Privacy & Security / Sep 17 2019

What is online tracking and how do websites track you?

Today we will talk about how websites track you, which tools they use to do it and what information they can collect without your knowledge. We will tackle the privacy issue of web tracking, explain how you can try to avoid being tracked and shed some light on Koofr views on privacy.

Online tracking is essentially collecting data about users and their behaviour online. The purpose of it? Gaining insight into users, their behaviour and preferences. For organizations, companies, websites and others, these insights serve as powerful tools for optimising the user experience, for statistical purposes, customization, commerce and for profiling and targeted marketing. Mostly, it is not clear to users when or by whom they are being tracked and for what exact purpose their data is being used. So what do website use to track you?

Check out our video.

(1) IP address

When you use the internet, your computer can be identified by a unique number called an IP address - Internet Protocol address. An IP address is one of the basic options of identifying you on the internet and your rough location can be determined from it. We are not talking about locating you down to street level, but generally your city or area. As IP addresses can change over time and are often used by multiple people tracking a single user through time over them is not the most reliable, but this information can be combined with the information provided by other tracking methods to track your location. One way to hide your IP address is with the help of a VPN (virtual private network) software, which hides your IP address and encrypts your internet traffic.


(2) HTTP referrers

Every digital marketer or seller wants to know how their audience found them and their website. If they know where you came from they can engage you better. When you visit a website, the HTTP referrer (an HTTP header field) identifies the address of the webpage you came from. The referrer header passes this information to the webpage you are currently on. This information is usually used for promotional or statistical purposes. If you do not want this information to be shared, you can turn this off. One way to do it is with the help of extensions you can add to your browser.

(3) Cookies

Cookies, probably the most well-known and commonly used method of tracking users across multiple websites. Cookies are small text files stored on your devices for a certain period of time after you visit a website. They can contain your log-in data or details that help tailor a website and its settings specifically to you to improve your browsing experience. The strictly necessary ones make your website operate its basic functions so that you can visit it. But, they can also identify you and track your browsing activity on a website. The problematic cookies are the third-party cookies or tracking cookies that store your browsing history over a long period of time and across many pages.


They are used by advertisers to track you across multiple websites and link data together to profile you based on your browsing habits. While most third-party trackers are invisible, visible page elements such as Facebook like buttons and embedded Twitter feeds are modes of third-party tracking. Some websites give you the option to disable cookie tracking on their site, but this can also disable certain site features. If you want to opt-out of cookies you can enable the do not track settings in the privacy settings of your browser or use a private browsing mode. But these methods are not completely bulletproof.

(4) Tracking Pixels

A tracking pixel is a 1x1 pixel transparent image that tracks web traffic, site conversions, user behaviour and more. Though in some ways similar, unlike cookies, they cannot be disabled. When a user loads the webpage or opens the email, the tracking pixel is also loaded, enabling the sender of the tracking pixel (usually an ad server), to read and record that the webpage is loaded or the email is opened and similar user activities. The purpose of it? Getting insight into users for targeted marketing. They can acquire the information on the operating system used, type of website or email that you use (for example a mobile or desktop version), screen resolution, time the email was read or website was visited, activities on the website during a session and your IP address. Meaning, they can acquire extensive data about the users, without their knowledge. You can use browser extensions to make tracking pixels visible or use proxy servers to prevent the download of tracking pixels.

Proxy server acts as a gateway between you and the internet, providing data security, network performance and a high level of privacy.

(5) Supercookies

A supercookie is a tracking cookie designed to be permanently stored on a user's computer. While their function is similar to ordinary cookies - collecting data about your internet browsing history and habits, they are difficult to detect and remove. Supercookies store cookie data in multiple places and when a website notices that you've deleted a part of a supercookie, the deleted information is repopulated from other locations. There is no easy way to know a supercookie was added during an internet browsing session and there is no way to remove it like you would a normal cookie. They allow third parties to track you and adblockers can't block them. The way to protect your privacy is to only use HTTPS websites (those that use SSL or TLS certificates) or to use a VPN.

(6) User agents

A user agent is a line of text which identifies your browser and operating system to the webserver. Every browser has its own unique user agent and your browser sends its user agent to every website you connect to. The web server uses this information to show different web pages to different browsers and operating systems (for example the mobile version of the webpage to a mobile browser). The user agent tells the webserver which operating system you use and it can show you the appropriate content considering that information. They also gather browser market-share statistics. User-agent is the easiest to fake on the client-side, but beware, sending same user agent info all the time still provides a fingerprint of a sort.

(7) Browser fingerprinting

Browser fingerprinting relies on the uniqueness of your browser and is a highly accurate way of identifying you every time you go online and tracking your activity. From browsers, websites can determine your operating system, browser version, installed plug-ins and their versions, your operating system’s screen resolution, your installed fonts, your time zone, language, and other information, without your explicit permission. If you’ve disabled cookies entirely, that’s another piece of data that makes your browser unique. All of this information might not seem like much, but there is a very small chance for another user to have the exact same browser information as you.


Here you can check what your browser knows and can reveal about you, try AmIUnique to learn how identifiable you are online or Panopticlick to see how safe your browser is against tracking. Disconnect can help you protect your privacy on many platforms, by blocking most known advertising and data collecting services.

In the digital age, data is extremely valuable and can be used for many things, all of which are maybe not something you'd want to volunteer your data for. The methods for tracking users are always evolving and getting more creative. And while tracking isn't necessary, data collection has become a norm for many sites on the web.

But not all hope is lost. There are still services that respect your privacy and recently there are more of them being created in the light of privacy issues and security of data on the internet. And we would like to think that Koofr is one of them.

Our goal at Koofr is to hold as little personal data about our users as possible while being able to provide our service to you. We do not use any third-party tracking tools on our websites or in our services. We do not put any Cookies in your browser, with the exception of the one that keeps you logged into our application. All communication between you and our service is encrypted from the moment you land on our landing page. Content of your files is kept encrypted on our secure servers. Privacy of your data and information is at the very core of our values and services. And with every new feature, we come up with, considering privacy and the amount of data we would need to collect from users is the first step in deciding whether we should develop it or not.

Want to talk to us? Join us on the Koofr subreddit and let us know your views on privacy and web tracking!

Enjoyed this article? Why not check out what we do.

Related tags