How can we boost our privacy when it comes to online shopping?

19 Dec 2018

Image: © mymemo/

Jeremy Tillman of Ghostery offers his data protection tips for busy online shoppers.

As the holiday season is in full swing, online retailers have never been busier. Considering the intense competition these shops face for your business, tracking technologies that seek out the personal data of customers are a major element of many business models.

Privacy-focused browser extension firm Ghostery looked at the tracking processes of the following 10 retailers: Walmart, Best Buy, Target, Home Depot, Nike, H&M, Macy’s, Costco, Nordstrom and Wayfair. spoke to director of product at Ghostery, Jeremy Tillman, about protecting your privacy while shopping.

Tracking: The basics

In simple terms, tracking is done by collecting data points as you visit different websites while browsing the internet.

It is accomplished in two main ways: a browser can save an identifier locally on your device, such as a tracking cookie; or information about your network/browser is used to create a unique digital fingerprint. Both cookies and fingerprints can be used to retarget you on your computer or mobile device.

Ghostery found that the average number of tracking requests per page loads is 11.4 and advertising trackers accounted for 49pc of all trackers found. 

Cookies and fingerprints

A cookie is a small text file that is stored on your device for a certain period of time after you visit a website; it contains information such as your login data or the items in your shopping basket. Many people may have believed using a cookie blocker was enough to avoid tracking, but Tillman said this is not the case. “There’s a deep ecosystem of third-party trackers, even supercookies and evercookies, and various other forms of fingerprinting like canvas fingerprinting. Blocking cookies alone is just barely scratching the surface of what should be done to avoid being tracked.”

A first-party cookie is created by the website you are visiting, whereas third-party cookies (used by cross-website trackers) belong to the company that operates the tracker, such as Google or Facebook. These land on your device through image files (advertising banners or pixels) and, once on your device, track you as you move from website to website, creating a profile of your online behaviour patterns. This information can also include health status, sexual orientation and political views.

Fingerprinting, on the other hand, creates a fingerprint of the user’s systems by tracking device browser configurations and settings over time. This method can identify users and track them across websites, even when third-party cookies are being blocked.

Tillman noted that both cookies and fingerprints can be used to retarget consumers on their computer or mobile device. “The process works like this: you visit a particular site, say a news site, and the news site contains a Google tracker on it that will set a cookie that is now saved on your device.

“Next, you visit an e-commerce site (that also contains a Google tracker) looking for running shoes. You continue to browse the internet and notice that the shoes you were looking at are appearing in ads on other websites you visit and within other apps you use.

“Google (the tracker operator) has detected the same tracking ID on both sites, and thus can identify you as a unique user.”

How can you make online shopping more private?

To protect yourself online, Tillman offered several tips. “In addition to using an anti-tracking tool and an ad blocker on all your devices, it’s important to change your cookie settings and adjust your privacy settings. In your browser settings, delete and block third-party cookies.

“When setting up software, accounts and online services, pay attention to your privacy settings and restrict data access if necessary.” He added that this applies to social media and operating systems alike.

Tillman also advised that a VPN on all devices is a good idea. “They use encryption protocols to encrypt any transmitted data and they disguise the IP address assigned to your device – your IP address is used when building your digital fingerprint.”

Lastly, it’s an evergreen statement, but Tillman said phishing schemes are still a massive threat. “If the sender of the email is not someone you know and trust, mark the email as spam, and block the sender. There are browsers that protect you against phishing.”

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects