Click here

Every click, every hover, every second you spend on the web—it's All being tracked.

I monitored every request my browser made, revealing a hidden ecosystem of tracking that spans retail giants and news sites alike. Using the Network Sniffer extension, I captured these invisible communications and investigated them using terminal commands to see what was really happening while I was browsing.

This pattern of hidden tracking mechanisms aligns with larger philosophical ideas about modern surveillance. Deleuze's concept of "societies of control," where surveillance has evolved beyond confined spaces into fluid networks that modulate behavior. Similarly, Nissenbaum's theory of "contextual integrity" helps explain why these tracking mechanisms feel unsettling—they violate our expectations about how our information should flow.

In this post, I'll examine three tracking examples I discovered on Amazon, Walmart, and Breitbart, revealing both their technical workings and the feelings they evoked as I realized the extent of surveillance happening during routine browsing.

(For the record, I don’t browse Breitbart—I was simply investigating what kind of tracking infrastructure a right-wing political news platform uses and how it compares to others I’ve examined.)

Network sniffer plugin tracking requests on opening Amazon.

Tracking Mechanisms

Network Sniffer showing the usersync.samplicio.us request with the pixel.gif endpoint

Amazon's Tracking Pixel

While browsing Amazon's product pages, I discovered something unexpected lurking in the background: a tracking pixel connecting to usersync.samplicio.us. This innocuous-looking request revealed a sophisticated tracking mechanism in action.

What is a tracking pixel?

A tracking pixel (sometimes called a web beacon) is typically a 1x1 transparent GIF image that loads from a third-party server. Despite its tiny size and invisibility to users, it serves a powerful purpose: when your browser requests this "image," it sends along information about you to the tracking server. The image itself is meaningless—it's the request that matters.

Who's behind this?

This particular tracking pixel reveals a partnership between two entities:

• Amazon Advertising (amazon-adsystem.com): Amazon's advertising platform that delivers personalized ads across Amazon and partner websites

• Lucid Holdings (samplicio.us): A market research and audience measurement company that specializes in connecting user identities across different platforms

Websites of the companies involved in this request

What's particularly unsettling is how little information is available about Lucid Holdings. Despite handling data for one of the world's largest retailers, the company maintains an extremely low profile. Their website (samplicio.us) offers minimal information about their operations, and publicly available information is sparse. According to Bloomberg, they "provide market research technology" and help "measure the impact of digital advertising," but the specifics of how they use the data collected through these tracking pixels remain opaque.

The company was founded in 2010 and is now owned by Cint Group AB, a Swedish market research company. This multi-layered corporate structure further obscures who exactly has access to your browsing data and how it's being used.

What's it doing?

The "usersync" in the domain name reveals this pixel's primary purpose: synchronizing user IDs across different advertising platforms. This process, known as "cookie syncing," allows Amazon to recognize you on partner websites and vice versa, creating a more comprehensive profile of your browsing activity across the web.

Key technical details from the request headers:

• The URL contains parameters that pass your unique identifier between services

• Cache control headers ("no-cache, no-store, must-revalidate") ensure this request happens fresh each time

• The zero content length (0) confirms this isn't actually delivering content—just tracking

Terminal investigation

When I investigated the IP address (54.166.147.159) using terminal commands, I confirmed it belongs to Amazon's AWS infrastructure:

Host command results for the IP address

This tracking pixel exemplifies how major platforms collaborate with obscure third parties to track users across the web, creating what privacy researchers sometimes call the "invisible handshake"—where your data flows between companies without your explicit knowledge or consent. The lack of transparency about Lucid Holdings makes this partnership all the more concerning from a privacy perspective.

Walmart's Cross-Site Tracking

Secure.adnxs.com request with tracking parameters

My investigation of Walmart's website revealed another tracking mechanism, but with an interesting twist. This time, I found a request to secure.adnxs.com - a domain that doesn't immediately suggest any connection to Walmart.

The tracking chain

The request I captured showed a multi-step tracking process:

1. Starting at "dw.wmt.co" (Walmart's tracking domain)

2. Redirecting through "b.www.walmart.com/rum.gif" (RUM stands for Real User Monitoring)

3. Finally connecting to "secure.adnxs.com/getuid" with parameters containing "thirdpartyuserid"

This chain of redirects reveals how Walmart is sharing user identifiers with AppNexus (now Xandr), one of the world's largest advertising exchanges.

Who is behind AppNexus/Xandr?

AppNexus was acquired by AT&T in 2018 and later became part of Xandr, which was subsequently purchased by Microsoft in 2021. This means your shopping data from Walmart is potentially being shared with Microsoft's advertising ecosystem.

