10 ways a website can betray your privacy

Click here for more

There are dangers to your privacy lurking in every nook and cranny of the internet, although not everyone takes them seriously. You may trust that larger companies wouldn’t stoop so low as to collect information from you and exploit it to make money, but here at TechRadar Pro, we wouldn’t put it past them. 

When you visit virtually any website, the chances are that the company behind that website is learning more about you. Typically, this is so they can show you more relevant advertising based on what you’ve searched for and looked at in the past, a technique called targeted advertising. In other cases, though, they’re selling your information on to other companies who want your money.

We’ve looked into 10 specific methods that websites use to pry information out of your devices, usually without your knowledge or consent. Despite the common misconception that the internet is anonymous, this couldn’t be further from the truth, as more and more organizations find ways around laws prohibiting them from simply taking your name and address straight from your Contacts app.

1. Tracking your browsing history

The moment you land on a website that wants your data, it’s going to start swiping your browsing and search history from right under your nose, and save it for later analysis. More often than not, as we've mentioned, this is then used for marketing products and services that are relevant to your online behavior. 

It’s creepy, we know, which is why you should always use a VPN where possible. Some sites do allow you to opt out of being tracked, although we can assure you that this feature isn’t especially easy to find on the rare occasion that it exists at all.

2. Super cookies

If a cookie keeps track of your site visits and activity, then a ‘super cookie’ is a cookie that tucks itself away from the main cookie database. Some of these go as far as storing themselves in more than one location, and reactivating old cookies that you went out of your way to delete. 

Websites use these super cookies to monitor the routines of those who are smart enough to remove their browsing history and cache. By peering into the data of your other installed web browsers, super cookies are particularly sneaky pastries. 

When in doubt, some websites use elaborate schemes to identify which device you’re using. This is called cookie syncing, a process that allows organizations to share information with each other and string together the identification numbers they’ve all assigned to you. A conglomerate of sites can all work together to use the data they’ve collected from you more effectively.

And you have no idea that this is happening… well, you do now, but you get the idea. The goal is to ultimately build up a better picture of you, and your browsing habits and interests.

4. Ditching anonymity 

Everyone thinks they’re anonymous on the internet – and they are to a certain extent. The fact is, your real name is irrelevant to advertisers, which is why they refer to you as a number that they’ve assigned to you internally. Using this number they can determine how much you’re willing to spend, and on what. 

In the United States, the National Security Agency (NSA) can use these identifiers collected by advertisers to more target suspect individuals; in effect, these newer, third-party algorithms for collecting data are doing some of the NSA’s job for it.

5. Selling your personal information

Whenever you purchase something at a store and are asked to provide your email and/or mailing address, you run the risk of that company selling off your personal information to advertisers – it’s why you sometimes get unsolicited emails in your inbox from senders you’ve never heard of, and don’t recall giving your details to. 

Larger, well-known companies don’t normally engage in this practice as they have reputations to protect. However, any company is vulnerable to data breaches, and should one occur there’s no telling how widely your private information could be disseminated.

6. Device-based pricing 

There’s evidence out there to suggest that the prices of products and services can increase or decrease depending on the device you’re using to shop online. Back in 2012, for instance, it emerged that travel website Orbitz was giving Mac users pricier hotel options than those searching on PCs – which is rather presumptuous, as a moderately specced PC can cost just as much, if not more, than a Mac. 

7. Social media tracking scripts

When you use a social network like Facebook or Twitter you’re agreeing to let those companies do pretty much whatever they want with your personal data, and that includes data collected by tracking scripts found outside of the networks themselves. In the case of websites that have the Facebook ‘Like’ icon embedded, for example, Facebook can store a cookie on that site to save your login state.

The company can use the information gleaned from this to identify you, and use its algorithms to target you with advertisements based on the websites you visit.

8. Browser fingerprinting

You may not be using your actual fingerprint to run Google Chrome or Firefox or Opera, but that doesn’t matter because your browser configuration is as unique as the pattern on your anatomical digits. The version you’re running, along with the plugins you have installed and their specific versions, make it easy for sites to identify who you are. 

In a process called browser fingerprinting, companies use that data, in addition to your screen resolution, installed fonts, time zone and more, to collect information about you. And if you’ve disabled cookies to prevent such tampering, even that’s a feature that helps to make your browser distinct.

9. Browser user agent

Every time you open a website your browser forwards it a line of text that identifies both your browser and your operating system, and this information can also be used to generate targeted ads. Essentially, your browser is telling the website whether you’re using Safari on an iOS device, Chrome on Windows 10 and so on.

Using this information, a website can determine whether to tailor its ads to a mobile device or a desktop. It can also be used to deliver ‘Please upgrade your browser’ messages to those still clinging onto Internet Explorer.

10. HTTP referer

No, you don’t have to correct us: the ‘referrer’ in ‘HTTP referer’ is spelled incorrectly on purpose. It’s a term that describes the header that stores the details of where you’re coming from when you’re redirected to a new website. So, if you’re browsing TechRadar and you click a banner ad, the HTTP referer stores the fact that you were visiting TechRadar.

The HTTP referer can be sent to the new site and, from there, the site administrators or algorithm can deduce two things about you: where you’ve been, and where you are now. And this information can be used to – yep, you guessed it – put yet more targeted ads in front of your eyeballs.

Security Week by TechRadar Pro is brought to you in association with CyberGhost.

Gabe Carey
Gabe has been writing about video games and technology since he was 16 years old. Currently serving as a Contributing Editor & Producer for TechRadar, where he keeps articles fresh and up to date on the reg, you may recognize his byline from Digital Trends, TechSpot and Kotaku UK. He can't tell if his adoration of Sonic the Hedgehog is genuine or ironic anymore.