Skip to main content

How much do online advertisers really know about you? We asked an expert

Hidden Keyboard
Advertisers are watching your every click online, but how much do they really know, and how? Gajus/Shutterstock
When you search for something online — say, a vacation to Vegas — it’s not unusual to see adverts for cheap flights and hotel deals in Sin City on every site that you visit thereafter for the next few days. Few of us understand what’s actually happening behind the scenes for those ads to be served.

“The modern web is a mash-up, which means the content that you’re looking at on the page, which just looks like one single Web page with text and graphics, is in fact assembled from multiple different sources, sometimes dozens, and these different sources can be a variety of different companies,” explains Arvind Narayanan, Assistant Professor of Computer Science at Princeton, “When you look at a Web page, there’s content visible to you and invisible stuff purely for the purpose of tracking what you’re doing.”

Recommended Videos

Online advertising has been there since the early days of the Internet, but it has grown far more sophisticated in recent years. The ads we see now are often the product of digital stalking as companies try to track our every browsing move. But how does this happen in the first place?

Eyes in the shadows

“What this technology is really good at doing is following you from site to site, tracking your actions, and compiling them into a database, usually not by real name, but by a pseudonymous numerical identifier,” says Narayanan, “Nevertheless, it knows when you come back, and it knows to look you up, and based on what it has profiled about you in the past, it will treat you accordingly and decide which advertisements to give you, sometimes how to personalize content to you, and so on.”

There are even ways to associate two different devices belonging to the same user.

We know that companies are collecting data about us, but there’s very little transparency in terms of the techniques they use, and there are a lot of misconceptions. We don’t really know exactly what data they are collecting, or what they might use it for.

“The information that’s most useful for them to collect is your browsing history and your search history,” Narayanan explains, “This gets compiled and profiled into behavioral categories.”

Ostensibly, this data is collected, analyzed, and used to target us with relevant ads, but it can also be used in other ways.

“It’s not just tracking, but using that data to do data mining and see what you can infer about that person’s behavior and their preferences,” Narayanan says, “In some cases research has shown, data may even be used to tailor prices. Sometimes prices for the same product being subtly different, sometimes it’s different products with different price ranges being pushed to the consumer.”

Back in 2012, it was discovered that travel website Orbitz was showing Mac users pricier hotel options than PC users. Later the same year, the Wall Street Journal reported that the Staples website was tracking visitor’s locations and only applying price discounts if there was a competitor store within 20 miles of them.

How are they tracking us?

“It turns out that every device behaves in a subtly different way when the code on the web page interacts with it, in a manner that’s completely invisible to the user,” Narayanan explains, “and this can be used to derive a fingerprint of the device, so the third parties can tell when the same user of the same device is visiting again.”

Server Farm
The same servers that feed you websites are quietly tracking your browsing habits. Dabarti CGI/Shutterstock

This technique is known as canvas fingerprinting. When one of these scripts is running on a website you visit, it instructs your browser to draw an invisible image. Because every device does it in a unique way, it can be used to assign a number to your machine and effectively track your browsing.

If that sounds like the kind of shady thing you’d only find in the dark recesses of the Internet, then you’ll be disappointed to hear that all sorts of popular, and even well-respected sites, from Whitehouse.gov to perezhilton.com, are running these scripts. The University of Leuven, in Belgium, hosts a complete searchable list of sites with these tracking mechanisms.

Beyond the cookie jar

There are other techniques being used to collect data that are difficult to understand. Most of us have some awareness of cookies, but advertisers have developed new methods to exploit or circumvent the cookie system.

“One of the areas that concerns me the most is the data sharing that’s going on behind the scenes,” says Narayanan.

Arvind Narayanan
Arvind Narayanan, Assistant Professor of Computer Science at Princeton Image used with permission by copyright holder

A process called cookie syncing, allows the entities that are tracking you online to share the information they’ve discovered about you and link together the IDs they’ve created to identify your device. They can compare notes and build a better profile of you. And this is all done without your knowledge or input.

Bypassing the normal cookie system altogether, there’s also something known as a super cookie.

“These are cookies that are in nooks of your web browser that allow information to be stored, but they’re not in the main cookie database,” says Narayanan, “A particularly devious type of super cookie is one that stores itself in multiple locations and uses each of these locations to respawn the others should they be deleted so, unless you delete all traces and forms of that cookie at once from all of your browsers on your computer, then that cookie is going to come back.”

There are even ways to associate two different devices belonging to the same user. Companies can establish that they’re owned by the same person, even without attaching your name to them.

“Let’s say you have a laptop and a smartphone, and you’re traveling with them, and you’re browsing the web through Wi-Fi,” says Narayanan, “The advertiser, or other company, notices that there are two particular devices that always connect to the website from the same network. The chance of this happening coincidentally is similar to the chance of two people having the same travel itinerary, so, after a period of time, if it keeps happening, they can deduce that its the same person that owns those two different devices. Now they can put your browsing behavior on one device together with your browsing behavior on the other device and use it to build a deeper profile.”

Are we really anonymous?

