Skip to main content

How much do online advertisers really know about you? We asked an expert

Hidden Keyboard
Advertisers are watching your every click online, but how much do they really know, and how? Gajus/Shutterstock
When you search for something online — say, a vacation to Vegas — it’s not unusual to see adverts for cheap flights and hotel deals in Sin City on every site that you visit thereafter for the next few days. Few of us understand what’s actually happening behind the scenes for those ads to be served.

“The modern web is a mash-up, which means the content that you’re looking at on the page, which just looks like one single Web page with text and graphics, is in fact assembled from multiple different sources, sometimes dozens, and these different sources can be a variety of different companies,” explains Arvind Narayanan, Assistant Professor of Computer Science at Princeton, “When you look at a Web page, there’s content visible to you and invisible stuff purely for the purpose of tracking what you’re doing.”

Online advertising has been there since the early days of the Internet, but it has grown far more sophisticated in recent years. The ads we see now are often the product of digital stalking as companies try to track our every browsing move. But how does this happen in the first place?

Eyes in the shadows

“What this technology is really good at doing is following you from site to site, tracking your actions, and compiling them into a database, usually not by real name, but by a pseudonymous numerical identifier,” says Narayanan, “Nevertheless, it knows when you come back, and it knows to look you up, and based on what it has profiled about you in the past, it will treat you accordingly and decide which advertisements to give you, sometimes how to personalize content to you, and so on.”

There are even ways to associate two different devices belonging to the same user.

We know that companies are collecting data about us, but there’s very little transparency in terms of the techniques they use, and there are a lot of misconceptions. We don’t really know exactly what data they are collecting, or what they might use it for.

“The information that’s most useful for them to collect is your browsing history and your search history,” Narayanan explains, “This gets compiled and profiled into behavioral categories.”

Ostensibly, this data is collected, analyzed, and used to target us with relevant ads, but it can also be used in other ways.

“It’s not just tracking, but using that data to do data mining and see what you can infer about that person’s behavior and their preferences,” Narayanan says, “In some cases research has shown, data may even be used to tailor prices. Sometimes prices for the same product being subtly different, sometimes it’s different products with different price ranges being pushed to the consumer.”

Back in 2012, it was discovered that travel website Orbitz was showing Mac users pricier hotel options than PC users. Later the same year, the Wall Street Journal reported that the Staples website was tracking visitor’s locations and only applying price discounts if there was a competitor store within 20 miles of them.

How are they tracking us?

“It turns out that every device behaves in a subtly different way when the code on the web page interacts with it, in a manner that’s completely invisible to the user,” Narayanan explains, “and this can be used to derive a fingerprint of the device, so the third parties can tell when the same user of the same device is visiting again.”

Server Farm
The same servers that feed you websites are quietly tracking your browsing habits. Dabarti CGI/Shutterstock

This technique is known as canvas fingerprinting. When one of these scripts is running on a website you visit, it instructs your browser to draw an invisible image. Because every device does it in a unique way, it can be used to assign a number to your machine and effectively track your browsing.

If that sounds like the kind of shady thing you’d only find in the dark recesses of the Internet, then you’ll be disappointed to hear that all sorts of popular, and even well-respected sites, from Whitehouse.gov to perezhilton.com, are running these scripts. The University of Leuven, in Belgium, hosts a complete searchable list of sites with these tracking mechanisms.

Beyond the cookie jar

There are other techniques being used to collect data that are difficult to understand. Most of us have some awareness of cookies, but advertisers have developed new methods to exploit or circumvent the cookie system.

“One of the areas that concerns me the most is the data sharing that’s going on behind the scenes,” says Narayanan.

Arvind Narayanan
Arvind Narayanan, Assistant Professor of Computer Science at Princeton Image used with permission by copyright holder

A process called cookie syncing, allows the entities that are tracking you online to share the information they’ve discovered about you and link together the IDs they’ve created to identify your device. They can compare notes and build a better profile of you. And this is all done without your knowledge or input.

Bypassing the normal cookie system altogether, there’s also something known as a super cookie.

“These are cookies that are in nooks of your web browser that allow information to be stored, but they’re not in the main cookie database,” says Narayanan, “A particularly devious type of super cookie is one that stores itself in multiple locations and uses each of these locations to respawn the others should they be deleted so, unless you delete all traces and forms of that cookie at once from all of your browsers on your computer, then that cookie is going to come back.”

There are even ways to associate two different devices belonging to the same user. Companies can establish that they’re owned by the same person, even without attaching your name to them.

“Let’s say you have a laptop and a smartphone, and you’re traveling with them, and you’re browsing the web through Wi-Fi,” says Narayanan, “The advertiser, or other company, notices that there are two particular devices that always connect to the website from the same network. The chance of this happening coincidentally is similar to the chance of two people having the same travel itinerary, so, after a period of time, if it keeps happening, they can deduce that its the same person that owns those two different devices. Now they can put your browsing behavior on one device together with your browsing behavior on the other device and use it to build a deeper profile.”

Are we really anonymous?

We’re often sold the line that companies are only collecting anonymized data. This is something that Narayanan takes exception to, for a number of reasons.

“The impact of personalization, in terms of different prices or products, is equally feasible whether or not they have your real name. It’s completely irrelevant to their calculations and the intended use of the data for targeting that is so objectionable to a lot of users,” he explains.

We also have more to worry about than just the advertisers.

“Some of our research has shown how the NSA can actually piggyback on these cookies for their own mass surveillance or targeted surveillance,” says Narayanan, “These third party services are making the NSA’s job easier.”