Xandr website that redirects to Microsoft showing their ad exchange services

Terminal investigation

I decided to dig deeper using terminal commands to uncover the true owners of this tracking domain:

# Step 1: Resolve the domain to get the IP address
suryanarreddi@10-18-218-129 ~ % host events.bouncex.net
events.bouncex.net is an alias for nginx-ingress.wunderkind.co.
nginx-ingress.wunderkind.co has address 34.111.8.32

# Step 2: Run a traceroute to the Walmart tracking domain
suryanarreddi@10-18-218-129 ~ % traceroute 20.242.10.199
# ... [traceroute output would appear here] ...

# Step 3: Check WHOIS information for the IP address
suryanarreddi@10-18-218-129 ~ % whois 20.242.10.199
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.arin.net

inetnum:      20.0.0.0 - 20.255.255.255
organisation: Administered by ARIN
status:       LEGACY

whois:        whois.arin.net

changed:      1994-10
source:       IANA

# whois.arin.net

NetRange:       20.192.0.0 - 20.255.255.255
CIDR:           20.192.0.0/10
NetName:        MSFT
NetHandle:      NET-20-192-0-0-1
Parent:         NET20 (NET-20-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Microsoft Corporation (MSFT)
RegDate:        2017-10-18
Updated:        2021-12-14
Ref:            https://rdap.arin.net/registry/ip/20.192.0.0

# ... [additional WHOIS information showing Microsoft ownership] ...

# Step 4: Check domain ownership information
suryanarreddi@10-18-218-129 ~ % whois adnxs.com
# ... [WHOIS information for adnxs.com showing Microsoft ownership] ...

# Step 5: Check DNS records for the domain
suryanarreddi@10-18-218-129 ~ % host secure.adnxs.com
secure.adnxs.com is an alias for xandr-g-geo.trafficmanager.net.
xandr-g-geo.trafficmanager.net is an alias for ib.anycast.adnxs.com.
ib.anycast.adnxs.com has address 68.67.160.26
ib.anycast.adnxs.com has address 68.67.160.132
ib.anycast.adnxs.com has address 68.67.160.186
ib.anycast.adnxs.com has address 68.67.160.75
ib.anycast.adnxs.com has address 68.67.160.114
ib.anycast.adnxs.com has address 68.67.179.87
ib.anycast.adnxs.com has address 68.67.160.117
ib.anycast.adnxs.com has address 68.67.181.248
ib.anycast.adnxs.com has address 68.67.181.231
ib.anycast.adnxs.com has address 68.67.179.153
ib.anycast.adnxs.com has address 68.67.161.208
ib.anycast.adnxs.com has address 68.67.179.164

The traceroute revealed something interesting - after passing through NYU's network, the connection reached "ae-0.xandr.nwrknj03.us.bb.gin.ntt.net" - explicitly showing "Xandr" in the network path. Looking up the WHOIS information confirmed Microsoft's ownership.The DNS lookup revealed even more about their infrastructure. The multiple IP addresses indicate they're using anycast routing for distributed, high-performance tracking - demonstrating the industrial scale of this surveillance infrastructure.

What's happening with my data?

The "getuid" endpoint in the URL explicitly shows this connection is for user identification purposes. Walmart is synchronizing what it knows about you with AppNexus/Xandr's advertising ecosystem, allowing for cross-site tracking and targeted advertising.

Key details from the request:

• The "thirdpartyuserid" parameter confirms identity sharing

• Cache control headers ensure tracking happens on every page view

• Zero content length shows it's not delivering visible content

This tracking mechanism exemplifies what privacy researchers call "invisible data flows" - my shopping behavior at Walmart is being transmitted to Microsoft's advertising network without clear disclosure or consent, demonstrating how contextual boundaries are blurred.

Behavioral Monitoring on Breitbart

Network Sniffer showing the events.bouncex.net request with tracking parameters

I then looked at Breitbart, a prominent right-wing news site, I discovered another tracking mechanism connecting to events.bouncex.net. This finding was particularly interesting as it demonstrates how tracking technologies cross political boundaries - the same surveillance infrastructure powers both e-commerce and politically-oriented websites.

What is Breitbart using to track visitors?

The request I captured showed an "endpageview" tracking pixel - a mechanism that monitors when users are about to leave a page:

The extremely long URL parameter string contains encoded information about my browsing session, likely including how long I spent on the page, my mouse movements, and other behavioral indicators.

Company behind the tracking: BounceX/Wunderkind

BounceX rebranded to Wunderkind in 2020, but still maintains its old domain names for tracking purposes. The company specializes in "behavioral marketing" technology that identifies when users are about to leave a site (known as "exit intent") and can trigger interventions like popup messages or remarketing.

