There are three reasons that websites build profiles on their users:
- To save your preferences and improve individual user experience
- To understand your interests so they can target you with ads
- To get feedback from users and improve the overall user experience
Who has info on you?
There are two main ways that a website identifies a user:
1. By their IP address. This is a number issued to you by your ISP (Internet Service Provider).
2. Through cookies saved in their browser
The IP address is not a permanent fixture attached to your device. It is assigned to a modem by the ISP. That means that all devices running off the same wifi network will register the same IP address. However, if you’re running through a personal mobile connection, like on a smart phone, your IP address will be unique to your phone. Any device connected to Wifi hotspot on your phone will register your phone’s IP address.
Even if you are connected to a Wifi network, websites can still identify you as a unique device. This is done through data stored in your browser, which we call cookies. These are small packets of data that are stored in your device’s memory. They signal certain things to a website, such as saved user preferences and past user activity.
You can delete cookies by going to the settings page in your browser and finding the option to delete cookies or clear browsing data. Keep in mind that does not necessarily wipe away your identity to websites. Because identifying users is so valuable in the online economy, websites use other methods that are both devious and resourceful.
Don’t assume deleting cookies will keep you anonymous
One of these devious methods is “super cookies”. These are predatory enough that you can almost consider them malware. What they do is plant themselves in multiple locations, so that if you delete cookies, they can simply regenerate themselves in the empty folder.
But even without super cookies, websites can identify you. They do this by cross referencing all of the analytics available to them. This is actually an accurate process. This website here lets you see how “unique” the profile a website can build on you is. Here’s an interesting experiment: run the test on both the Brave and Chrome browsers, and compare the results.
Using Brave, the test tells me “Your browser fingerprint has been randomized among the 252,772 tested in the past 45 days.
”Using Chrome, the test tells me “Your browser fingerprint appears to be unique among the 252,767tested in the past 45 days.”
That should tell you how easy it is to identify users that don’t use privacy tools. It also tells you how easy it is to take some basic steps to increase your own online privacy (such as using a privacy-oriented browser).
Third party services like this one help websites get details on the specific devices accessing their sites. They can register things like whether you’re on mobile or desktop, and how wide your display is.
Here’s a few other interesting things that a website can capture:
1. The previous webpage you visited
2. How you got to their site (via Google, links from other sites, internal pages, PPC ads, display ads etc, or directly)
3. How much time you spend on each web page (on their own site)
4. Your general location (via your IP address)
5. Your mouse movements.
Can a website identify you, personally?
Being able to attach personal details to your user ID is huge: gender, interests, age, marital/relationship status, occupation, education, political affiliation, religion, interests. How would they get that info? Well, social media platforms like Facebook ask you for it. And most users oblige.
You’ll notice that some websites have links to allow you to share or even comment on a page using your social media accounts (primarily FB, Instagram, Twitter, and Google). They’re asking you to reveal all the details in your social media profile, as well.
Google, for instance, asks users for all their details. If you have Gmail or YouTube, Google knows you. And they make it very convenient to sync with other major platforms, specifically for advertising purposes.
Your ID is following you everywhere you go. If you’re logged into Google and you use Google to find a website, there’s an opportunity for that website to register your details. And if your Google is synced to your Facebook...well, they can access everything. They might even be able to see who you spend the most time with, how many kids you have, and who you’re married to.
How sensitive is the info that websites have on you?
Some users are indifferent about their online identity. After all, they volunteer a lot of the info that webservices have on them. The fact is, if you use the internet for shopping, banking, finance, insurance or social media, you have sensitive info online.
The biggest risks are identity theft and fraud, but there’s also the concern that a malicious actor could find out personal details about you to blackmail you, or hijack your account to cause you problems. When major institutions are hacked, the hackers sometimes sell all of the customer data they steal.
A lot of data tracking is done with good intentions. Even so, there are still risks to the user. Every user needs to decide for themselves how much risk they are comfortable taking on in exchange for the convenience of online services.