Goodbye Profiling. Hello Privacy.

Profiling: What it is and how to stop it.

2022-06-30
Profiling on the web can be stopped. We explain how!
In 2021 publishers and shops have started to use a cookieless tracking technology. It's based on your email and login information, so you should know about it. Especially as you are even tracked without login. But you can easily stop being profiled and tracked! Here is how.
SIGN UP

Cookies - stored in your browser when you click the annoying little cookie banners that almost every website presents to you upon first visit - track you while you surf across the web. This profiling is used in marketing to enable companies to post targeted advertisements. But cookies have a hard time lately: Google and Apple, the owners of Android, the iPhone, and the Chrome and Safari browsers, are phasing out support for these so-called third-party cookies and mobile advertising identifiers.

Google in particular is probably not primarily concerned with data protection, but with hindering its competitors in the field of personalized ads - in order to get an even higher share of the $336 billion market for Internet advertising itself.

On top of that, the EU has declared cookie banners illegal as these are not compliant with the European data protection regulation GDPR. This - on its own - is good for consumers. The EU gave good reasons to declare cookie banners illegal: Cookies are usually not transparent enough, for instance they do not contain enough information or are too complicated to understand. Additionally, it is often too difficult to deny the tracking via cookies.

As a consequence, the marketing industry is working on an alternative. Silently, websites are switching to a new form of tracking of their website visitors: Profiling based on people's email address or phone number.

Profiling: What is it?

Profiling is used to track and group website visitors for marketing purposes. This enables the marketing industry to display targeted advertisements to individual users - either based on their individual profile or based on the group profile.

Profiling and tracking online is used to display targeted advertisements.

What is a tracker profiling you?

A tracker profiling you can either be a cookie (stored in your browser cache), or a personally identifiable information such as your email address or phone number.

The information collected about you while you surf the web is put together to create a profile. Tracking profiles are used to group users together, to profile and target certain users, and to sell the data collected to third parties.

Such profiling is heavily used in marketing. Companies buy and use these profiles for even more focused ad targeting.

How does profiling work?

The new cookie-less technology is gaining momentum as it also works without the support of the monopolists Google and Apple.

Identity providers register when a person logs into a website. This information is being passed on to advertising companies. This way they can recognize who is interested in what, even without cookies. Most of the times the email address is used as a unique identifier. For tracking purposes and to protect the identity of the person that is being profiled, the email address (or phone number) is usually hashed (=converted into a sequence of numbers and letters) that uniquely matches the original address like a fingerprint.

An example of profiling

Example of a profiling technique: Personalized advertising with an identity provider works via tracking people via their login data and their IP addresses (simplified example).

A person is registered at an online shop and clicks on a vacuum robot. The shop registers this information. The store then bids for an ad space on any ad-financed site - these auctions are fully automated and run within milliseconds. The advertiser can add conditions for their ad to be placed. In this case, the ad should only reach people who have viewed the vacuum robot before. The person that was previously logged into the store and has now also logged into a news site with the same email address, for example. The advertising platform can merge both logins as both are linked ot he same email address and display the vacuum robot ad on the news site.

Some sites go a step further and even track you via autofill: Your browser or password manager autofills certain fields, e.g. for an email address, to make a login easier. The site already registers these automatically inserted addresses to track you, even when you do not log in.

But advertising companies are still looking into ways to track you beyond this...

One identity for each household

To increase the tracking range, the identity provider also uses people's IP addresses. While the IP address only remains the same for about one day, the provider can still connect it to individuals over a longer period of time. As long as one person from the household is logged in at one service, an identity provider can simply track the IP changes.

This example will explain how the tracking works in this situation: Again, a person is looking for a vacuum robot, this time he or she is not logged into the shop or the site. However, a child in the same household is using an app with a login. The app leaks this information to the identity provider. The service recognizes that the app, the shop and the news site have been accessed from the same IP address and can thus collect behavioral data from the household under one profile. Through the login of the app, they can also track IP changes, knowing that is still belongs to the same household. Again - if it works as planned - the "right" person receives the vacuum robot ads.

How to stop being profiled

There are some very easy steps that you can take to stop being profiled and tracked while browsing the web:

1. Don't accept cookies: Usually, it takes a few extra clicks, but it is well worth it to deny cookies.

2. Do not enter your phone number on random websites.

3. Do not use password managers with autofill. In Firefox you can disable autofill.

4. Use ad blockers, on mobile preferable from F-Droid.

5. Use catch-all to create a separate email address for every website.

The last point is also the most important one: You can stop any tracking based on your email address if your email address stops being the same. Instead, use a unique email address for every website.

You can achieve this easily with Tutanota, for instance. When you use Tutanota with a custom domain, you can activate catch-all. This feature make sure that all emails sent to your custom domain are being received in your inbox - no matter the prefix of the email address.

This enables you to create a limitless number of email addresses - one for each website where you need to register, e.g. /amazon-login@yourdomain.com, /facebook-login@yourdomain.com, /twitter-login@yourdomain.com etc.

Unique email addresses are the best way to stop the new form of profiling.

A technical explanation of "How you are tracked without cookies using Identity Providers" can be found here.

SIGN UP
Author
Black and white picture of Hanna being shocked a bit.
Hanna is part of the Tuta team since the launch of the secure email client Tutanota in 2014. Over the years she has become an expert in explaining cryptography to the average internet user, making sure that everyone understands why privacy matters and how encryption helps to protect ones data on the web.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The Russian Hacker Group Sandworm is Back: New Kapeka Malware Secretly Infecting Systems Since 2022
Google Search Is A Problem: How Google Is Crushing Tuta.
20 years ago Gmail revolutionized email. It’s time for a new revolution!
If You Want Privacy, the US Congress Is Saying You Are A Criminal
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate