Tracked, not traded: How web tracking works

In one of my first posts, I'd like to take a stance on the topic of web tracking. As someone who has experience with data, particularly web data, I'm almost a bit paranoid about the subject. However, it's also worth saying that web tracking can be useful in many ways.

Tracked, not traded: How web tracking works

In one of my first posts, I'd like to take a stance on the topic of web tracking.
As someone who has experience with data, particularly web data, I'm almost a bit paranoid about the subject.
However, it's also worth saying that web tracking can be useful in many ways, as long as the operator considers certain points that benefit the site visitor, rather than just prioritizing granular data collection.
This may work for some, but not for others.
The latter can be countered with a few points, so that web data is not collected in the way the operator wants.

Also, I would like to highlight that many privacy tools or Bitcoin-related websites and tool providers do statistics. Because simply, it helps them to improve the product. And they do it without collecting a huge amount of data or even PII (Personally Identifiable Information), which refers to any data that can be used to identify, contact, or locate an individual, such as names, addresses, phone numbers, email addresses, social security numbers, and other unique identifiers.

But enough of the chatter, let's take a closer look at the details.

Collecting web data - what's the big deal?

Data protection is a pretty big thing online these days. With all the data breaches and surveillance scandals, people want to keep their personal info safe. And fair play to them - data protection is a fundamental right, after all. It's not just governments and organisations that need to respect it, either - companies and website operators have a responsibility too. Okay, I know some of them aren't always spotless when it comes to data protection and privacy, but let's assume they're all trying their best.

When it comes to website operators, I reckon a lot of them use web tracking without really thinking about it. There are loads of websites run by sports clubs, local businesses, and local services that probably don't even realise they're using web tracking. And then there are many other websites from eg. nurseries, schools, blogs, the list is endless... - some of them might not be tracking anything, while others are just going for it without much thought.

So why is this happening? I think it's because web tracking is often just a plugin or feature that comes with the website framework. Developers stick it in without thinking, and then Google Analytics is tracking everything it can. Some people actually want web tracking, but others just aren't thinking about it and aren't collecting any data.

Why it makes sense to collect website data

I'd say that every website needs time and effort to create new content and maintain it. Every now and then, you need to take a look at the backend or deal with technical stuff. And as we all know, time is money. So it makes sense to know what is happening on the website. Especially if you make your knowledge available.

Think of it like this: when you walk into a shop, say a bike shop, the owner wants to know which areas of the shop are getting the most attention. They want to know which products are in demand and how to display them so customers can find them easily. And if they know which bikes in the window are getting the most looks, they can place them strategically. It's the same online. If I have an e-commerce store or a blog, I need to know what my visitors are interested in. I need feedback to know what's working and what's not. In short, without website analysis, my online offer is like shooting in the dark. I have no idea what my visitors want, unless I have an e-commerce store where I can track sales through orders.

OK, OK - you're being tracked

So, we assume you're being tracked, but it still makes a difference how you're being tracked.
Are data being collected just to measure the site's performance?
Note: Every server has default logging, which can already give you some insights. Server logs can already provide data on visitor country, browser, visited pages, etc. to some extent.

Web tracking for site stats - no user data involved

As I mentioned earlier, there's a way to collect data on how people use your site, which, in principle, is okay (at least for me) as long as you're not assigning a unique ID to each user, such as an email address or account login. Normally, tracking tools offer this feature, where each user can be recognised by their account ID and all their interactions can be tracked across multiple visits. Usually, a cookie is created on the first visit, which allows the tool to identify the user even if they're not logged in. You can think of it like going to a club and paying for entry: you get a wristband or stamp that lets you come back any day that weekend, because you have that identifier on your wrist or forehead. As long as you don't remove the wristband or wash off the stamp, you retain that recognition marker.

In principle, it's not so dramatic; everyone can decide for themselves whether they want to keep that identifier or delete all their browsing data when they close their browser. Simply check your browser settings to see what options are available.

But let's assume website owners are not tracking any user data and are only logging which pages are visited, along with the time of day and how long people stick around. And all this happens without cookies, and users are not identified across multiple visits.

Actually, it's not so bad; plus, everyone should be aware that there are ways to block tracking, which I'll tell you more about soon.

