No matter where you go online, you are being tracked. Almost every time you visit a website, trackers collect data about your browsing and transmit it back to a targeted advertising system, which builds a detailed profile of your interests and makes huge profits in the process . In some places you are tracked more than others.
In a little-known change late last year, thousands of websites started being more transparent about how many companies they share your data with. In November, those annoying cookie pop-ups (which ask for your permission to collect and share data) began sharing the number of advertising “partners” each site was working with, providing a further glimpse into the vast advertising ecosystem. For many websites, this isn’t pretty.
A Wired analysis of the top 10,000 most popular websites showed that dozens of sites said they were sharing data with more than 1,000 companies, while thousands of other sites were sharing data with hundreds of companies. Quiz and puzzle site JetPunk topped the list, listing 1,809 “partners” that may collect personal information, including “browsing behavior or unique IDs.”
Publisher Dotdash Meredith’s more than 20 sites, including Investopedia.com, People.com and Allrecipes.com, said they can share data with 1,609 partners.newspaper daily mail There are 1,207 partners listed, while internet speed monitoring company Speedtest.net, online medical publisher WebMD and media outlets Reuters, ESPN and BuzzFeed all said they could share data with 809 companies. (Wired lists 164 partners.) Those hundreds of advertising partners include dozens of companies that most people have probably never heard of.
“You can always assume that all of them will try to disambiguate your identity first,” says Midas Nouwens, associate professor at Aarhus University in Denmark, who has previously developed tools that can pop up cookies via cookies. Automatically opt out of tracking to help with website analytics. The data collected may vary from website to website, and cookie pop-ups allow a certain degree of control over the data that can be collected; however, this information can include IP addresses, device fingerprints, and various identifiers. “Once they know this, they may add you to a different data set or use it to enrich when you later visit a different website,” Nouwens said.
The world of online advertising is a confusing, murky space that can involve a network of companies building profiles of people with the goal of showing you tailored ads when you open a web page. For years, Europe’s strict privacy laws, such as the GDPR, have caused websites to display cookie consent pop-ups requesting permission to store cookies on your device that collect data. Research in recent years has shown that cookie pop-ups contain dark graphics, ignore people’s choices, and are ignored by people. “Everyone we observed in user testing had not read this. They found the quickest way to turn it off,” said Peter Dolanjski, product director at DuckDuckGo, a privacy-focused search engine and browser. “So they end up in a worse state of privacy.”
For the website analysis, Nouwens crawled the 10,000 most popular websites and analyzed whether the collected pop-ups mentioned partners and, if so, how many they disclosed. WIRED manually verified all of the sites mentioned in this article, visiting each site to confirm the number of partners they displayed. We looked at the highest total number of partners in the entire dataset, as well as the highest number of partners for the top 1,000 most popular sites. This process is just a snapshot of how sites share data, providing a view of a complex ecosystem. Results may vary depending on where in the world people are accessing the site from.
It also only includes websites that use only one system for displaying cookie pop-ups. Many of the world’s largest websites (such as Google, Facebook, and TikTok) use their own cookie pop-ups. However, thousands of websites, including publishers and retailers, use third-party technology made by consent management platforms (CMPs) to display pop-ups. These pop-ups largely follow standards from marketing and advertising group IAB Europe, which detail the information that should be included in cookie pop-ups.