What are trackers? Understanding how they affect your online privacy

Trackers are technologies that collect information about how you use websites, apps, and online services, often without your knowledge. They can track what you click, what you search for, how long you stay on a page, and more. Some trackers operate on a single site, while others can follow your activity across multiple sites and across devices.

Companies use trackers to help them understand how people use their sites, improve features, and deliver relevant ads. But trackers can also pose a threat to your privacy. Because they come in many forms and work across multiple sites, it can be difficult to tell who is collecting your data, how much they gather, and what they do with it.

This guide will describe what trackers are, how they operate, and what tools you can use to limit or block them.

What is a tracker?

A tracker is a tool embedded within digital services that observes and records aspects of your online activity, such as your browsing patterns. Different types gather different kinds of information, from basic visit data to more detailed interaction or device-level signals.

Some trackers are easy to understand, like tracking cookies that store identifiers in your browser. Others operate invisibly in the background, such as browser fingerprinting techniques that identify you based on your device and software characteristics.

Why trackers exist

Trackers exist because websites and online services rely on user data to operate effectively, improve performance, and support their business models. Some trackers are helpful for users, while others primarily benefit website owners, advertisers, or third-party data collectors.

Common uses for trackers include:

• Save preferences and session details: Trackers store details such as your login status and items in your shopping cart. When you return to the site or move from page to page, the tracker recalls these details instantly so the site doesn’t reset your experience. This reduces friction and prevents you from having to repeat actions like rebuilding your cart.
• Improve the website or app experience: Trackers monitor which pages you visit and how long you stay on a page. Website owners use this data to pinpoint bottlenecks like broken buttons, clunky menus, or pages with high drop-off rates. They then leverage these insights to repair those weak spots and improve performance.
• Personalize content: Digital tracking tools monitor what you click, search for, and return to frequently. Websites use these patterns to surface relevant articles, show product recommendations based on your past browsing, adjust the homepage layout to your browsing habits, and tailor messaging based on your region, device type, or previous visits.
• Serve targeted advertising: Trackers can follow your activity across different sites to build an interest profile that advertisers can use to show you ads related to things you care about. This ad targeting helps companies spend money more efficiently and allows websites to earn revenue without charging users directly.
• Track across devices and sites: Certain tracking systems link your activity across multiple devices and sites using unique identifiers like ad IDs, account logins, or browser characteristics. This helps build a more complete picture of your online identity.
• Share or sell data: Websites often share or sell data to analytics companies, advertising platforms, social media networks, and business partners. These third parties may combine data from many sources to identify trends, run market research, and improve their targeting models.
• Support law enforcement investigations: In some cases, law enforcement agencies use specialized web-tracking technologies during digital investigations. These techniques differ from commercial trackers, but may involve tracing online activity or linking devices to specific accounts.

Who uses trackers?

Many different organizations use and benefit from trackers. These include

• First-party websites: Often place trackers on their own pages to remember things like login status, language choices, or items in your cart. For example, a login cookie helps a site recognise you when you return.
• Third-party tracking services: Advertisers, analytics companies, and social media platforms embed cookies, scripts, or pixels on many different websites. This lets them follow users across sites and build a broader picture of their browsing habits.
• Data brokers: Often receive tracking data from partner sites, apps, or advertisers. They can link identifiers and combine datasets to create detailed profiles, even if they don’t use trackers directly themselves.
• Regulatory or government bodies: May gain access to tracking data through legal processes during investigations. Generally, they rely on data collected by websites and advertising companies rather than deploying their own trackers.

Other companies may also share or exchange data derived from trackers with business partners, depending on their business model and privacy practices.

What do trackers do?

Trackers work behind the scenes on websites and mobile apps to log aspects of your online activity. They collect data about your interactions, and then companies use that information to build insights about you. These insights can enable more advanced functions, such as predicting your interests or showing you personalized ads.

Data collection

Trackers gather different types of information each time you visit a website or use an app. For example, they might record:

• Your IP address
• Your browser or device type
• The search terms you used
• Your time on the site
• The pages you visited
• The links you clicked

Trackers are implemented using mechanisms like cookies, tracking pixels, and fingerprinting scripts. Because these tools often run in the background, trackers can build detailed records of your behaviour without your awareness.

Behavioral profiling

Companies translate the data they get from user activity tracking into a profile of your interests or habits. They might note that you visited several pages about gym wear and build a “fitness-enthusiast” profile, for example.