Web tracking to bombard users with ads

Now we're getting to the dodgy and "evil" side of web tracking. Collecting user data, drawing conclusions from it, sharing it with others, and then creating marketing segments. Let me illustrate this with an example. For instance, a user visits a shopping site and purchases a black T-shirt with red skulls. Initially, the system must process the purchase in the backend, and the user will inevitably be added to the provider's database, as this is necessary for the purchase to be processed. However, what often occurs is that this interaction is transmitted to Meta via a Facebook Pixel and also stored in the site owner's GA4 (Google Analytics). This creates several opportunities. Meta now has more information about this user, and target audiences can be created for advertising purposes within Meta. Moreover, since you are using the same device, browser, or app on Facebook, Meta can gather more information about you and your purchasing habits through various means. The website owner can subsequently use Facebook to target you with paid advertisements when they have a similar product in stock again. This might be useful if you are interested, but annoying if the item was actually a gift for your grandchild's 20th birthday. The information is also transmitted to Google. The user can create target audiences in their GA4 to gain more detailed insights into their page visits (which is not necessarily problematic), or use them for advertising purposes (which is more debatable). Particularly when you are using the Chrome browser with a logged-in Google account, or, even more concerningly, an Android phone with a permanently logged-in Google account, more complex data collection occurs, with cookie IDs, user account IDs, and various attributes providing a detailed picture of your preferences. However, do not worry, as there are ways to restrict this data collection. I will discuss this further in a future post.

I think that's enough for now to give a small impression; we're only scratching the surface, and describing everything in detail would make the post too long. To conclude, I recommend taking a few next steps if you're interested in knowing what's being tracked.

What can I do to find out what's being tracked?

If you want to know what's being tracked on a website, you can install the Brave Browser. It's a handy tool that gives you an overview of all the unwanted tracking scripts that are running on a site, and it blocks them for you. Just visit a website of your choice, and you'll get an idea of what's going on. The following screenshots show you what I mean.

Brave Browser identified 20 tracking scripts/tools.

As you can see on page load, the Brave Browser already detected 20 different requests that are considered as tracking or not required. They are blocked by default.

Brave Browsercan list them as well.

You can also view a detailed list of trackers and ads.
But if you want to have the full picture, you can use a browser extension like Omnibug.

With Omnibug, you can see each tracking request or script loaded one after another, from top to bottom.

Many professionals in the marketing and advertising fields, who may not be familiar with reading a browser's network tab or checking the data layer in the browser console, rely on Omnibug to determine what is actually being implemented. They use it to verify if scripts have been injected correctly via Google Tag Manager or other tag management tools, and if the attributes contain the correct details. You can also use Omnibug to gain insights into what's happening on websites across the internet. For a more detailed understanding, you can open the individual requests and examine the data that's being sent.

A GA4 Event and it's information

So, just to show you what's going on, the images above show the data that's sent to Google when you close the "global-privacy-banner" on a website. You can see that your Google Cookie ID (also known as "client ID") is included, along with an event called "category-action" and some other details.

If you're curious about how this works, the next image explains it. It shows how Google Tag Manager is used to trigger the data sending process. Basically, it detects when you click on a certain element on the page, and that triggers the data to be sent to Google Analytics 4 (GA4).

To wrap things up

This post is meant to give you a glimpse into what's actually happening in your browser. Yeah, I didn't dive too deep into the details, and I covered the different points pretty quickly - we're just scratching the surface here.

If you're still interested in learning more, or if you'd like to pick my brain, feel free to get in touch. I've got experience in tracking websites cleanly and efficiently, and I can even help you come up with a concept. Maybe you'd like to chat with me about it?

But what's more important to me is that you start thinking for yourself about the point of web tracking. I mean, take the example above - why on earth is every single click being tracked? What's the point of tracking the closing of a banner on a website where you can't even opt out of tracking tools anyway?
But let's be real, it's clear that a lot of this tracking is just about marketing and making money. However, we also know that if you use the right tools, you can prevent this kind of tracking. And it's not all bad - some websites just want to collect basic stats to understand what's going on, without using any sneaky marketing tactics.