Is wiping cookies, blocking trackers and not logging in sufficient to prevent profiling?
morde last edited by
I use Firefox as my browser. My privacy settings are strict. I block
- All third-party cookies, and always delete all cookies when Firefox is closed.
- Tracking content (in all windows);
- Cryptominers; and
I never log in to sites such as Google, Facebook and such (I don't even have an account) and never click advertisements (I block them with Ublock Origin).
As far as I know, the only information I am giving away is my device's IP address. However, that IP address is not unique, it is shared among some thousands of devices that my ISP serves.
Now, I guess that is an overly optimistic reasoning and that I must be missing something, so I ask: Assuming the ISP refuses to collaborate with them, could tracking companies still identify and profile me? How so?
I have read this related question but it does not answer my main question.
Short answer: yes, they can still track and profile you in most cases.
Theoretically and technically CDNs and other websites can profile or track you trough images and normal (cached) requests. For example ETags and caches can be used for this too.
ETags can be used to track unique users, as HTTP cookies are increasingly being deleted by privacy-aware users. In July 2011, Ashkan Soltani and a team of researchers at UC Berkeley reported that a number of websites, including Hulu, were using ETags for tracking purposes. Hulu and KISSmetrics have both ceased "respawning" as of 29 July 2011, as KISSmetrics and over 20 of its clients are facing a class-action lawsuit over the use of "undeletable" tracking cookies partially involving the use of ETags.
Because ETags are cached by the browser and returned with subsequent requests for the same resource, a tracking server can simply repeat any ETag received from the browser to ensure an assigned ETag persists indefinitely (in a similar way to persistent cookies). Additional caching headers can also enhance the preservation of ETag data.
ETags may be flushable by clearing the browser cache (implementations vary).
So technically disabling all types of caches (favicons, images, scripts, fonts, ...), blocking CDNs or using a browser extension like decentraleyes and more steps can reduce the amount of the tracking and profiling possibilities.
Additional caches not mentioned are DNS and more.