Bounce Tracking

October 9, 2023 (1y 6mo ago)

Archive

Bounce tracking is a technique widely used by advertisers, marketers, and analytics platforms to track user behavior across different websites and gather detailed data on your online activity. This method involves redirecting your request through one or more intermediary domains before you reach your intended destination. Instead of going directly to a webpage, your request might pass through a server, such as ads-tracker.com, where your data is collected (all the time, without your consent). This could include your IP address, browser type, operating system, cookies, session information, and more.

The main purpose of bounce tracking is to bypass restrictions on third-party cookies. As modern web browsers become more privacy-conscious, they are increasingly restricting the use of third-party cookies, which are going to be dead by the end of 2024. Bounce tracking circumvents this by storing tracking data in first-party cookies on the target websites. First-party cookies are not subject to the same restrictions as third-party cookies which enables advertisers and analytics platforms to continue monitoring user behavior and linking actions across multiple domains, even when the user attempts to block third-party tracking.

This method offers significant benefits to marketers by providing them with valuable insights into user behavior, but it raises serious concerns about user privacy. Many users are unaware that their clicks are being silently rerouted through intermediary tracking servers, without their knowledge or consent. This effectively undermines privacy efforts, including using privacy-focused browsers, VPNs, or extensions designed to block tracking. For users who attempt to limit online surveillance, bounce tracking represents a significant challenge because it works behind the scenes to evade detection.

How Bounce Tracking Works

When you click a link, the process generally involves these steps:

Request

Your request is routed through a tracking server. Instead of directly accessing https://example.com, you might first be redirected to https://ads-tracker.com/ref?id=partner123&target=https://example.com. The tracker server records your visit, assigns you a unique ID, and stores this data. Here's how it works:

GET /ref?id=partner123&target=https://example.com. HTTP/1.1
Host: affiliate-tracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Cookie: tracking_id=partner123

Redirect

HTTP/1.1 302 Found
Location: https://store.com/product
Set-Cookie: affiliate_id=partner123; Path=/; HttpOnly; Secure

The affiliate tracker collects your data, and the destination site may use JavaScript to read the cookie or query parameters for further tracking.

Mitigation Techniques

Browsers

Modern browsers have implemented several features to combat bounce tracking and strip tracking parameters. For example, Safari's Intelligent Tracking Prevention (ITP) limits first-party cookies from trackers to a 24-hour lifespan and automatically blocks tracking scripts and cross-site cookies. Similarly, Firefox's Enhanced Tracking Protection (ETP) detects bounce tracking patterns, prevents redirects, and removes known tracking parameters like affiliate_id and utm_source. On top of that, Brave Browser's De-AMP feature bypasses intermediary servers, such as those used by Google AMP, and navigates directly to the original content, further limiting tracking capabilities.

Extensions

Privacy tools like uBlock Origin and Privacy Badger block tracking servers and scripts. These tools analyze URL query strings and redirection behaviors to prevent tracking.

Subscribe to my newsletter. The extension of these thoughts and more.