out of character for me, I wanted to make a bit of a PSA about something that I think most people in the ad industry are talking about, but hasn't really penetrated the public consciousness yet. Here it is:

Use a different email for every site you sign up for

You may or may not have heard about it, but browsers and operating systems are getting rid of tracking capabilities. This includes plans to get rid of third-party cookies and "consent based" access to advertising identifiers on iOS. These changes represent a large increase in privacy for casual internet browsing, but they force advertisers to look for new and sneakier ways to track and target people—in some senses, they are the "starting pistol" for the ad tracking arms race.

The most common and profitable replacement for many sites, including most social media networks, is so-called "first party identifiers"—that is, using the information that you provided to the website when signing up, like your email address or your phone number.

These first party identifiers are then shared with all advertisers, so that e.g. if you view an ad on tumblr.com, and you recently made a reservation on Airbnb with the same email address, or viewed a livestream on twitch, advertisers would have access to a "profile" of you that marked you as someone who might be interested in rentals, or as someone who might be interested in specific videogames, or streamers. This is most common right now with mobile apps, due to Apple's big IDFA push, and because it's easier to get users to sign up for an account and provide their phone number. (And possibly because there seems to be less oversight and publicity around mobile app tracking—it requires a much more specialized skillset and larger time investment to reverse engineer an app than it does to build a browser extension to track trackers). But these exact same tactics, once perfected in the mobile app ecosystem, are probably going to continue to show up on more and more web sites if and when browsers continue to remove advertisers' tracking capabilities for larger and larger numbers of users.

There is also very little visibility into how these datasets are managed. In theory, depending on the companies involved and the datasharing agreements, you might even be able to buy browsing history for a specific (known) email address—and without any of the individual companies involved having sold your data. These data sharing agreements are structured as advertising revenue for targeting, where advertisers will pay more money for ads with this first party data associated with it, but any advertiser who participates in these ad slot auctions gets notified that so-and-so's (hashed) email address viewed such and such a website at this particular time, and they could theoretically use that data for whatever purposes they wish (depending on the contracts they have with the advertising exchanges and data sharing providers in question).

Anyways, this has been on the horizon for a long time now, but it's becoming increasingly important and increasingly common. Use a different email address for every site you sign up for. Don't give people your phone numbers. Ask companies whether they use account data for ad targeting, and make a big stink about it when they do.