We’re often sold the line that companies are only collecting anonymized data. This is something that Narayanan takes exception to, for a number of reasons.

“The impact of personalization, in terms of different prices or products, is equally feasible whether or not they have your real name. It’s completely irrelevant to their calculations and the intended use of the data for targeting that is so objectionable to a lot of users,” he explains.

We also have more to worry about than just the advertisers.

“Some of our research has shown how the NSA can actually piggyback on these cookies for their own mass surveillance or targeted surveillance,” says Narayanan, “These third party services are making the NSA’s job easier.”

There’s also a real risk that the anonymized data may be exposed and linked to your actual identity.

“It’s possible to de-anonymize these databases in a variety of ways,” explains Narayanan, “We’ve seen accidental leakages of personal information. What one needs to keep in mind, is that if you have this anonymized dossier, it only takes one rogue employee, one time, somewhere, to associate real identities with these databases for all of those putative benefits of privacy anonymity to be lost.“

Narayanan even objects to the word anonymous. Computer scientists use the term pseudonymous, which emphasizes that you’re not really anonymous, you’ve just been assigned a pseudonym. If your identity becomes known you’ve lost your imagined privacy, and there are many ways that could happen.

These third party services are making the NSA’s job easier.

“Many of these databases in which our information is collected started out with innocuous purposes, or purposes that consumers are comfortable with, but when you combine it with the complete lack or transparency, accountability, and regulation there’s an enormous opportunity for misuse,” explains Narayanan, “What happens when the company goes bankrupt, the database gets hacked, or there’s a rogue employee?”

There’s also evidence of a growing industry that’s aiming to tie together your online tracking with your offline purchasing habits. Onboarding companies, like LiveRamp, offer ways to link this data and give companies more insight. If a store asks you for your email address at the counter when you make a purchase, they may share it with a company like LiveRamp, which can identify when you use it to sign in to certain specific websites that they’re in business with and then link it to your device. Now companies can put a real name to the data.

How do we safeguard our privacy?

“There’s not one magic bullet solution,” says Narayanan, “If someone is selling you one solution or device that claims to take care of your privacy concerns, they’re almost certainly selling you snake oil. But if you’re willing to invest a little time, it’s possible to protect your privacy.”

There are lots of browser extensions, and end-to-end encryption tools out there. Narayanan suggests starting with Tor and Ghostery. He also recommends reading the Electronic Frontier Foundation and Electronic Privacy Information Center, if you want to learn more.

“Research technology a little bit, learn about the privacy implications of the products that you’re using, learn about the privacy tools that are out there, but also the right way to use them,” suggests Narayanan, “If you’re not fully aware, you’re not going to make a fully informed choice, but for each person it’s a trade-off on where they want to be on that spectrum of convenience and privacy.”

Simon Hill
Former Digital Trends Contributor
Simon Hill is an experienced technology journalist and editor who loves all things tech. He is currently the Associate Mobile…
Hurry! The M4 MacBook Pro just got an unheard of discount
Someone using a MacBook Pro at a desk.

The 2024 MacBook Pro with M4 chip hasn't even been out for a month, but it already has its first major discount. Amazon just knocked $200 off the 14-inch configuration, dropping the price to $1,399 from $1,599. While a $200 discount on a MacBook isn't world-shattering, the fact that this laptop is so new makes this an unheard of deal. Let's dive into some other noteworthy aspects of this sale.

Why you should buy the MacBook Pro M4
This specific configuration of the M4 Pro has a 10-core CPU, 10-core GPU, 16GB of RAM and 512GB of SSD storage. The 16GB of RAM is particularly noteworthy, as it's the new standard for Apple. That makes this a better deal than some of the M3 models with 8GB of RAM. This model of course comes with Apple's signature Liquid Retina XDR display on its 14.2-inch screen, and it's ready for Apple Intelligence.

Read more
Google may finally bring back the Pixelbook, but not how you think
google pixelbook i7 price cut amazon

One of Google’s upcoming big projects could be a high-end laptop slated to be the next rival of the MacBook Pro.

An internal email obtained by Android Headlines detailed that Google has greenlit a project for a device codenamed “Snowy.” The email suggests the device is a laptop with premium specifications similar to the Dell XPS, Microsoft Surface Laptop, the Samsung Galaxy Chromebook, and the brand’s largest competitor, Apple’s MacBook Pro. With the project past the concept phase, it would likely be quickly expanded into a viable product under the Pixel line.

Read more
Best early Black Friday deals under $100: Amazon Echo, TVs, headphones and more
The Amazon Echo Pop on a desk.

Update 11/19/24: Black Friday is still over a week away, but you can already start your shopping with the Black Friday deals under $100 that we've gathered here. There's a possibility that these affordable items get even bigger discounts when the sale officially launches, but we won't blame you if you're already tempted by today's prices.

Black Friday will start on November 29, but if you've already got the itch to shop, check out the early Black Friday deals under $100 that we've gathered here. The offers cover smart home devices, laptops, TVs, kitchen gadgets, and so much more, so if you want to start enjoying discounts without blowing your entire budget for the shopping event, take a look at our favorite bargains below.

Read more