Skip to content

Demystifying Third-Party Ad Serving and User Tracking Cookies

If you‘ve ever wondered how and why certain ads seem to follow you around online, the answer lies with third-party ad serving and user tracking cookies. As an experienced cybersecurity professional, I‘ll walk through how this technology works so you can understand the privacy implications and make informed choices.

What is Third-Party Ad Serving?

Third-party ad serving is when a website displays ads that are delivered by an external "ad network" rather than the site itself. For example, a news site‘s content comes from their servers, but the ads come from Google‘s or Facebook‘s ad servers.

Behind the scenes, the news site‘s code tells your browser to connect to the ad network‘s server to retrieve ads targeted to you. The ad server then drops a tracking cookie in your browser so your activity can be monitored across sites to serve you tailored ads.

According to a 2021 Princeton study, over 85% of websites contain cookies and hidden trackers from third-party servers for advertising or analytics purposes. The vast majority of sites rely on outside ad tech companies rather than managing ads in-house.

Why Do Sites Use Third-Party Ad Servers?

Publishers choose third-party ad serving mainly because it‘s easier and more profitable than managing ads themselves. As a website owner, handling the technology, sales, targeting, and analytics for advertising is complex and resource-intensive.

Ad networks like Google and Facebook have established tech infrastructure to efficiently run millions of ads across thousands of sites. This allows publishers to focus on creating content, while ad servers handle everything technical and business related.

According to Google, their ad network increases revenues for publishers by over 50% compared to selling ads directly. By outsourcing ad operations, sites benefit from the advanced targeting capabilities of ad tech partners. Of course, this comes at the cost of user privacy.

How Do Ad Servers Track Users Across Sites?

Third-party ad targeting relies heavily on tracking cookies to follow users around the web. When an ad from company X loads on a site, the ad server deposits a cookie in your browser with a unique ID code. Now site Y and site Z can read that same cookie whenever ads from company X appear.

This allows a detailed profile to be assembled on each user as they visit participating sites over time. These behavioral profiles inform which ads are served by combining data from past browsing, searches, purchases, demographics, location, and more.
diagram showing a tracking cookie being set and then read across multiple sites
A 2017 study found Google‘s ad tracker on over 75% of popular websites. Facebook‘s tracker was on 24% of sites. With over 20 tracking cookies set per site on average, user data flows freely to fuel targeted advertising.

What Are the Implications for User Privacy?

While convenient for publishers and advertisers, third-party cookie tracking raises significant privacy concerns:

  • Users are profiled without meaningful notice or consent. Tracking happens invisibly in the background as you browse.
  • Personal data is abundantly collected and aggregated. Ad trackers compile exhaustive dossiers on individuals over time.
  • Data leaks could expose private info. Like all data gathering, external tracking creates security risks.
  • More targeting enables more manipulation. Bringing offline and online data together allows subtle, personalized influence.
  • Lack of accountability. Ad tech companies face little oversight on how they harvest and leverage user data.

Targeted ads can be convenient, but unchecked data collection creates chilling possibilities for mass surveillance and psychological profiling.

Emerging Regulations Bring Some Oversight

In response to privacy concerns, regulations like GDPR and CCPA grant users more control over cookies and data sharing:

  • Right to know what data is collected about you
  • Right to delete your personal data
  • Right to opt-out of data sales and targeted advertising

Additionally, major browsers like Safari and Firefox now block third-party cookies by default to curb tracking. But ad tech finds creative workarounds, like browser fingerprinting.

While helpful, these measures only provide partial protection. Comprehensive federal privacy legislation is needed to balance personal rights with digital business models.

Managing Your Privacy as a User

Though the ad tech industry wants frictionless access to data, you‘re not powerless to mitigate tracking and targeting. Here are a few suggestions:

  • Use private or incognito browsing modes
  • Install browser extensions like Privacy Badger to block hidden trackers
  • Disable third-party cookies in your browser settings
  • Avoid logging into services across multiple sites
  • Opt out of personalized advertising when possible
  • Support consumer privacy laws and regulators

Particularly when browsing privately, remember that your interests and choices remain your own – not data points for corporations. There are better ways forward.

Beyond Tracking: Privacy-Focused Advertising Innovation

Due to regulation and consumer pressure, the era of unfettered user tracking via third-party cookies is coming to an end. However, advertising remains key for supporting free online content and services.

There are emerging privacy-preserving alternatives:

  • Contextual advertising – Placement based on page content, not user profiling
  • On-device processing – Keeping personal data local to target ads
  • Differential privacy – Insights from aggregate data without compromising individuals

"The arms race around privacy-invasive tracking has polluted the digital ecosystem. But smarter, more ethical approaches can shift the balance." – Jay Graber, Founder of Happening

With thoughtful innovation, we can have both privacy and sustainable business models – we don‘t have to choose one or the other. Our data shouldn‘t be exploited without consent in service of profits. But conscientious leaders can forge a better path.

So next time an ad follows you around the web, remember the complex tech underlying it, weigh the tradeoffs, and consider alternatives that respect your privacy. You have more power than you might think.


Streamr Go

StreamrGo is always about privacy, specifically protecting your privacy online by increasing security and better standard privacy practices.