Tracking Protection

Right now, without doing anything, you are being followed across the internet by somewhere between 50 and 300 separate companies. You’ve never heard of most of them. They know more about your browsing habits than your closest friends.

This isn’t paranoia. It’s the business model.

What Trackers Actually Are

A tracker is a piece of code — usually a script or a pixel — that loads invisibly when you visit a website. It records that you were there, what you looked at, how long you stayed, what device you used, and then reports all of that back to a third-party server. The website you’re visiting often isn’t even the one collecting this data. It’s renting out the collection to someone else.

The mechanism looks like this:

You visit Site A → Tracker loads → Records your visit
You visit Site B → Same tracker → Knows you visited both
Repeat 100 times → Complete behavioral profile built

That profile gets sold, refined, and acted on. The headphone ad that follows you for two weeks after a single Amazon search isn’t a coincidence — it’s the system working exactly as intended.

How Stoix Blocks Trackers

Every tracker loads from a domain. doubleclick.net, connect.facebook.net, scorecardresearch.com — these aren’t the sites you’re visiting, they’re the infrastructure sitting underneath them. When a page tries to load one of these domains, a DNS request goes out. Stoix intercepts that request, checks the domain against its tracker list, and returns nothing if it’s a match. The script never loads. The pixel never fires. The data never leaves.

What Gets Blocked

Ad network trackers: Google DoubleClick, Amazon advertising, Taboola, Outbrain — the networks that stitch together your browsing history across unrelated sites.

Analytics trackers: Third-party analytics, heatmap tools, session recording software. If a service is watching where your mouse moves on someone else’s website, it’s being blocked.

Social media trackers: The Facebook Pixel, Twitter conversion tracking, LinkedIn’s Insight Tag. These load on millions of sites that have nothing to do with social media, reporting your activity back to platforms you may not even be logged into.

Fingerprinting scripts: Trackers that collect browser details, screen resolution, installed fonts, and system specifics to build a unique fingerprint of your device — a method designed specifically to track people who clear their cookies.

The Real-World Difference

Without tracking protection:

1. Search “wireless headphones” on Google
2. Visit Amazon, look at a few options, don’t buy
3. Read a tech review on a blog
4. Open Instagram
5. For the next two weeks: headphone ads on every surface of the internet

This isn’t Google reading your mind. It’s three separate tracker networks sharing notes about you in real time.

With Stoix blocking trackers:

1. Google still knows what you searched (first-party, can’t be DNS-blocked)
2. Amazon still knows what you viewed (same reason)
3. Tech blog tracker: blocked
4. Instagram third-party tracking: blocked
5. Each site operates with its own data — the cross-site profile doesn’t form

The tracking that remains is first-party — the site you’re actually using. The tracking that disappears is the invisible third-party infrastructure that connects your behavior across everywhere you go.

How the Main Tracking Methods Work

Third-Party Cookies

A cookie set by a tracker domain rather than the site you’re visiting. It persists across websites, letting the same company recognize you on a news site, a shopping site, and a forum. Stoix blocks the tracker domain from loading, so the cookie never gets set.

Tracking Pixels

An invisible 1x1 image hosted on a tracker domain. When the page loads, your browser fetches the image, and that fetch tells the tracker you were there, what time it was, and details about your session. Block the domain, the pixel can’t load, the visit goes unreported.

Device Fingerprinting

No cookies needed. The script collects your browser version, operating system, installed fonts, screen dimensions, and time zone — enough unique data points that the combination identifies your device with high reliability. Stoix blocks the known domains serving these scripts.

Social Media Widgets

“Like” buttons and share widgets on third-party sites load resources from Facebook, Twitter, and similar platforms. Even if you never click them, they log your visit and report it back. The buttons stop working outside the social platforms themselves, but the tracking function is what gets blocked.

Protection Levels

Configure these in your Content Policies:

Strict: Blocks all known trackers. Maximum privacy. Some sites may behave unexpectedly if they depend on tracker infrastructure for functionality.

Moderate (recommended for most): Blocks the majority of trackers while maintaining normal site functionality. The right balance for everyday use.

Light: Blocks major trackers only. Good baseline protection with minimal risk of anything breaking.

Combining Protection Layers

DNS blocking handles tracker domains. For trackers that load from the same domain as the content (first-party tracking) or use techniques DNS can’t reach, layering additional tools helps:

DNS Filtering + Browser Extension:

Stoix DNS → blocks known tracker domains
uBlock Origin → catches trackers that slip through

DNS Filtering + Privacy Browser:

Stoix DNS → blocks tracker domains
Firefox or Brave → built-in tracker blocking + cookie isolation
Third-party cookies disabled → removes another tracking vector

DNS Filtering + VPN:

VPN → hides your IP address
Stoix DNS → blocks tracker domains

Learn more about VPNs vs DNS filtering

What DNS Blocking Can’t Catch

First-party tracking — analytics running on the website’s own domain — is outside what DNS filtering can block without breaking the site entirely. Server-side tracking that happens before a page is sent to you doesn’t generate separate DNS requests. CNAME-cloaked trackers disguise themselves as first-party domains, though Stoix catches a significant portion of these by resolving the chain.

Browser extensions and privacy browser settings cover gaps DNS filtering leaves. The tools are complementary.

Testing Your Protection

Visit CoverYourTracks.eff.org — it shows what trackers can currently see about your browser and generates a fingerprinting protection score. Run it before and after enabling Stoix tracking protection to see the concrete difference.

Your Analytics dashboard logs blocked tracker domains in real time. Common entries: doubleclick.net, googletagmanager.com, amazon-adsystem.com, connect.facebook.net. Seeing these blocked is the filter working as expected.

Additional Privacy Settings Worth Configuring

Browser settings that help:

• Disable third-party cookies in Chrome, Firefox, or Safari settings
• Enable strict tracking protection mode in Firefox
• Safari’s “Prevent cross-site tracking” under Preferences → Privacy

Platform opt-outs (they don’t eliminate tracking, but they reduce it):

• Google: myaccount.google.com/data-and-privacy
• Facebook: Settings → Ads → Ad preferences
• Amazon: Account → Advertising preferences

iOS: Settings → Privacy → Tracking → Disable “Allow Apps to Request to Track” — this cuts off app-level tracking across the board.

Learn More

• Block Ads Guide
• DNS vs VPN
• Malware Protection

Questions? Contact us