The Tracker Tax: How Pervasive Web Code Steals Your Privacy And Time
Online tracking code, sometimes recording web users’ every move, is present on the vast majority of the most popular websites in the United States, and it can make them take substantially longer to load, according to a new study from Ghostery, developer of tools for blocking such tracking code.
The study found that among desktop versions of the top 500 websites accessed in the United States as compiled by Alexa, 90% had at least one digital tracker embedded, while 65% had at least 10. About 20% of the sites had 50 or more, according to the report, and some trackers actually pulled in additional tracking code from other sources, which the researchers called “piggybacking.”
Filtering the tracking code out with Ghostery’s product sometimes substantially boosted performance: Sites with trackers loaded in an average of 19 seconds with the tracking code enabled versus 8.6 seconds with them filtered by Ghostery.
For the slowest sites, the difference was more dramatic still: The 10 slowest-loading pages took an average of 127 seconds to finish loading with those trackers enabled. Filtering them out saved an average of 84 seconds per load, according to the researchers, Molly Hanson and Patrick Lawler of Ghostery and Sam Macbeth of Ghostery’s Mozilla-owned parent company Cliqz.
Those slow speeds–what the paper refers to as “the tracker tax”–could in some cases be hurting site operators as well as users: A study released last year by content delivery network giant Akamai found that a two-second boost in page load times can cause bounce rates on a site–the percentage of visitors to leave after viewing just one page–to more than double.
Website operators use third-party tracking code for a variety of reasons: monitoring site performance and popularity, providing technical support, and of course providing targeted advertising. Coupled with cookies or fingerprinting processes that can consistently observe users as they move from website to website, the trackers can help a wide swath of companies gather intimate details about users’ online behavior, sometimes to a greater extent than many users may realize or prefer.
The prevalence of such code has gotten more attention lately amid questions about what sorts of data Facebook and other giant web platforms record about users and revelations about just how much user data can end up in the hands of third-party tracking companies. (In a broader sample Ghostery looked at, about two-thirds of sites had Google trackers and one-third had trackers from Facebook.)
Grindr, the gay dating service, recently apologized after it was found to share sensitive data like user locations and even HIV status with analytics providers. In other cases, tools designed to let site developers replay how users interacted with their websites were found to accidentally capture sensitive data like user passwords.
Another recent study by Princeton researchers found that third-party trackers could harvest data from Facebook Login, used across the web to enable users to sign on to other sites with their Facebook credentials, without users’ knowledge, and third-party ad code has been spotted injecting malware and scam advertisements into even highly regarded websites.