Intro to Trackers
by Peter Lowe on Jul 20, 2021 12:00:00 AM
What are trackers?
In a nutshell, trackers are services that track what you're doing on the internet. They’re usually scripts embedded on websites that collect information.
This may sound like nothing to worry about. But it's actually quite surprising what this really means: Trackers can monitor everything, including what you're clicking on, where you're coming from, where you've been, how long you spend on a page, even where your mouse is hovering—and these are just a few of the more common bits of data being recorded.
Why should I care?
There are a number of reasons people find this unsettling.
It happens behind the scenes
It's rarely made clear to people that sites are silently tracking what they're up to. And even when this is disclosed, it's usually in a roundabout way that tries to hide the extent of the tracking—often it’s just a message with no option to disable the tracking. This makes it very hard to disable or block, and that’s by design. Why do you think that is?
There's also a lot of data being sent by your devices that you just don't know about: Your smart TV is sending your watching habits back to a tracking service. Your heating system knows what time of day you get back from work. Your fridge is monitoring what times of the day you're eating. It's all being recorded, and usually sold (or at least shared) with others.
But in the end, the scariest part is you don’t know exactly what’s being tracked on any given website. And while you can request information that a company has on you, that’s just a single company. And the data they do share is likely incomplete. After all, there might be a profile on you tied to your actual identity, or there might be an anonymized user (you) that those collecting tracking data know very well. But they won’t know to disclose that anonymized profile to you when you request that information.
It's a lot of data
These databases are vast. Freedom of Information requests, which can require companies to give you a copy of the data they hold on you, often result in thousands and thousands of pages of data, or gigabytes of information kept about you. Site visits going back years, purchases you've long forgotten about, even sensitive searches you made that one time when there was a rash you weren't sure about—it's all there.
It's not used for the nicest reasons
There's a saying: If you're not paying for the product, you are the product.
Free services online generally make money through advertising, and the advertising industry wants data.
The information about you can be fed into big databases to build up a picture of who you are, what you like, what you don't like, and then, in the end, sell you stuff. Imagine if even a small percentage of the sites you visit sell or share their info to a database, they can probably create a relatively accurate profile of you as an internet user. The purpose of all of this is usually to put relevant ads in front of you while you’re online. The more information they have on you, the more targeted they can get.
Some people are OK with that—it can mean that you get more relevant ads shown, and better suggestions for sites and products to buy. But many people feel that this type of tracking is an invasion of privacy. If you're one of them, keep reading to see what you can do about it.
Blocking trackers with DNSFilter
We have introduced a new category that's available for policies to block: Trackers
Blocking this category of domains will help to prevent sites tracking you, or sending data about what you're doing to services which track you.
Be aware though: This is not a panacea. There are a lot of methods that trackers use to get around DNS-level blocking—things like server-to-server tracking (where the site sends data about you directly to another server, rather than your browser doing that for you), CNAME cloaking (hiding behind domain aliases), obfuscation (trying to hide what's really going on), among others.
However, this goes a long way to preventing this information being sent and shared. Try it out and take a look at the blocked domains in your query log on the DNSFilter dashboard. You'll be surprised to see how many trackers you block.
Another thing to know is that some sites tie their functionality very tightly to tracking services. This means that if part of the site is blocked, then the rest of the site may not function properly or even at all. There are even cases where the site works, but more slowly than usual.
If you've experimented with ad blocking, you may be familiar with this. In these cases, check your DNSFilter query log, and you can manually unblock domains there that might be causing problems.
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.
TL;DR: SASE is broadening—it is about more than just access! It is about endpoint protection and user-based access…and it's called Security Service Edge (SSE). All of the aspects of the joint NSA and CISA guidance on Protective DNS (PDNS) and user-level policies are part of the secure category, originally launched by Gartner in January 2022. Regardless, it’s been interesting to see the NSA and CISA create guidance recognizing the breadth of cyber...