These behaviour-based profiles help companies guess what you might like, which ads you’re likely to click, and what content you might engage with. They may also combine this with other data they hold, like demographic or location information, to refine their predictions.

Targeted advertising

The data collected by trackers allows advertising platforms to deliver ads tailored to your interests. Third-party digital tracking lets advertisers show you content or ads based on your online activity. For instance, visiting an online T-shirt store might lead to seeing T-shirt or clothing ads elsewhere.

You may see ads for things you just browsed, or things you might not realise you’re being nudged toward. While this can feel helpful, it raises privacy concerns because it means your browsing behaviour (and sometimes personal data) is being used to influence what you see online.

Types of online trackers

Online trackers come in many forms and can use a variety of techniques to log your activity.

Tracking cookies

A tracking cookie is a small block of data, usually containing a unique identifier, that a website’s server sends to your browser, and your browser stores on your device. Each time your browser loads a page from that domain, it automatically sends the cookie back, allowing the server to recognize that it’s the same browser returning.

Cookies serve many roles, such as enabling a website to remember that you’re logged in, keeping your shopping cart items, or recalling your preferences, such as language or region. When combined with scripts or server logs, the identifier in a cookie can also let sites track actions such as which pages you visited, which buttons you clicked, or which items you abandoned in a cart.

Some cookies are set by the website you’re visiting (first-party cookies), while others are set by external services like advertising networks (third-party cookies). Third-party cookies can track you across many websites.

Cookies persist for different durations. Some vanish when you close your browser (session cookies), while others stick around for days, weeks, or months (persistent cookies). Because they’re stored on your device and sent back automatically, cookies can accumulate detailed histories without you explicitly noticing.

Web beacons (pixels)

A web beacon (also called a pixel tag, clear/invisible GIF, or tracking bug) is an almost-invisible element of a webpage (often just a 1×1 pixel) that sends a signal to a server when the page loads or the message opens.

When your browser loads that tiny image or element, it triggers a request that may include your IP address, browser type, time of access, and any cookies set by the same domain. It’s one of many methods advertisers and analytics firms use to gather data points about your behaviour and preferences while you interact with websites.

Beacons can also be used for activity tracking across emails. They let senders know when you open a message and sometimes even what device you used. This happens because your email client loads the invisible image, which triggers a server request. However, modern email clients usually prevent this: they download the attached images when the message is received and cache them on their servers. This means the server hosting the tracking pixel can't accurately tell if or when you opened the email.

Browser fingerprinting

Browser fingerprinting uses scripts and APIs to collect details about your browser and device. It then uses these insights to create a unique “fingerprint” that can identify you across visits and websites. These details could include your browser version, operating system, screen resolution, installed fonts, and language settings.

Sites and ad networks use this fingerprint to track your behaviour, serve ads, or detect returning users. Because browser fingerprinting doesn’t rely on storing a file on your device but instead on the passive collection of attributes your browser divulges, it’s hard to avoid. In other words, even if you clear your cookies or block trackers, you can still be recognized.

Canvas fingerprinting

Canvas fingerprinting uses the HTML5 <canvas> element to draw hidden text or graphics in your browser, then captures how those graphics render on your device. Since each machine renders visual output (text rendering, anti-aliasing, graphics card processing) slightly differently, the site can take the resulting image data and create a unique fingerprint for your device.

Once the fingerprint exists, the site (or a third-party tracker embedded on the site) can recognize your device on future visits, even if you clear your cookies, switch browsers, or use private mode. This makes canvas fingerprinting another stealthy and persistent method of cookieless tracking.

Supercookies and evercookies

Supercookies are more advanced (and much harder to remove) than standard cookies. They sit outside the usual browser cookie storage and exploit deeper or less visible storage locations, such as the cache or hidden data stores, to persist longer and resist deletion.

Evercookies take the concept even further by using multiple storage mechanisms simultaneously and creating a kind of “zombie” cookie that resurrects itself after deletion. If you delete one or more of those storage spots, the evercookie uses the remaining ones to restore your identifier, then repopulates the cleared spots, making deletion very difficult.

Because supercookies and evercookies persist, they raise significant privacy concerns. Trackers using these techniques can continue linking your activity across sessions, even if you clear your browser cookies or use incognito mode.

By exploiting non-traditional storage locations, these cookies circumvent the standard controls you rely on to stop tracking. This means your digital footprint remains more visible and accessible to companies or third parties tracking you, often without you knowing.

