We often get questions like this:
I have an account on Instagram for my business. Why do I get suggestions there for my private hobbies and likes, even though I'm logged in there with my business email?
Or:
How does Amazon know about my purchase wishes before I have even searched there?
In order to understand "data tracking", i.e. the reading and collection of user data on the internet, one needs a little understanding of the basic architecture of the internet, more precisely of so-called "requests" and "responses".
Since this will now be technical and therefore probably totally boring for you, we'd better go to the pub.
To a special pub.
Imagine you're in this particular pub and you call out to the landlord "Hey Dieter, fix a large Helles" (or a rhubarb spritzer).
This is the request. On the Internet, your browser or mobile phone has just made a request to a server. On the internet, there is no beer (or rhubarb spritzer) but data in the form of pictures, videos or texts.
When Dieter has listened, he nods briefly in annoyance, taps the Helle (or rhubarb schnapps) and shoves it in front of your nose.
On the Internet, this would be the so-called "response". It means that Dieter, the server has successfully interpreted your request and the data is transferred locally to your computer.
Your local browser like Firefox or Chrome or Safari then interprets the data again and as a result you finally see the video, a shopping product or can log in somewhere.
Back to Dieter's pub.
Unfortunately, Dieter is also dependent on income from advertising and therefore not only normal guests cavort there, but dozens more employees of advertising departments stand next to, in front of and behind you at the bar and watch you with interest.
When you order your Helles (or the Rhabarberschorle), they become active: they keep a close eye on what you ordered, what time it was, what clothes you were wearing, whether you were in a bad or good mood when you ordered, etc. etc.
Every detail is observed. Then they call their clients and give all the observations in detail.
This is exactly what happens on the Internet when you land on a website in which scripts from third-party providers are installed, which in turn communicate with their clients (request - response). This can sometimes be dozens of scripts per website.
But it gets even more bizarre. The boss of the agents not only takes down all the information, but immediately gives his spies the order to hide an additional tracking device in your coat pocket, which they do immediately. In no time at all, your pockets are full of tracking devices; every marketing company has its own little transmitter.
On the internet, these are the so-called Third-party cookieswhich basically take over the function of transmitters so that the agents always know exactly where you are coming from and where you are.
As soon as you leave the pub and go to a new pub, shop, church, sports club or wherever, the advertising agents know your location, where you came from and what you were doing there.
On the internet, that would be visiting a website and how you behaved there. You have looked at a product? "Aha" - is saved. You are on the page for longer than 3 seconds? "Interesting", is saved. You are on the page for less than 3 seconds? "Aha", probably doesn't like it, is saved. The collecting mania knows hardly any limits here.
And then the process starts all over again: your trackers are read out, information is passed on and your transmitter is renewed.
That is the simple form of tracking.
What can I do about the "tracking devices"?
Fortunately, there is an easy way to get rid of these tracking devices on the Internet: Delete the cookies from your browser as regularly as possible, or use a cookie-scanner from the outset. the incognito mode (private mode) in your web browser.
In addition, the DSGVO or GDPR requires third-party cookies to be listed and the user has the option of explicitly agreeing to be "tracked".
So is it that simple? Can you just deactivate your cookies and have peace of mind?
Unfortunately not. There is a second major area besides cookies through which your data is collected, namely:
The digital fingerprint or your appearance in Dieter's pub...
When your browser makes a request to the server, it also informs the server of all kinds of parameters so that the corresponding response can be guaranteed. For example: operating system, screen resolution, browser manufacturer, installed fonts, location (e.g. Germany), IP address of your provider, number of processors in the PC and much more.
Each parameter on its own is harmless, but taken together, they form a unique picture called a digital fingerprint.
It is like a unique profile obtained from all this data that your browser provides to the server during a request.
So if the totality of all parameters appears again and again in different places on the internet, the trackers do not need cookies at all, the relationships are established via this fingerprint.
Example: There are probably only a few people who, like me, are sitting in the middle of Berlin right now, using a Mac Mini, using a Firefox browser with my plug-ins installed, my list of fonts installed, my screen resolution and many more parameters.
To use the image from the pub:
Even if no one knows your name: The 1.75 tall guy in the green jacket with the round glasses, the blue cap, and the short hair, who lives in Berlin Moabit, can also be recognised in other shops in the city and even without a tracking device in his coat pocket, if the corresponding agents are standing there and agree on the data among themselves.
By the way, I am only talking about surfing the internet via web browsers: If you use a smartphone and launch an app, you've lost anyway. It's like wearing a big sign with all your important data around your neck. Because with smartphones, you can be clearly identified immediately via the app id.
What can be done about digital fingerprinting on the internet?
To erase a digital fingerprint, you have to put in a lot of effort.
In the pub: Theoretically, I would have to show up in the pub in full disguise every time, and disguise my voice every time I order. And maybe order Kiba from time to time.
On the Internet: On the internet, the best protection at the moment is to use the TOR browser, which offers digital fingerprint obfuscation. If you want to know more about this, feel free to contact us.
Here is a collection of links to protect against data tracking:
