There Is No Hiding Your Thoughts

I have people who comment that they don’t allow devices in their home to track them because their devices aren’t connected to the Internet. Obviously, if you are reading this, you are connected to the Internet in some way. That means you are being tracked. There is no avoiding it.

The internet many people imagine is a collection of websites. The internet that actually exists is a collection of websites layered on top of a hidden surveillance infrastructure.

When you visit a page, you are not just interacting with the site you intended to visit. You are also interacting with dozens of advertising, analytics, marketing, and data collection companies operating behind the scenes. Most users never see them, never consent to them in any meaningful way, yet those companies know far more about us than we realize.

Most people understand that websites collect data. If you shop on an online store, it’s reasonable to assume that store knows what products you viewed, what you purchased, and perhaps even what ads convinced you to buy.

What you may not realize is that some of the largest advertising companies on the internet may be tracking you even when you never visit those companies’ websites. The modern advertising industry is built on a vast network of invisible tracking technologies that follow users from site to site, quietly collecting information about their interests, habits, and behavior.

Imagine you’re reading a blog about home improvement. You never visit Amazon. You don’t click any ads. You simply read an article. What you don’t see is that the blog may contain a tiny piece of code provided by Amazon’s advertising network. (This blog does not permit advertising of any kind, so that isn’t an issue here, unless it’s being somehow done without my knowledge or consent.) As soon as the page loads, your browser contacts Amazon’s servers and sends information about your visit. This technology is commonly called a tracking pixel, web beacon, or advertising tag.

The pixel is often invisible. It may be a 1×1 transparent image or a script that runs silently in the background. Yet it can tell advertising companies:

• Which website you visited
• Which page you viewed
• When you visited
• Your IP address
• Your device type
• Your browser version
• Whether you’ve been seen before

The result is that companies can learn about your online behavior without you ever intentionally interacting with them.

The Myth of “I Never Gave Them My Information”

Many people assume that if they never create an account with a company, that company cannot build a profile about them. Unfortunately, that’s not how modern tracking works, advertisers don’t necessarily need your name to identify you. Instead, they assign identifiers to your browser or device. These identifiers may include:

• Cookie IDs
• Mobile advertising IDs
• Browser fingerprints
• Device fingerprints
• IP-based identifiers

Over time, these identifiers become associated with patterns of behavior. A profile begins to emerge:

• You read articles about hiking.
• You browse reviews of pickup trucks.
• You compare mortgage rates.
• You visit travel websites.

Even if your name isn’t attached immediately, the behavioral profile becomes increasingly detailed. Over time, the advertiser gets a pretty accurate picture of who you are and what you are interested in. Cookies get most of the attention because they’re visible and users occasionally receive cookie consent popups.

But some tracking techniques don’t rely on cookies at all. For example, browser fingerprinting collects characteristics about your device and browser, including:

• Screen resolution
• Installed fonts
• Operating system
• Browser version
• Language settings
• Time zone
• Graphics hardware

Individually, these details seem harmless, but combined, they create a surprisingly unique identifier. Think of it like recognizing a person from dozens of small clues rather than a single name tag. Even if you delete or refuse cookies, fingerprinting can sometimes recognize the same user each time they return. It’s becoming more and more sophisticated, and there is nothing that you can do about it except stay off the internet completely, and that may not even be a solution.

The real power comes from scale. You see, a single website knows what you do on that site but an advertising network embedded on thousands or millions of websites can observe behavior across the internet. If the same advertising company appears on multiple websites, it can potentially see that:

You visited a health website on Monday.
A car review website on Tuesday.
A financial planning website on Wednesday.
A travel booking site on Thursday.

Viewed separately, these visits seem insignificant. Viewed together, they reveal a great deal about your life, which is why people often feel like advertisements “know” what they’re thinking about. In reality, the advertising ecosystem may have observed enough behavior to make highly accurate predictions. That leads us to the reality of data brokers.

Tracking doesn’t stop with advertising platforms, because there are entire industries that exist to collect, aggregate, analyze, and sell consumer data. These companies, called data brokers, gather information from:

• Websites
• Mobile apps
• Loyalty programs
• Public records
• Commercial databases
• Marketing partnerships

The information can then be used to predict your buying habits, health concerns, and tons of other information. Most consumers have never heard of the companies creating these profiles, yet those profiles influence which ads they see, what offers they receive, and how businesses evaluate them as potential customers. It’s a huge business, and it’s what the new AI systems are being optimized for.

Constant surveillance has become the default business model of the internet. The problem isn’t merely that companies know what products you like, the problem is that detailed behavioral data can reveal:

• Political interests
• Religious beliefs
• Health concerns
• Financial circumstances
• Personal relationships
• Life events

Information that feels private can often be inferred from seemingly ordinary browsing activity, and that’s the uncomfortable reality of the modern advertising economy: some of the companies collecting information about you are companies you’ve never even met.

Your stuff doesn’t even have to be connected to the internet. Television broadcasts, radio shows, advertisements, and streaming content can contain embedded audio watermarks that are difficult for humans to notice. A smartphone app with microphone permission can detect these watermarks and determine:

• Which show you’re watching
• Which advertisement played
• When it played

Then report back to the “mother ship” and this exact method has been used for advertising attribution and audience measurement. You have just added to the file on yourself without even knowing it. The phone and TV aren’t directly communicating in a conventional sense; rather, the TV emits an encoded signal and the phone recognizes it.

The most famous air-gap compromise is probably the Stuxnet operation. That particular piece of malware reportedly spread through infected USB drives to reach systems that were intentionally disconnected from the internet. Once inside, the malware manipulated industrial equipment while concealing its actions. That attack demonstrated a crucial lesson: an air gap dramatically improves security, but it is not an absolute barrier.

Communication across air gaps including ultrasonic and near-subaudible signaling has been demonstrated by researchers, and some commercial tracking systems have used similar concepts for cross-device identification. Now that you know what advertisers are doing, what do you think the NSA is capable of?

My feeling on this? You can’t think about taking a crap without someone expecting you to reach for toilet paper.