Everything You Do Online Is Being Tracked (Here's the Proof)
Cookies, fingerprinting, tracking pixels, and invisible beacons. A transparent look at how online tracking works and what you can realistically do about it.
Open your browser’s developer tools (F12). Go to the Application tab. Click “Cookies.” Look at how many cookies are stored for the site you’re currently visiting.
Surprised? Most websites set 20-50 cookies. Some set over 100. Each one is a piece of tracking data about you.
Here’s how the tracking machine works.
Layer 1: Cookies (The Obvious One)
Cookies are small text files websites store on your computer. Some are necessary (keeping you logged in). Many are tracking pixels from ad networks that follow you across every website you visit.
When you visit Site A, an ad network sets a cookie. When you visit Site B (which uses the same ad network), they read that cookie and now know you visited both sites. Multiply this across thousands of sites and ad networks have a disturbingly complete picture of your browsing habits.
Layer 2: Browser Fingerprinting (The Sneaky One)
Even if you block all cookies, websites can identify you by your browser fingerprint. Your combination of:
- Browser version
- Operating system
- Screen resolution
- Installed fonts
- Graphics card
- Time zone
- Language settings
…is often unique enough to identify you specifically. Research shows that 83-99% of browsers have a unique fingerprint. No cookies needed.
Layer 3: Tracking Pixels (The Invisible One)
Marketing emails contain a 1x1 pixel transparent image. When you open the email, your email client loads that image from a server. The server logs: your IP address, the time you opened it, your email client, and your device.
The sender now knows you opened their email, when, where, and on what device. All from an invisible pixel you never saw.
Layer 4: Link Tracking (The Obvious-When-You-Know One)
Ever notice URLs with ?utm_source=newsletter&utm_medium=email at the end? Those parameters tell the website exactly where you came from. Every marketing link is tagged so companies know which campaigns drive traffic.
What Can You Actually Do?
Block third-party cookies. Safari does this by default. Chrome: Settings > Privacy > block third-party cookies. This stops the biggest cross-site tracking vector.
Use browser extensions. uBlock Origin and Privacy Badger block most trackers without breaking websites.
Disable remote images in email. This kills tracking pixels. Apple Mail’s Privacy Protection does this automatically.
Strip tracking parameters from URLs. Before sharing a link, remove everything after the ?. The link still works. The tracking doesn’t.
If You Build Websites
If you run a website, you’re legally required (in most jurisdictions) to inform users about tracking. Generate a proper cookie policy and privacy policy.
Check your site’s security posture with a security headers analyzer. Implement a Content Security Policy to control what third-party scripts can run on your site.
The Realistic Approach
You can’t eliminate tracking entirely unless you go full Tor-browser-on-Tails-OS (respect if you do, but that’s not practical for most people). What you CAN do:
- Block third-party cookies
- Use privacy-focused browser extensions
- Disable email tracking pixels
- Be aware that it’s happening
Knowledge is power. You can’t stop all tracking, but you can make informed decisions about what you share and with whom. And that’s a better position than most people are in.