supercookies

Cross-device tracking: there’s nowhere digital to hide anymore

It wasn’t already bad enough already that you’d post something on Facebook and within minutes you’d start seeing ads for the same thing on some other website. Now, with cross-device tracking, this spooky, near-instantaneous knowledge about you doesn’t just stay “locked into” your browser or your computer – it can travel with you, to your smartphone, tablet, and even your Smart TV.

Why would marketers want to track your behavior across devices? Because chances are you’re using more devices these days than ever before. You might research a product on your laptop and then buy it on your smartphone. The marketer wants to know you were originally motivated to make the purchase via an ad you saw on your computer – that you didn’t just show up “out of nowhere” on your smartphone and suddenly decide you needed their product. With more clarity on who’s responding to their messages, they can invest more in ads that work, and less in ads that don’t.

Kinds of cross-device tracking

Theoretically, the more marketers know about you, the more they can refine the way they target you. (There’s some question how much it really helps, but that’s what most of them believe). In addition to manipulating you more effectively, they can also do a thing or two you won’t mind – like making sure you don’t see the exact same ad 20 times in a row across all your devices.

To build richer profiles about you, they want to connect and integrate all your behaviors. That way, they know the same person is engaging in all of those behaviors, whether or not they know your name. That’s where cross-device tracking comes in.

In deterministic cross-device tracking, they know exactly who you are. Let’s say you’re a member of Facebook, or a subscriber to an online magazine. You might log in on your computer, your smartphone, or your tablet. Regardless, you gave them the same user ID and password. They can link all your actions themselves, or (depending on laws and privacy agreements) share that information with others.

In probabilistic cross-device tracking, you haven’t logged in, and they don’t know for sure who you are. They have to make their best educated guess, so they use increasingly sophisticated artificial intelligence and algorithms to do that.

What do they know about you?

Marketers draw on a good deal of anonymous data as they track you across devices. For example, they can use a digital fingerprint built from all of your device’s characteristics and personalization, which is likely to be unique or at least nearly unique. (See our recent article on cookies and fingerprinting.) They can use the unchangeable hardware IDs built into your Amazon Fire TV or Roku device, or data streams from channel apps running on devices like these. Then, they can build maps or models that track how all your digital devices are being used together, and start uncovering patterns.

For example, let’s say you use the same IP address for your work computer and your Wi-Fi connected phone all day. Then you take that phone home and connect via Wi-Fi at night through a different internet connection that’s shared with your home computer. You hardly ever use that home computer before 8 p.m. on a weekday – after all, you were at work. Marketers see all that, and they can target the same ad to your work computer during the day and your home computer at night. Based on time patterns and all the other data they’re collecting, they can become increasingly confident it’s you, and not your 10-year-old doing homework.

Cross-device tracking often combines deterministic and probabilistic methods. Then, there’s also the even-more-controversial method, “audio beacons,” in which one device emits an ultrasound noise you can’t hear but your other devices can – establishing a connection that tells advertisers the same person owns both of them.

What if you don’t want to be tracked?

Maybe none of this bothers you. That’s fine. If it does bother you, though, what can you do about it?

You can reject tracking and ad personalization on all your devices. (But recent Princeton research on Roku and Amazon Fire TV devices suggests that much of the tracking survives even when you say “no.”) You can use browser features like Apple Safari’s Intelligent Tracking Prevention, which is infuriating advertisers, suggesting that it’s at least somewhat effective. You can deter tracking via audio beacons by refusing microphone permissions to any app that doesn’t absolutely need them. You can surf the web using VPNs when that’s possible. Finally, you can tell your legislators and federal regulators (at the FTC and FCC) to establish stronger rules against intrusive tracking, and demand far more transparency from those who build and use these technologies.

And of course, you should be running a cybersecurity solution like Sophos Home all the times so you know what’s happening on your devices and when, so should one of these tracking options turn malicious, you’re ready. You might be limited in how much you can prevent tracking, but with solid online security and best practices, you’ll be ahead of the game.

Sophos Home Free includes a free 30-day trial of Premium. Plus get an immediate Advanced Malware Removal to thoroughly clean your computer of any current malware infections.

Download Free Edition