Moreover, few websites offer explanations in simple terms about how they use the collected data. This lack of transparency, combined with the often complex terms presented on websites, can make it difficult to understand where your data might end up.

Cross-site tracking and the GDPR

The General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) address these privacy concerns with strong regulations. The GDPR mandates that websites must obtain user consent through opt-in forms before collecting personal data.

These forms cannot include pre-ticked boxes to ensure that users actively agree to data collection. Also, users have the right to withdraw their consent at any time, even after initially agreeing to the use of their data.

How to prevent cross-site tracking

If you’re in the European Union or California, strict regulations like the GDPR and CCPA ensure that your data cannot be tracked without explicit consent. If you’re from a region with less stringent privacy laws, you can still protect yourself by adjusting your browser settings to limit or fully block cross-website tracking.

Note: Different browsers offer varying levels of protection. Some may only partially prevent tracking or only do so under specific circumstances. So you must choose a browser that meets your privacy needs and expectations.

How to stop Safari cross-site tracking (MacOS and iOS)

How to turn off cross-site tracking on Mac:

1. Open the Safari browser on your Mac and navigate to “Safari” > “Preferences.”
2. Click on “Privacy.”
3. Select “Prevent cross-site tracking.”

How to disable cross-site tracking on iPhone and iPad:

1. Open “Settings” on your iPhone or iPad.
2. Scroll down and tap on “Safari.”
3. Under “Privacy & security,” find “Prevent cross-site tracking” and toggle it on.

How to turn off cross-site tracking on Chrome (Windows and Android)

For Windows devices:

1. Open Chrome and click the three dots “⋮” at the top right, then select “Settings.”
2. Click “Privacy and security” > “Third-party cookies.”
3. Turn on “Send a ‘do not track’ request with your browsing traffic.”
4. Press “Confirm.”

For Android devices:

1. Open the Chrome app and tap “⋮” at the top right.
2. Tap on “Settings.”
3. Tap on “Privacy and security.”
4. Tap on “Send a ‘do not track’ request.”
5. Toggle the setting on.

How to disable cross-site tracking in Firefox (Windows)

1. Open the Firefox browser and click the menu button “≡” at the top right corner and select “Settings.”
2. Tap on “Privacy & security” and then select the “Custom” radio button under “Enhanced tracking protection.”
3. Tick the “Cookies” checkbox and pick “Cross-site tracking cookies, and isolate other cross-site cookies” (normally a default setting).
4. Blocking all browser tracking forms is challenging due to the sophisticated techniques advertisers and trackers use. However, you can significantly reduce cross-site tracking by taking additional steps beyond adjusting browser settings. Install browser extensions that block trackers for more comprehensive protection. Additionally, consider using a VPN to secure your online activity even further.

Does a VPN prevent cross-site tracking?

Using a VPN can significantly improve your online privacy but doesn’t directly prevent cross-site tracking. A VPN hides your IP address and keeps your internet traffic private, making it harder for trackers to link your online activity directly to you. To really protect yourself from trackers, adjust your device’s privacy settings and use a VPN alongside privacy-focused browsers and tracker blockers.

NordVPN’s Threat Protection Pro feature includes a tracker blocker that effectively stops third-party trackers from collecting data about your browsing behavior and creating a detailed profile of you.

FAQ

Should cross-site tracking be on or off?

If you are concerned about privacy, it’s best to turn off cross-site tracking. If you enable cross-site tracking, you should expect advertisers and third parties to follow your browsing habits across multiple websites, building detailed profiles that influence the ads and content you see online. Most browsers offer settings or extensions that let you turn off this tracking so you have greater control over your data.

Does Google Chrome have cross-site tracking?

Yes, Google Chrome allows cross-site tracking. However, users can manage or block this type of browser tracking by adjusting their privacy and security settings. Additionally, users can install privacy-focused browser extensions designed to block trackers to protect their online activity even further.

Does Apple prevent cross-site tracking?

Yes, Apple actively prevents cross-site tracking, primarily through its Safari browser. Safari’s Intelligent Tracking Prevention (ITP) feature employs advanced machine learning to identify and block web trackers.

This feature automatically limits tracking cookies and other data collectors. Moreover, Apple provides complete privacy settings on iOS and macOS devices, allowing users to effortlessly block cookies and manage site data.