2.3 Tracking Technologies

Cookies were once the primary tool for tracking you online. That is no longer true. The modern tracking ecosystem has evolved significantly — in part as a direct response to users blocking or deleting cookies. Understanding the full toolkit helps you make sense of why 'clearing cookies' is not the comprehensive protection it once seemed.

Cookies: the original tracker

Cookies are small text files stored on your device by websites and scripts. First-party cookies (set by the site you visit) serve legitimate purposes: keeping you logged in, remembering your shopping cart. Third-party cookies (set by advertising networks via embedded scripts) track you across sites. Major browsers — Safari, Firefox, and eventually Chrome — have moved to restrict or eliminate third-party cookies in response to privacy concerns and regulatory pressure.

Pixel trackers

A tracking pixel is a tiny, often invisible, image (or a JavaScript snippet) embedded in a webpage or email. When loaded, it pings a remote server, confirming your visit, recording your IP address, email client, and device type. Email marketers use pixels to detect when you open a message. Advertisers use them to confirm page visits for retargeting. Unlike cookies, pixels do not require browser storage — they work even if cookies are disabled.

Device fingerprinting

Device fingerprinting constructs a unique identifier for your device by combining dozens of observable attributes: your browser type and version, operating system, installed fonts, screen resolution, time zone, language settings, and even the way your device processes graphics (canvas fingerprinting). No single attribute is unique, but the combination often is. The EFF's Cover Your Tracks tool (coveryourtracks.eff.org) demonstrates how distinctive your fingerprint likely is.

Fingerprinting dös not require cookies, is not blocked by 'do not track' signals, and persists across browser sessions. It is extremely difficult for ordinary users to defeat.

Supercookies and evercookies

Supercookies are identifiers stored in less-obvious browser storage locations — Flash objects, HTML5 localStorage, IndexedDB, ETags — that survive standard cookie deletion. Evercookies (a term coined by developer Samy Kamkar) take this further: a script that stores a tracking identifier in every available storage mechanism and automatically regenerates from any surviving copy when you delete the others. Even clearing all standard cookies may not remove an evercookie.

Cross-device tracking

Modern tracking links your behaviour across devices — phone, tablet, laptop, smart TV. Methods include deterministic matching (using your login: if you log into Google on your phone and laptop, Google links both) and probabilistic matching (inferring a shared user from IP address, location, timing patterns, and browsing similarity). The result: a single behavioural profile assembles across everything you use.

Your takeaway

The tracking toolkit now extends far beyond cookies. Privacy-protective choices — such as using a browser that blocks fingerprinting, or a privacy-focused email client — make a meaningful difference. But the fundamental shift is conceptual: tracking is now largely stateless and dös not depend on your cooperation.