JunkMail
Back to blog

Beyond Cookies: How Your Email Fuels Ad Tracking

Think cookies are the only things tracking you? Your email address is a far more powerful surveillance tool for advertisers. Find out how and protect yourself.

By Leadership Team1/25/2026

Do you delete your cookies, use a VPN, and browse in private mode? Those are good habits. However, as the announced end of third-party cookies forces the advertising industry to find new tracking methods, an identifier you use every day has become its new gold mine: your email address.

Far more persistent than a cookie, it has become the "super-identifier" that allows you to be tracked from one platform to another, from your favorite e-commerce site to your social media networks.

The Secret: The "Hashed" Email, a False Sense of Protection

When you sign up for a service, advertising giants like Meta (Facebook, Instagram), Google, TikTok, and LinkedIn encourage businesses to share their customer lists through systems like "Custom Audiences" or "Customer Match."

The principle is simple but formidable:

  1. A merchant (shoe-site.com) sends its customer list (including your.email@domain.com) to the advertising platform.
  2. To create a semblance of privacy, the email is "hashed" using an algorithm like SHA-256. It's transformed into a unique string of characters (e.g., f1d2d2f924e986ac86fdf7b36c94bcdf32beec15). This is a one-way operation, which provides a false sense of security.
  3. The advertising platform, which already knows your email, performs the same calculation. If the two results match, it knows you are the same person, without ever having read the "plain text" email shared by the merchant.

The link between your shopping activity and your social profile is now established, bypassing cookie-based protections.

The Tracking Ecosystem in Action

Let's imagine a concrete scenario:

  1. You buy a pair of sneakers on shoe-site.com using john.doe@email.com.
  2. That same evening, the site sends the hash of your email to Google and Facebook.
  3. Both platforms identify you.
  4. The next day, an ad for athletic socks appears on your Instagram feed. When you search on Google, you see an ad for the same sneakers at the top of the results.

This is no coincidence. This is cross-platform retargeting. Worse, your email (and the fact that you buy sneakers) can be sold to data brokers. These companies aggregate thousands of sources to enrich your profile, which can then include your estimated income, political views, or family status, all linked to this single identifier: your email.

The Radical Solution: Compartmentalization with Aliases

How can you break this surveillance chain? By using a compartmentalization strategy with email aliases. An alias is a unique email address that forwards to your main inbox. The idea is to use a different one for each service.

Let's revisit our example with aliases:

  • For Facebook: facebook.jd@myalias.com
  • For the shoe site: shoes.jd@myalias.com
  • For Google: google.jd@myalias.com

Now, when shoe-site.com sends the hash of shoes.jd@myalias.com, neither Facebook nor Google will find a match. The silos are sealed. But the benefits go further:

  • Leak Traceability: If you suddenly start receiving spam at the shoes.jd@myalias.com address, you know exactly which service sold or had your data stolen.
  • Instant Revocation: Instead of fighting to unsubscribe, you can simply disable the alias. The flow of unwanted messages stops instantly.

Reclaim Control of Your Digital Identity

Cookies were the first battle for online privacy. The second, more decisive one, is the battle for identity. Using your main email address everywhere is like giving out the same key for your house, your car, and your office.

Using aliases isn't just a geeky trick. It's a fundamental shift in managing your digital identity. It's the simplest and most effective tool to fragment your online footprint, make the work of advertisers and data brokers nearly impossible, and finally take back control. Your privacy should not be a product.