Who is tracking your internet activity, and why?
Your every move online is being tracked. Decentralized VPNs can better protect our privacy.

Everything we do online — browsing, payments, messaging, even carrying a phone — leaves a digital trace. Sophisticated surveillance systems track and harvest personal data to build and sell user profiles, often for political and commercial purposes.
VPNs and other privacy technologies are evolving to counteract mass data collection. Decentralized VPNs (dVPNs) offer stronger privacy protection, helping users stay anonymous. As tracking methods become more advanced, adopting these tools is essential to safeguarding online privacy.
Internet tracking today
Given the diversity of online tracking techniques and agents, let’s start with a story. In 2018, it was revealed that Cambridge Analytica harvested Facebook data from 87 million users. Originally collected via an app for academic research, the data was exploited for targeted ads and political campaigns. The app accessed not just users but also their friends’ data, multiplying exposure.
Cambridge Analytica built psychological profiles from user preferences and likely aided Russian interference in the 2016 U.S. election. This case highlights how tech giants like Facebook and Google collect massive user data, posing risks of breaches into commercial, state, or criminal hands — all despite privacy agreements.
New default web encryption
Since the privacy scandals of the 2010s, the web has improved default privacy protections. Most reputable sites now use HTTPS encryption, securing user activity.
[Encryption](/blog/what-is-encryption] ensures only you and the intended recipient can access the data you share, protecting transactions like credit card payments. Hacking or advanced decryption would be needed to intercept this information. However, while default web encryption like HTTPS secures data in transit, it doesn’t protect metadata or prevent tracking by websites and advertisers.
The limits of encryption for privacy
Advancements in tracking what we do online make it so that encryption, however robust, is not enough. As we will see, the metadata surrounding our encrypted activities can be used to develop precise profiles of what we do, when, with whom, and even about us personally.
For data harvesters, brokers, surveillance, and exploiters, this is not simply about what we have done online in the past, but also about what we want, expect, and will do.
What is metadata?
What is a VPN?
Using VPN to not be tracked online
A VPN acts as a proxy for your online activity by encrypting your connection before routing it through its own server. This makes your data unreadable in transit. Once it reaches the VPN’s server, your IP address is replaced with the VPN’s before continuing to the internet.
This process masks your activity, making it harder — though not impossible — to trace it back to you. Websites see the VPN’s IP instead of yours, and agencies tracking web access must go through the VPN first. While this helps block profiling and basic surveillance, advanced tracking methods can bypass traditional VPN protections.
Tracking vulnerabilities of traditional VPNs
Most VPNs use centralized architectures, rerouting traffic through their own or rented servers. This means user data is stored in a central location, making it vulnerable to breaches or cyberattacks. Even VPNs that claim no logs likely retain some metadata, which authorities can pressure them to disclose.
While VPNs remain valuable for privacy, a better architecture is needed. Decentralized VPN technologies are emerging to reduce these risks, offering enhanced security by eliminating central points of vulnerability.
Learn all about the difference between centralized and decentralized VPNs in Nym's guide.
Preventing tracking with NymVPN
Most mainstream VPNs use a single proxy server to mask traffic, creating privacy risks. Decentralized services like NymVPN address this by routing data through multiple independently run servers, or "nodes," instead of a central server that could log metadata.
NymVPN encrypts data in multiple layers, like an onion, removing one layer at each node to reveal the next randomized destination. Users can choose between a default 2-hop mode for speed or a 5-hop mode for enhanced privacy. With the mixnet in Anonymous Mode, your traffic patterns are further scrambled data with cover traffic, data mixing, and timing obfuscation to prevent tracking.

Online tracking: FAQs
How do browser and device fingerprinting methods bypass VPN IP masking?
How do browser and device fingerprinting methods bypass VPN IP masking?
Advanced fingerprinting techniques—like canvas, font lists, screen resolution—link device sessions even when IP is hidden. Protection requires browser-level privacy tools in addition to VPN encryption.
Can advertisers correlate anonymized sessions over time through metadata?
Can advertisers correlate anonymized sessions over time through metadata?
Yes—time-of-day habits, session length, and browsing order can be profiled unless mixnet-style coverage traffic obscures these metadata traces over repeated sessions.
How much can third-party trackers reconstruct user identity based on social media login behavior, despite VPN use?
How much can third-party trackers reconstruct user identity based on social media login behavior, despite VPN use?
Sign‑in behaviors (via OAuth, cookies) often tie browsing sessions to real identity even behind a VPN. Disconnecting login sessions or using burner accounts can limit linkability.
Do ISPs and mobile carriers still track VPN usage at scale?
Do ISPs and mobile carriers still track VPN usage at scale?
Even if content is encrypted, ISPs see encrypted tunnel connections. Some may throttle or block VPN use. Decentralized VPNs rotating exit points and traffic patterns can mitigate this profiling risk.
How does behavioral tracking intersect with AI surveillance beyond IP-based tracking?
How does behavioral tracking intersect with AI surveillance beyond IP-based tracking?
Modern AI systems analyze metadata clusters and usage patterns—even anonymized—to infer identities or preferences. Cover traffic and nondeterministic routing (from mixnets) disrupt such inference pipelines.
Share
Table of contents
Keep Reading...

What is Internet privacy & why you should care
Our privacy online is under threat, but there is a lot we can do to protect ourselves

Do VPNs protect you from hackers? Experts answer
VPNs can be powerful tools in protecting us from hackers, but not all cyber attacks. dVPNs are even more effective.

Decentralized VPNs (dVPNs): What are they?
What decentralized VPNs are and how they are different from traditional ones.

Why NymVPN's Anonymous mode provides the best privacy
Appreciating the value of technologically enhanced VPN privacy