There’s also a real risk that the anonymized data may be exposed and linked to your actual identity.

“It’s possible to de-anonymize these databases in a variety of ways,” explains Narayanan, “We’ve seen accidental leakages of personal information. What one needs to keep in mind, is that if you have this anonymized dossier, it only takes one rogue employee, one time, somewhere, to associate real identities with these databases for all of those putative benefits of privacy anonymity to be lost.“

Narayanan even objects to the word anonymous. Computer scientists use the term pseudonymous, which emphasizes that you’re not really anonymous, you’ve just been assigned a pseudonym. If your identity becomes known you’ve lost your imagined privacy, and there are many ways that could happen.

These third party services are making the NSA’s job easier.

“Many of these databases in which our information is collected started out with innocuous purposes, or purposes that consumers are comfortable with, but when you combine it with the complete lack or transparency, accountability, and regulation there’s an enormous opportunity for misuse,” explains Narayanan, “What happens when the company goes bankrupt, the database gets hacked, or there’s a rogue employee?”

There’s also evidence of a growing industry that’s aiming to tie together your online tracking with your offline purchasing habits. Onboarding companies, like LiveRamp, offer ways to link this data and give companies more insight. If a store asks you for your email address at the counter when you make a purchase, they may share it with a company like LiveRamp, which can identify when you use it to sign in to certain specific websites that they’re in business with and then link it to your device. Now companies can put a real name to the data.

How do we safeguard our privacy?

“There’s not one magic bullet solution,” says Narayanan, “If someone is selling you one solution or device that claims to take care of your privacy concerns, they’re almost certainly selling you snake oil. But if you’re willing to invest a little time, it’s possible to protect your privacy.”

There are lots of browser extensions, and end-to-end encryption tools out there. Narayanan suggests starting with Tor and Ghostery. He also recommends reading the Electronic Frontier Foundation and Electronic Privacy Information Center, if you want to learn more.

“Research technology a little bit, learn about the privacy implications of the products that you’re using, learn about the privacy tools that are out there, but also the right way to use them,” suggests Narayanan, “If you’re not fully aware, you’re not going to make a fully informed choice, but for each person it’s a trade-off on where they want to be on that spectrum of convenience and privacy.”

Simon Hill
Former Digital Trends Contributor
Simon Hill is an experienced technology journalist and editor who loves all things tech. He is currently the Associate Mobile…
Best Verizon Fios new customer deals: Get 2GB/s internet in your home
Fios TV Package

Whether you use the internet for primarily for work, play, or binging the best live TV streaming services, the experience can be made better with blazing fast internet service. With Verizon Fios you’ll get a fiber optic connection and some savings are available that will rival the best home internet deals. Verizon Fios deals are geared heavily toward new customers right now, which is why we’ve rounded up all of the best Verizon Fios new customer deals below. Read onward for those details and if you need some devices to pair with new Verizon Fios service be sure to check out all of the best TV deals, best laptop deals, best tablet deals, and best phone deals going on right now.
2 Gigabit Verizon Fios connection -- $85 per month + free extras
One of the fastest internet speeds you can get, and the fastest speed that Verizon offers, this is the sort of subscription you should grab if all the members of your family are essentially watching 4K content all the time. It's also great for those who want to host their own media server to share with friends or family while not impacting anybody else in the home. You also get a lot of great freebies included here, such as a $400 savings on Samsung home appliances and a free $200 Verizon gift card. On top of that, you're getting a router rental and four-year price guarantee included.

1 Gigabit Verizon Fios connection -- $65 per month + free extras
If the super-fast speeds aren't necessarily needed, especially if you're in a smaller household without too many folks watching content, then the 1 Gigabit version is the way to go. It is $20 cheaper, so it's a lot of money that you're saving over the course of the year, and you still get quite a few extra benefits, even at this level. Just like the 2 Gigabit plan you'll get a free $200 Verizon gift card and $400 worth of savings on Samsung home appliances with this plan.

Read more
This 240Hz gaming monitor from LG is on sale for just $200 at Amazon
The LG UltraGear 27-inch OLED gaming monitor displaying a space game.

When it comes to gaming monitors, LG’s UltraGear lineup reigns supreme as one of the best lineups on the market. These screens are engineered to squeeze every last amount of picture detail from the games you’re playing, resulting in some of the brightest and richest colors, best contrast levels, and exceptional motion clarity. While looking through Amazon deals, we came across a terrific promo on an UltraGear that we just had to write about.

Right now, you’ll be able to purchase the LG 27-inch UltraGear IPS Gaming Monitor for $200. At full price, this model normally sells for $300. If you’ve been looking for one of the best monitor deals of the week, you’ve come to the right place!

Read more
The Alienware Aurora R16, our favorite gaming PC, is $900 off
Alienware Aurora R16 sitting on desk

If you’re looking for the end-all-be-all of gaming PC deals, look no further than this extraordinary offer we found on one of the best desktop towers in the business, the Alienware Aurora R16. For a limited time only, you’ll be able to order this premium PC through Dell for $3,100. Usually, this exact configuration of the Aurora R16 costs $4,000, so you’ll be saving yourself about $900!

Why you should buy the Alienware Aurora R16
Building your own PC is one of the most satisfying experiences for a diehard gamer, but it can also be a pretty tedious process. That’s why high-quality pre-builds exist, and the Aurora R16 is one of the best options. In our best gaming desktop PCs roundup, we gave the R16 top honors for several reasons, with power and performance being two of its leading accolades.

Read more