How are most people tracked by advertisers and data collectors?

Hey! I’m trying to improve my privacy and security.

I think my goal is to keep my data private from advertisers and, maybe, from ISPs or anyone else who could access it in the future.

I guess I fear that one day, all this info could be available, in AI or something. Someone could type in to their AI chatbot “tell me everything you know about X person” and the AI would reveal everything they know from the data that’s held on you or something like that!

Anyway, paranoia aside, from my limited understanding, the two main issues for being tracked are at the device level and the ISP/network connection level – is that right?

So you should use a browser that can’t be fingerprinted (to confuse the websites you visit).

But you must also not install any apps/software or use an OS that tracks what you’re doing on your device (in that browser) and sends that data somewhere?

Then you also need to be sure that the way you are searching for information (search engine) isn’t storing those searches and linking them to you somehow (e.g., using Google search while logged into your Google account)?

Then, you also need a way to connect to the internet that isn’t going to log what you do and store those logs insecurely.

Does that sound right?

Also, how is a device recognized when it connects to the internet?

Say, if I visit a site (without logging in) from my home ISP, then go somewhere else and connect to the network there, and visit the site again, how will the site recognize it’s me? Let’s assume I’m using a browser in incognito mode that hasn’t stored any cookies…

What revealing info does the device send, for example, a laptop?

Thanks

Every browser is fingerprinted. The key is using the browser that fingerprints everybody or at least most people the same or very similarly. This way, you “blend in” with the crowd using that browser. But this doesn’t matter too much because there are many other metrics on which they can fingerprint you.

Not sure what or how you mean this. The key is to use an OS that doesn’t have any or very limited telemetry of what you’re doing on your own computer. But yes, if you install an app that is going to track what you do, then you shouldn’t obviously do that.

But doing just this is not enough. If you don’t use your browser ephemerally or semi-ephemerally, then the website you visit often will begin to develop a shadow profile on you based on browser fingerprinting. Plus, there are cookies that don’t help and only hurt here.

Using a great VPN like Mullvad helps with this. It also obfuscates your ISP from knowing where on the internet you’re going. It doesn’t obfuscate how much data you consume and when.

Not sure about this fully. But user agent is very easy for any website and app to know what kind of device is being used to access the app or service.

Cookies and fingerprinting.

Incognito mode doesn’t work like that by default. If you do not allow cookies, chances are no website is going to open. You do need to allow first party cookies for the website to open up. They key is to set up your browser such that every time you close, it deletes all your cookies and site data, history, etc. so this info cannot be continued to made use of by the websites to target you or those who make profiles on you for their own purposes. This is easily made possible within Firefox or Brave. But Mullvad Browser does this by default.

–

This is the extent to which I know about what you’re asking. Hope it makes some things clear to you.

One last thought to add for what you’re asking:

I think all you need is the right set of settings in a browser (for an ephemeral or semi-ephemeral usage), uBlock Origin (with other filter lists within enabled), and a VPN. A password manager for your credential management needs is a big plus (which I am hoping you are already using).

That’s pretty much it really, for most people who want to maintain their privacy browsing and doing things online in your everyday use case. Just be sure to always quit and restart your browser everyday at-least. Also obviously, it is important to be mindful of what info you share about yourself online and on which platforms.

Thanks. That makes sense.

By apps that track you, I meant things like Spotify or Instagram, that seem to have access to other parts of your phone in some way. Can apps like that see what you’re doing outside of the app? Beyond the obvious, like turning off location permissions.

I do use a VPN but don’t have it on all the time.

I use a password manager and use 2fa for important accounts.

I use two different browsers (Brave and Firefox) just to spread myself around.

But I’m heavily reliant on Google: maps, docs, drive, Gmail, calendar. YouTube.

I’m moving away from Google search (trying Duck Duck Go, which seems quite good compared to brave and ecosia.

Do you think getting a (cheap) usb wireless adaptor for a laptop would, and then replacing it every few months, would obscure a device a bit?

The wireless card must be a big identifier?

its all called metadata. Yes, apps know your battery life, your time zone, etc.

Use it all the time. No harm. Unless there is a reason you turn it off.

Use for all accounts. That’s literally why it exists.

Always good to compartmentalize.

There are alternatives you can and should use. For YT, you can keep watching it without signing in after exporting your subs and adding it to your RSS reader of choice.

I suggest checking out Kagi too. But you may not want another subscription.

WHat for? Obscuring what?

Not really. Every laptop and computer has a WiFi card. It’s not a big deal. Also, websites won’t know this. Only the OS and at most the apps running within depending on the type of app and how privacy invasive it is.

You’re right about the tracking layers. Most people focus on browser fingerprinting and ignore the network layer completely.

Here’s the actual stack:

Device Level:
Browser fingerprinting (Canvas, WebGL, fonts), OS signatures, hardware IDs.

Network Level:
ISP logs every connection, IP ties activity to location, DNS queries visible even through HTTPS.

Account Level:
Google/Facebook login = cross-site tracking, email/phone verification = permanent identity link.

What actually works in my case:

First of all, stop using home ISP and your real number for verifications. Non-VOIP SMS lets you verify ANY account without linking to your identity. Antidetect browser works well in this setup.

The stack I use: GoLogin + VoidMob dedicated proxy (Vless/Xray encrypted) + VPS + SMS verifications for accounts.

Thanks. Will keep my vpn on more now!

I just thought the WiFi adaptor would have some sort of serial number or ID that is shared when you visit a website. Like the mac address? So if you changed that, your usage wouldn’t be continously linked to the same laptop?

There must be some hardware logging when you visit a website? Otherwise how would the authorities connect online activity to specific devices? Or can they?

Yeah, I’ve used my real email address and phone number for logins and verification a fair few times! Not for anything dodgy but it’s probably left a trail.

How do you go about generating sms numbers for verification?

MAC address randomization helps but sites use way more than that—browser fingerprint combines dozens of signals (Canvas, WebGL, fonts, timezone, screen res, etc). Changing MAC alone doesn’t break the fingerprint.

Hardware logging = browser fingerprinting + ISP connection logs. Authorities don’t need device serial numbers when your ISP logs every connection with timestamps and your account info.

Real email/phone for logins = permanent trail. Already linked.

For SMS verification: Non-VOIP carrier numbers from voidmob SMS, they have some other privacy related products as well.

It’s pretty difficult not to be tracked in some way or another if you use someone else’s computer (“cloud”), so my suggestion would be to de-Google and de-Apple as much as possible, ideally in favor of self-hosting. It also goes without saying that you should willingly put information out there about yourself by using social media.

You can mitigate browser fingerprinting using things such as the Arkenfox config for Firefox and DNS blocklists, but all these techniques are imperfect. If you really need anonymity, Tor is the best option, but it is slow.

Also don’t forget that devices like home appliances and cars can (and often do) share a lot of data with manufacturers and third parties. You may have to take drastic measures such as locating and killing the bug in your car for example.