You clicked a link just now to read this article.
In the time between your finger touching that link and this page appearing on your screen, something extraordinary happened. Something that involves your device, your internet provider, servers on multiple continents, dozens of invisible companies you have never heard of and a chain of events so precisely timed that a delay of even 200 milliseconds would have made this page feel slow to you.
That chain of events also involves your data being read, logged, analysed and in many cases sold all before you finished reading the headline.
This is what actually happened in those 0.3 seconds.
Millisecond 0 Your Finger Leaves the Screen
The moment you click a link, your device first checks its own memory to see if it has visited this address recently. If it has not, it moves to the next step.
Simultaneously, before a single byte of the actual website has been requested, tracking scripts embedded in the page you just left fire a “click event” back to their servers. Google Analytics, Facebook Pixel and dozens of advertising networks record the fact that you clicked that specific link at that specific time.
Your click itself is data. And it was collected before the new page even started loading.
Milliseconds 1 to 30 – The DNS Lookup
Your device now translates the human-readable web address into a numerical IP address that computers use to find each other. This is called a DNS lookup and it is one of the most consequential things that happens every time you use the internet.
Your device sends a query to a DNS resolver operated by your Internet Service Provider, Google or Cloudflare. If it does not know the answer, it contacts one of the thirteen root DNS servers that form the backbone of the entire global internet and works down through a hierarchy until it finds the answer.
Here is what most people never realise: your DNS queries are a complete map of every website you have ever visited. Every domain you look up passes through your ISP’s DNS resolver. In most countries, ISPs are legally permitted to log, analyse and in some cases sell this data. Every website. Every app. Every search. All visible at the DNS level unless you are using encrypted DNS, which almost nobody is.
Milliseconds 30 to 80 – The TCP Handshake
Once your device has the server’s IP address, it establishes a connection through a TCP handshake a three-step exchange that confirms both sides are ready to communicate. In ideal conditions this takes under 50 milliseconds.
What most people do not know is that during this handshake, your device reveals its IP address, operating system, browser version and a collection of technical parameters that together create what security researchers call a “device fingerprint” a unique identifier that can track you across the internet even if you clear your cookies, use incognito mode or switch browsers.
You cannot opt out of the TCP handshake. It is how the internet works. And it is leaking your identity every single time.
Milliseconds 80 to 150 The SSL Handshake and the Invisible Gatekeepers
If the website uses HTTPS, your device and the server perform an additional exchange to establish an encrypted connection the SSL handshake. The website presents its SSL certificate, your browser verifies it, and an encrypted tunnel is established.
But here is what happens simultaneously that almost nobody talks about.
Before the actual content begins loading, between 30 and 80 separate third-party connections are initiated in the background. These are requests to advertising networks, analytics platforms, social media tracking pixels and data management companies none of which are the website you actually asked to visit.
Each of these connections sees your IP address. Each logs your visit. Facebook’s tracking pixel fires on millions of websites that have nothing to do with Facebook. Google’s analytics scripts run on over 50% of all websites on the internet. You do not need to visit Facebook or Google for them to know exactly where you went.
Milliseconds 150 to 250 – The Data Travels Across the Planet
The server now sends the website’s files to your device. These files are broken into thousands of individual data packets, each finding its own fastest route across physical cables, routers and data centres spanning the entire planet.
Some packets travel through undersea cables beneath the Atlantic or Pacific ocean. Some hop through data centres in Singapore, Frankfurt or Virginia. They arrive from multiple directions simultaneously and are reassembled in the correct order before your browser renders them.
If a website is hosted on a Content Delivery Network, your data may travel only a few hundred kilometres. If hosted on a single origin server on the other side of the world, those packets may travel over 15,000 kilometres in under 200 milliseconds.
Milliseconds 250 to 300 – Your Browser Builds the Page
Your browser now renders the files into the visual page you see. JavaScript execution is where the most significant privacy implications occur.
The moment JavaScript runs, it can access your browser’s stored data, read your device’s technical specifications, measure your screen dimensions, detect your installed fonts, track your mouse movements and in some cases access your clipboard.
Cookie consent banners are in most cases not actually waiting for your permission. Research by privacy organisations has repeatedly found that many websites begin data collection the moment you land on the page before you click accept or decline. The banner is frequently a legal formality. The collection has often already begun.
What You Can Do Right Now
Understanding what happens in those 0.3 seconds is the first step. Protecting yourself is the second.
Switch your DNS to Cloudflare’s encrypted resolver by setting your DNS to 1.1.1.1 in your device’s network settings. This prevents your ISP from logging every website you visit.
Install uBlock Origin in your browser a free open-source extension that blocks the majority of third-party tracking scripts and advertising pixels that fire before you have finished loading a page.
Use a reputable VPN for sensitive browsing particularly on public WiFi where your DNS lookups and TCP handshake data are visible to anyone on the same network.
Regularly clear your browser’s third-party cookies to disrupt the cross-site tracking profiles that advertising networks build using your connection data.
The Internet Is Not What You Think It Is
Most people experience the internet as a window something they look through to reach information and each other.
The reality is closer to a two-way mirror.
Every click, every page load, every 0.3-second journey your data takes is simultaneously a journey your identity takes through dozens of systems designed to observe, record and monetise your behaviour.
This is not a conspiracy. It is not a secret. It is simply the infrastructure of the modern internet built this way deliberately, operating this way continuously and understood by almost nobody who uses it every day.
Now you are one of the people who understands it.
What you do with that understanding is entirely up to you.