Tracking & Targeting demo

A live demonstration. Three phases: what your browser reveals about you, how that data is auctioned, and how the resulting profile is used to target manipulation. Everything runs in your browser. Nothing is sent anywhere.

This site uses Plausible Analytics only — no cookies, no personal data. With one deliberate exception: this page loads three real advertising and analytics trackers, once, so the demonstration below can honestly test whether your browser blocks them. They are the only trackers on the entire site, and they send nothing about you beyond the request itself.

Phase 1 — What this page already knows

Without clicking anything, without logging in, your browser reveals a significant amount to every site you visit. The list below is what this page can read about you using standard JavaScript — no special permissions, no server request required. None of it requires your consent under current law. It is the baseline state of the web.

The signals are individually mundane. The screen size, the language, the timezone, the device's pixel density. Combined, they form a fingerprint sufficient to identify you across sites without a cookie. For a precise measurement of how unique your browser is, the EFF's Cover Your Tracks tool is the reference.

These signals — combined with your IP address, browsing history, and data broker records you've never interacted with — form a persistent profile. Cookies are only one mechanism among many. Fingerprinting survives clearing cookies, private browsing, and most ad blockers.

The live test above probes three layers, each more invasive than it sounds. Analytics is the one everyone accepts as harmless — "just visitor stats." Yet Google Analytics sits on more than half of all websites, and its identifier is shared across them, which makes "just stats" a cross-site record of where you go. The ad exchange layer is where that record becomes a product: you are sorted into remarketing audiences and sold. The social layer is the one most people never agreed to — the Facebook Like button and its equivalents reported your visit to every page they appeared on, whether or not you clicked, whether or not you even had an account. Presence was the data. The button was the sensor.

Phase 2 — How that data is auctioned

On a typical commercial website, the milliseconds between you loading the page and the page becoming usable contain a hidden event: a real-time bidding (RTB) auction. Your browser profile is assembled into a bid request and broadcast simultaneously to dozens of advertising companies. They evaluate, they bid, the winner's ad is shown. The auction completes in roughly 100 milliseconds — before you finish reading the headline.

The critical detail is the word broadcast. According to research by the Irish Council for Civil Liberties, this happens to the average EU internet user 376 times per day. In the United States, the figure is 747 times per day. Not to the winning bidder — to all bidders. Every company that receives the broadcast retains a copy of your profile, regardless of whether they win the auction.

The Belgian Data Protection Authority and the Court of Justice of the European Union have found that RTB, as currently practised, likely violates the GDPR. The system continues to operate.

The simulation below uses your real browser signals as input. The bidders are real companies; the bid values are illustrative. This site does not actually run RTB — what you see is what happens on sites that do.

Phase 3 — How that profile is used to manipulate you

The profile assembled in Phase 1 and sold in Phase 2 can be purchased by any actor with an advertising budget — including political campaigns, state-sponsored influence operations, and bad-faith content creators. Targeting that began as commercial advertising became, by the same mechanism, infrastructure for psychological influence at scale.

The demonstration below shows how. Based on your inferred signals, the system selects an emotional vulnerability. From that, it selects a manipulation technique with a documented psychological mechanism. From that, it constructs content — source name, headline, body, engagement hook, each element a deliberate choice.

The post you'll see is fictional and labelled. The point is recognition: Cambridge University researchers have shown that knowing how a manipulation technique works before you encounter it makes you significantly more resistant. This effect is called prebunking, or psychological inoculation. The Bad News game by DROG teaches it interactively in ten minutes.

What you've just seen

Three phases, one system. Your browser passively reveals data. That data is auctioned to advertisers — and to anyone else with a budget. The resulting profile is used to select, then construct, content engineered to bypass your critical evaluation.

No individual setting defeats this fully. Partial defences exist — uBlock Origin (the most effective tracker blocker), Firefox with enhanced tracking protection, the Brave browser, the EFF's Privacy Badger. Each one reduces the surface area; none eliminates it. Structural regulation is the complete answer; the GDPR and the Digital Services Act are the most serious attempts so far.

The most durable defence is recognising the techniques when you see them. That is the argument for prebunking, and the reason this page exists.

Sources

OpenRTB specification — IAB Tech Lab.
ICCL — RTB research (2022); 376 (EU) / 747 (US) exposures per day.
Roozenbeek & van der Linden et al. (2022), Psychological inoculation improves resilience against misinformation, Science Advances.
Cambridge Social Decision-Making Lab — prebunking research.
EFF Cover Your Tracks.