12.11.2021, Website maintenance

I know what you did on the Internet

A viewfinder for facial recognition is aimed at passers-by crossing the street. The image symbolizes the question: What is tracking?

We often get questions like this:

I have an Instagram account for my business. Why do I get suggestions for my private hobbies and preferences there, even though I'm logged in with my business email?

Or:

How does Amazon know what I want to buy before I have even searched there?

In order to understand "data tracking", i.e. the reading and collection of user data on the Internet, you need a little understanding of the basic architecture of the Internet, more precisely of so-called "requests" and "responses".

As this is getting technical and therefore probably totally boring for you, let's go to the pub instead.

To a special pub.

Imagine you're in this particular pub and you call out to the landlord "Hey Dieter, make a large Helles clear" (or a rhubarb spritzer).

This is the request. On the Internet, your browser or cell phone has just sent a request to a server. There is no beer (or rhubarb spritzer) on the Internet, but there is data in the form of images, videos or text.

When Dieter has listened, he nods briefly in annoyance, taps the beer (or the rhubarb spritzer) and pushes it under your nose.

On the Internet, this would be the so-called "response". It means that Dieter, the server has successfully interpreted your request and the data is transferred locally to your computer.

Your local browser such as Firefox or Chrome or Safari then interprets the data again and as a result you finally see the video, a shopping product or can log in somewhere.

Back to Dieter's pub.

Unfortunately, Dieter is also dependent on advertising revenue, which is why there are not only normal guests there, but also dozens of employees from advertising departments standing next to, in front of and behind you at the bar and watching you with interest.

When you order your Helles (or rhubarb spritzer), they become active: they keep a close eye on what you ordered, what time it was, what clothes you were wearing, whether you were in a bad or good mood when you ordered, and so on.

Every detail is observed. They then call their clients and report all their observations in detail.

This is exactly what happens on the Internet when you land on a website in which scripts from third-party providers are installed, which in turn communicate with their client (request - response). This can sometimes involve dozens of scripts per website.

But it gets even more bizarre. The boss of the agents not only notes down all the information, but also immediately gives his spies the order to hide a tracking device in your coat pocket, which they immediately do. In no time at all, your pockets are full of tracking devices - every marketing company has its own little transmitter.

On the Internet, these are the so-called Third-party cookieswhich in principle take on the function of transmitters so that the agents always know exactly where you are coming from and where you are.

As soon as you leave the pub and go to a new pub, store, church, sports club or wherever, the advertising agents know your location, where you came from and what you were doing there.

On the Internet, this would be a visit to a website and how you behaved there. Have you looked at a product? "Aha" - is saved. You are on the page for more than 3 seconds? "Interesting", is saved. You are on the page for less than 3 seconds? "Aha", probably doesn't like it, will be saved. The collecting mania knows no bounds here.

And then the process starts all over again: your tracking devices are read out, information is passed on and your transmitter is renewed.

This is the simple form of tracking.

What can I do about the "tracking devices"?

Fortunately, there is an easy way to get rid of these tracking devices on the Internet: Delete the cookies from your browser as regularly as possible or use them in the first place the incognito mode (private mode) in your web browser.

In addition, the DSGVO or GDPR requires third-party cookies to be listed and the user has the option of explicitly consenting to being "tracked".

So is it that simple? Can you just deactivate your cookies and be left in peace?

Unfortunately not. In addition to cookies, there is a second major area through which your data is collected, namely:

The digital fingerprint or your appearance in Dieter's pub...

When your browser makes a request to the server, it also provides the server with lots of parameters so that the corresponding response can be guaranteed. For example: operating system, screen resolution, browser manufacturer, installed fonts, location (e.g. Germany), IP address of your provider, number of processors in the PC and much more.

Each parameter on its own is harmless, but together they form a clear picture, which is called a digital fingerprint.

It is like a unique profile that is obtained from all of this data that your browser sends to the server during a request.

So if all the parameters appear again and again in different places on the Internet, the trackers do not need cookies at all, the relationships are established via this fingerprint.

Example: There are probably only a few people who, like me, are sitting in the center of Berlin, using a Mac Mini, a Firefox browser with my installed plug-ins, my list of installed fonts, my screen resolution and many more parameters.

To take the picture from the pub:

Even if nobody knows your name: The 1.75 tall guy in the green jacket with the round glasses, the blue cap and the short hair, who lives in Berlin Moabit, can also be recognized in other stores in the city and even without a tracking device in his coat pocket, if the corresponding agents are standing there and coordinating the data among themselves.

By the way, I'm only talking about surfing the Internet via a web browser: If you're using a smartphone and launch an app, you've lost anyway. It's like wearing a big sign with all your important data around your neck. Because with smartphones, you can be clearly identified immediately via the app ID.

What can be done about the digital fingerprint on the Internet?

It takes a lot of effort to erase a digital fingerprint.

In the pub: Theoretically, I would have to show up in the pub in full disguise every time and disguise my voice every time I order. And maybe order Kiba from time to time.

On the Internet: On the Internet, the best protection at present is the use of the TOR browser, which offers digital fingerprint obfuscation. If you would like to know more about this, please contact us.

Here is a collection of links for protection against data tracking: