Every time you visit a website, your browser sends little bits of information about itself.

image of animal tracks

Every time you visit a website, your browser sends little bits of information about itself–and subsequently, about you. In the simplest model, a single third-party ad network serves ads on a number of websites, all of which must include a small snippet of embedded, invisible code that’s loaded when you visit the page. When that occurs–say you’re checking the news without a tracker blocker installed–the ad network gets a request from your computer, and suddenly has access to a concerning amount of highly individualized information. Some of it is passed along by default (for example, HTTP headers are essential to most web functionality, and broadcast your device and browser version), but much of it is extracted by third parties–ad networks, in most cases– that have embedded tracking mechanisms* across vast swaths of the internet.

Because trackers are so common, they cast a wide net, and at first glance the data points they collect seem relatively mundane and disparate. But when compiled together, they form an exceptionally revealing behavioral profile that acts as a live record of your online activity, and can reveal anything from political affiliation to education level to income bracket. As long as this trove of data about you is linked back to you, your online activity will be logged. Ad networks primarily rely on two methods to maintain this link: cookie tracking, or browser fingerprinting.

*scripts, tracking pixels, or ads containing the former.

What are cookies?

Cookies are small chunks of information that websites store in your browser. They are primarily used to automatically remember things like your account login info, or what items were in your online shopping cart–in other words, they save your place. However, they can also be used to link all of your visits, searches, and other activities on a site together. Many people feel this is an invasion of their privacy, and browsers generally allow you to block, limit or delete cookies.

What is a digital fingerprint?

A digital fingerprint is essentially a list of characteristics that are unique to a single user, their browser, and their specific hardware setup. This includes information the browser transmits inherently, like in an HTTP request, as well as a host of seemingly insignificant data (like screen resolution and installed fonts) gathered by tracking scripts. Tracking sites can stitch all the small pieces together to form a unique picture, or "fingerprint," of the user's device.

What is the difference?

Think of the small tracking devices scientists use to follow animal migration patterns, or a GPS transmitter attached to a car. As long as they’re attached to the target animal or vehicle, they are accurate and effective–but they lose all value if they’re knocked off or discarded. This is roughly how cookies behave: they track users up until the point a user deletes them. Fingerprinting follows a similar mode of operation, but uses more permanent identifiers such as hardware specifications and browser settings. This is equivalent to tracking a bird by its song or feather markings, or a car by its license plate, make, model, and color—in other words, metrics that are not so easily changed.

image of animal tracks

Simple suggestions

When you test your browser with Cover Your Tracks, it returns:

  • a summary of your overall protection
  • list of characteristics that make up your digital fingerprint

We provide this information so you can see how your browser appears to trackers, with the hope that you’re empowered to determine your own balance between privacy and convenience. Luckily, this is much easier than it sounds! Here are some of the easiest ways to obscure your fingerprint:

Using a Tracker Blocker

Install a tracker blocker (also known as an ad or content blocker) and watch your browsing experience get a lot more pleasant.

What most tracker blockers do:

  • Cross reference massive lists of tracking scripts
  • Block any attempts at loading a match

When you block trackers, you prevent tracking companies from fully reading your browser fingerprint. However, it may still be visible to more advanced tracking techniques.

Disabling Javascript

What turning off JavaScript does:

  • The positive: most trackers run on Javascript, and they can’t obtain much of the information used to determine your browser fingerprint without it. Thus, your browser looks a lot less distinct, and more protected!
  • The tradeoff: disabling Javascript breaks a staggering amount of websites, and limits the functionality of many more.

Changing browser settings from defaults

Tracking is so pervasive that all of the major browsers (Chrome, Firefox, and Safari) come with settings that disable certain tracking scripts. Turning them on or off is as simple as going into the settings menu and clicking a button.

What disabling tracking scripts in your browser settings does:

  • The positive: They are reliably effective
  • The tradeoff: They’re not as robust as a designated ad blocker.

For more info about what your specific browser protects against, check out this article from Blacklight.

Using a fingerprint resistant browser

Some newer browsers were built from the ground up to thwart fingerprinting, such as Brave and Tor Browser. Functionality varies from browser to browser, but they generally work by:

  • Making your fingerprint less unique, or
  • Making your fingerprint less consistent

This means trackers have a harder time following your usage of the web.

image of animal tracks

Can I do anything about this?!

This is the part where we say “it depends”: you can’t completely block trackers, even with full protective measures. There are two main reasons for this:

  1. Usability: It’s an unfortunate fact that enhanced privacy often comes at the expense of functionality. For instance, if you stop your browser from loading Javascript, you stop the majority of tracking scripts, but you also likely can no longer shop, fill out forms, watch videos, or see any interactive web elements (to name a few things in a very long list of things that break without JavaScript).

    In order to actually use the web, you may need to temporarily relax some or all of your protections–and as soon as you do, trackers notice. Your fingerprint doesn’t disappear just because its signal is usually blocked; sites and trackers just wait patiently for the bits of data that slip through whenever disabling your protection is necessary.

  2. Identifiable Protections: in one of the more paradoxical aspects of tracking, your protections themselves can become part of your fingerprint. So, even if you manage to block every tracking script on a page and hide your actual activity, the tracker still recognizes certain data that’s unavoidably transmitted, and links your behavioral profile to the “mystery user with a very specific combination of privacy protections installed.”

    While we definitely encourage you to be aware of this contradictory and shady aspect of tracking, we still recommend using tracking protection the majority of the time.