I know I’m not the first to point this out, but tracking by websites is out of control. After an hour of being online today, all at mainstream websites, I somehow managed to accumulate more than 8,000 trackers.

After finishing that, I went to a news site, did a Google search, and checked an airline to see if I could change a flight date. I also scrolled through a few Facebook pages. In under 15 minutes, I collected over 1,320 different tracking tools, from cookies to pixels.

A recent study by SurfShark found most commonly-used websites hide as many as 100 trackers each. I believe them, but my experience showed substantially more. Here’s what the site said had to most and least tracking devices triggered by the websites they searched.

The California Consumer Protection Act (CCPA) has been billed as the toughest online privacy legislation in the country and makes unauthorized tracking of personal information, such as identifiable IP addresses, a violation. CCPA went into effect more than a year ago, but sites are still not complying with the rules. The EU’s GDPR provides even more protection.

As of September 23021, more than 62% of companies report they are not fully compliant with the data regulations such as GDPR and CCPA. Even more troubling, a sur4vey published in CPO magazine said that 25% of companies surveyed – that were required to comply with privacy laws – did not know which data regulations applied to their companies.

Perhaps the most well-known tracker is the cookie — a small block of data produced by web servers when you browse a website. The cookie is downloaded to your device (usually more than one). Cookies can be useful, such as sites remembering who you are and validating logins automatically. Typically, they are used to track your behavior online, even cross-site behavior. It’s how Facebook knows other sites you visited even if you’re not logged in.

The GDPR requires prior consent before tracking cookies are applied. Many sites still don’t do that. CCPA requires sites to inform users what data is being collected, stored, and processed (such as sold or used for advertising purposes). Most sites still don’t do this, burying any information in lengthy terms of service or making users jump through multiple hoops to find it.

In the worst cases, the data is purposely obscured violating both the legalities and spirit of the laws.

Apple Safari, Firefox, and others have already blocked cookies without permission. Google announced it was going to do the same for its Chrome browser (yes, the world’s most used browser), but recently pushed it off until 2023. The cookie’s going to be with us for some time.

And finally…

In writing this article, I visited Google and 3 websites for research. You guessed it. More trackers. This time 358 or an average of almost 90 trackers per page.

Oh, and to be fair, I went to this page on my website. More than 50 trackers. Yup, even I’m not immune. By the way, I don’t collect, store, or sell data here. That’s on the hosting platform and any plugins I use to make my site run smoothly.

Even when you try to be tracker-free, it appears someone else will be watching.