How trackers work on different platforms

Trackers adapt their methods depending on whether you’re using a mobile device, a desktop computer, or a specific browser. While the goal remains the same, the techniques shift to suit the platform’s features, capabilities, and settings.

Mobile devices

On mobile, tracking often combines data from apps, browsers, and device sensors to monitor your activity. Some apps can collect information even when not actively in use, though modern operating systems restrict this. Mobile devices also broadcast signals such as Bluetooth and Wi-Fi, which can be used to infer activity.

For instance, iPhones can act as Bluetooth beacons, detect when your device is near a specific location, and log that interaction. That's why you might be seeing a Dolce & Gabbana ad after walking past a perfume shop.

Also, mobile networks and carriers can log details like device identifiers, approximate locations, and connection history as part of their standard service. Third parties may gain access to this information via app software development kits (SDKs), partnerships, or lawful requests, helping them to build richer profiles.

Desktop devices

On desktops, trackers typically rely on browser-based tools like cookies, browser fingerprinting, and hidden scripts, like tracking pixels or beacons. They can record things like which websites you visit, how long you stay on each, and what you click. Since desktops often handle more browsing sessions and multiple open tabs, trackers can gather richer behavioral patterns and more precise fingerprints than on some mobile devices.

Browsers

Browsers vary in how strictly they enforce tracking protections, so the level of privacy you get depends in part on the browser you choose and how you configure its settings.

Safari

Safari includes two built-in privacy systems: Intelligent Tracking Prevention (ITP) and an anti-fingerprinting tool. Both protections are enabled by default on macOS and iOS. ITP limits cross-site tracking by blocking or restricting cookies used to track users across websites. It still allows essential site functions, such as staying logged in or saving items in a shopping cart, but it makes it harder for advertisers to build long-term cross-site profiles.

Meanwhile, Safari’s anti-fingerprinting protection reduces the uniqueness of browser attributes like screen size and font settings, so your browser looks similar to others. This makes it harder for trackers to identify unique characteristics.

Chrome

Chrome allows third-party cookies by default, but you can block them if you prefer; doing so stops sites from using them to personalize content or ads or track you across other sites (unless you allow it), though sites can still use their own cookies, and some features may not work.

It's also possible to stop trackers by sending a "Do Not Track" request. However, how websites respond and what they do with your data depends on how they interpret the request.

Firefox

Mozilla Firefox’s Enhanced Tracking Protection, which is enabled by default in Standard mode, blocks many third‑party trackers, including social media trackers and cross‑site tracking cookies. It also blocks known fingerprinters and cryptominers.

However, its fingerprinting protection isn’t total in Standard mode; more aggressive protections are available in Strict or Custom mode.

Edge

Edge gives you three levels of protection for tracking prevention: Basic, Balanced (the default), and Strict. At Basic, the browser blocks only known malicious trackers, and at Balanced, it blocks harmful trackers and trackers from sites you haven’t visited while maintaining normal website functionality.

Finally, Strict mode blocks most trackers, including those from visited sites, but some websites may lose certain features or break because content that relies on third-party trackers is blocked.

Are trackers dangerous?

While tracking technologies often serve practical purposes, their ability to monitor, profile, and share information can also lead to harmful outcomes when organisations misuse or unintentionally expose data.

Risks to user privacy

• Loss of control over personal data: Trackers can collect detailed information about your browsing habits and device settings without your knowledge, limiting your ability to control what others learn about you.
• Cross-site and cross-device tracking: Trackers can link your behaviour across websites or devices, creating extensive profiles that reveal your interests and routines.
• Exposure through data breaches: If a company fails to protect the data trackers collect, your information can be leaked or accessed by cybercriminals.
• Lack of transparency: Many services don’t clearly explain how they use tracking, making it difficult for you to make informed decisions about your privacy.

Examples of data misuse

• Unauthorized sharing of health data: Some data-collection technologies used on healthcare sites can improperly send sensitive health information to third parties, which violates the Health Insurance Portability and Accountability Act (HIPAA) restrictions on the use of trackers.
• Commercial exploitation by data brokers: Companies may collect browsing data, location details, and device identifiers, then sell or use them for targeted advertising without explicit consent.
• Discriminatory profiling and targeting: Profiles built from tracking data can lead to unfair treatment such as differential pricing, biased advertising, or other forms of digital discrimination.
• Weak security practices: Organisations that store large amounts of tracking data may not adequately secure it, increasing the risk of theft or misuse.