Wunderkind website highlighting their marketing services

Terminal investigation

My investigation revealed several interesting aspects of this tracking system:

This investigation revealed several key points:

1. Wunderkind uses Google Cloud Platform to host their tracking infrastructure

2. The "nginx-ingress" in the hostname shows they're using NGINX as their web server

3. The HTTP/2 support and "alt-svc: h3" header indicates they're using modern protocols including HTTP/3

4. The 404 response to direct access suggests this endpoint is deliberately designed to be invisible to users

Exit intent tracking

This tracking pixel is specifically designed to monitor my behavior that indicates an intention to leave the site. By tracking mouse movements (especially when the cursor approaches the browser's top edge) and page visibility changes, it can predict when you're about to exit.

This allows Breitbart to potentially:

• Trigger last-minute subscription offers when you're about to leave

• Record detailed analytics about which content keeps users engaged longest

• Create sophisticated user profiles based on article reading patterns

• Deploy retargeting campaigns through ad networks

Political tracking across the spectrum

Finding this tracking system on Breitbart demonstrates how surveillance technologies transcend political boundaries. The same behavioral monitoring techniques used by e-commerce sites to maximize sales are deployed by political news sites to maximize engagement and ideological influence.

This raises interesting questions about contextual integrity - readers of political news may not expect the same level of behavioral tracking they encounter in shopping contexts. Yet the underlying technical infrastructure is identical, with companies like Wunderkind providing surveillance capabilities to clients regardless of their political orientation.

The use of Google's cloud infrastructure adds another layer to this relationship, a complex web of data flows that crosses corporate and ideological boundaries.

Connecting to Theory

Deleuze's "Societies of Control"

My investigation illustrates Deleuze's concept of "societies of control." Rather than being monitored within confined spaces (like Foucault's panopticon), we now experience surveillance that is:

• Continuous and boundless: The tracking pixels follow us across websites and devices

• Distributed across networks: Multiple companies collaborate in tracking ecosystems

• Modulating rather than confining: These systems observe and actively shape behavior through personalized content and advertising

The technical infrastructure I uncovered—from Amazon's user syncing, Breitbart's exit intent tracking—demonstrates how control has moved beyond institutions into the very fabric of the web.

Nissenbaum's "Contextual Integrity"

Each tracking example violates Helen Nissenbaum's principle of contextual integrity:

• When shopping on Amazon, I didn't expect my data to flow to Lucid Holdings

• My browsing on Walmart shouldn't automatically connect to Microsoft's ad networks

• Browsing political news on Breitbart shouldn't trigger behavioral tracking through Google's infrastructure

These hidden data flows break expected norms about information sharing and demonstrate how context boundaries collapse in modern surveillance systems.

Personal Reflection

Discovering these tracking mechanisms was unsettling. What struck me most wasn't just their existence, but their sophistication and invisibility. The feeling of being constantly monitored has made me more cautious online—I find myself hesitating before clicking links or searching for sensitive topics.

This investigation has shown me how the theoretical concepts from our readings manifest in real tech systems that shape our daily online experiences. The "unknowable consequentiality" that Noll describes feels very real when I consider how my data might be used to manipulate my future choices.

Technical Investigation Methods

Using simple terminal commands like host, whois, and traceroute, I was able to uncover the hidden infrastructure behind these tracking systems. These basic tools revealed:

• Who owns the tracking domains

• Where servers are physically located

• How companies collaborate through complex redirects

• The industrial scale of surveillance infrastructure

Conclusion

What kind of digital world do I want to live in? Are there alternatives to the surveillance economy? Can we reclaim some measure of privacy while preserving the benefits of digital connectivity?

Is the first step is awareness? By understanding how these systems work, can we begin to make more informed choices about our digital lives and perhaps advocate for technologies and policies that better respect contextual integrity and personal autonomy?

As Mark Fisher famously noted, "It's easier to imagine the end of the world than the end of capitalism." Similarly, it seems easier to imagine the end of the web itself than the end of these surveillance systems. The modern internet is arguably propped up by the massive revenue these tracking mechanisms generate—a parasitic relationship where our private experiences are continuously extracted and monetized.

The web of tracking I've uncovered represents technical infrastructure but also an economic model that has become so deeply embedded in our digital experience that it appears inescapable. Each pixel, each redirect, each cookie sync represents another strand in a web that captures our attention, behavior, and ultimately our autonomy.

References

1. Claude by Anthropic

2. Panopticon by Dennis Richter

3. Panopticism from Discipline and Punish  by Michel Foucault (1975)

4. Postscript on the Societies of Control by Giles Deleuze (1992)

5. Privacy as Contextual Integrity by Helen Nissenbaum (2004)