How to stop trackers

Stopping trackers means taking control of your online presence and making simple changes that improve your privacy. Here are practical steps you can apply across devices and browsers to reduce how much you’re monitored online.

1. Adjust browser settings

In Google Chrome

1. Open Chrome, click the three-dot menu, and select Settings.
2. Go to Privacy and security > Third-party cookies.
3. Select Block third-party cookies.
4. On the same page, under Advanced, toggle on Send a ‘Do Not Track’ request with your browsing traffic. This feature sends a request to websites not to track your browsing activity. However, note that “Do Not Track” is honor-based, so websites may or may not respect it.

In Safari (Mac)

Tracking prevention settings are usually activated by default, but in case they’re not:

1. Open the Safari menu, then navigate to Settings.
2. Click Privacy. There, you can check Website tracking to enable Intelligent Tracking Prevention and Hide IP address to protect against fingerprinting.

In Safari (iPhone or iPad)

1. Open the Settings app and navigate to Apps.
2. Click on Safari.
3. Scroll down to the Privacy & Security section and ensure Prevent Cross-Site Tracking is enabled to get Intelligent Tracking Prevention, and Hide IP Address is enabled to protect against fingerprinting.

In Mozilla Firefox

1. Open Firefox, click the three horizontal lines at the top right corner, and select Settings.
2. Go to Privacy & Security and choose your preferred mode in Enhanced Tracking Protection (ETP) under Browser Privacy.

In Microsoft Edge

1. Open Edge, click the three-dot menu at the top right corner, and select Settings.
2. Go to Privacy, search, and services > Enable tracking prevention.
3. Enable tracking prevention if it isn’t on already. Choose the mode that best fits your needs: Basic, Balanced, or Strict.

2. Use a virtual private network (VPN) for protection

If you connect to a website through ExpressVPN, the site sees the VPN server’s IP instead of your device’s real IP. This prevents trackers from building a profile based on your physical location or your unique IP address.

VPNs also secure your connection on public Wi-Fi networks, stopping third parties from intercepting your traffic. However, a VPN won't prevent tracking through cookies, browser fingerprinting, or logged-in accounts; it mainly just protects your connection and prevents IP-based tracking.

3. Install anti-tracking extensions

You can install browser extensions that block known tracker domains, prevent fingerprinting, and stop invisible scripts from running. Many of these tools work in the background with minimal setup and help reduce the amount of data third parties can gather about your browsing habits.

Unlike standard browser settings, anti-tracking tools rely on larger, frequently updated lists of trackers and provide more granular control over what you can block on each site. They’re handy if you’re using a browser with permissive default privacy settings, visiting sites loaded with third-party ads, or want protection that goes beyond cookies, such as blocking fingerprinting and other forms of cross-site tracking.

4. Clear cookies and cache regularly

Over time, trackers store cookies and cached files on your device, which makes tracking easier. You should clear this data periodically. By resetting your stored data, you erase many of the identifiers that trackers use to follow you.

That said, clearing cookies and caches won’t stop all types of tracking. Techniques like browser fingerprinting or tracking via logged-in accounts aren’t affected by clearing your cookies or cache.

5. Use a private search engine

Many mainstream search engines build profiles of your search and click activity and share that data with advertisers. Switching to a privacy-focused search engine like DuckDuckGo reduces how much of your query history gets logged and correlated with your browsing identity.

Using a private search engine prevents your queries from being linked to your browsing profile by default. However, it doesn’t stop all forms of tracking; techniques like browser fingerprinting or tracking from logged-in accounts may still identify you.

6. Adjust privacy settings on your device

You can strengthen your privacy further by reviewing the built-in controls on your phone, tablet, or computer. For example, there are settings to:

• Limit app tracking: You can disable cross-app profiling in your device's privacy settings, but the extent to which this is possible depends on your OS.
• Restrict access to sensitive features: Review which apps have permission to use your location, Bluetooth, camera, microphone, or contacts, and disable these permissions where they’re unnecessary.
• Control background activity: Turn off background processes for apps that don’t require them.
• Limit system analytics: Look for options in your privacy settings to reduce diagnostic and telemetry data collection where possible.

These device-level settings limit the amount of information apps and services can collect about you. Used alongside browser protections, VPNs, and anti-tracking tools, they strengthen your overall privacy.