When I visit a website it sometimes puts cookies on my browser. Usually cookies keep track of browsing info from that particular site. If I don't delete those cookies and browse other websites, will the cookies be able to know which site I am browsing? Also, can any website read browsing history which is saved by browsers? Can any website know about my browsing history by help of cookies, browsing histories saved by browsers, or by any scripting language e.g. javascript?
3 Answers
The short answer is yes, though it is not as easy as you might think.
The browser stores cookies independently for each domain. That means that www.foo.com
cannot access the cookies made by www.bar.com
and vice versa.
The vulnerability (or loophole) is in included pages. Most advertisements come from a different domain than the page itself, so they create their own sets of cookies. When another site includes an ad from the same ad provider, they can read their own cookies created earlier and they know you visited that page earlier. This way they can only track you on sites that host their ads. This is the strategy Google uses to serve relevant ads.
Also Facebook and other social networks can do this because of their ubiquitous like
, tweeet
, pin
etc. buttons, which are also included content. This is not avoidable without disabling cookies altogether or using private browsing, but that could be a major burden (Cookies do make the Internet convenient). I personally choose not to be paranoid of these things.
-
-
I've touched disabling cookies in my answer; what other thing do you mean by the user allowing this to happen? The
Do not track
header only requests servers to disable tracking, but it's up to them if they honor it or not. If they are malicious, why would they care? If they're not, why would you?– mategaCommented Jan 13, 2015 at 7:27 -
You can install Disconnect in your browser to block this data from being sent.– dangphCommented Jan 13, 2015 at 7:47
-
3@matega You can allow a website to create its own cookie. You can also not allow Facebook to create a cookie, when you visit a website that implements Facebook
Like
voting, by not allowing third-party cookies to be created.– RamhoundCommented Jan 13, 2015 at 12:01 -
1Oh. +1. I did not know about that, thanks for the info. But still, that breaks some functionality and I am not paranoid enough (i.e. at all) to give up on that functionality. There are far worse things out there than targeted advertising (heck, I'd say it's even good sometimes).– mategaCommented Jan 13, 2015 at 16:32
A third-party cookie placed on your machine at one site can be detected at a later time by the third party, so your browsing history is to some extent public. There are both HTML and Flash cookies, so if you wish to remove them delete both types.
Browsers such as Firefox can be set to a "private" mode in which cookies are deleted at shutdown. Cookies can also be deleted by the browser or by free tool such as CCleaner. Deleting cookies may require you to log into sites which had opened automatically before.
-
A third party is not able to detect nor read cookies not created by their domain.– mategaCommented Jan 12, 2015 at 22:37
-
I think the Dr is saying the same thing you did. "A third-party cookie" can later be read by "the third party," that is, the same third party that dropped the cookie in the first place. Commented Jan 12, 2015 at 23:00
-
But that ability doesn't provide them any information about the websites you viewed.– RamhoundCommented Jan 12, 2015 at 23:14
-
Not if they don't litter most of the websites you visit with their content. Which is what Facebook, Google and other are doing. Also, after the edit, this does make sense - if not immediately obvious how.– mategaCommented Jan 13, 2015 at 16:37
First yes. Simply put, if you allow a site to save your cookies, they will often share them with other syndicated sites, so that when you go to other syndicated sites, you will be prioritized to show what you've searched for.
If you want to avoid this, there are three ways:
1.Use browser focused on privacy(eg: Private Browser). Using Private Browser will keep you from being tracked, and once you exit, all of your records and passwords will be erased by default, which is the most convenient method.
2.Turn on privacy mode of the normal browser(eg:Chrome,UC,Firefox). Main browsers generally have privacy mode, and you can usually find it directly from the menu or the bottom bar and turn on it. But some also reflect that these modes are not completely private.
3.Keep Clear Browsing history. It means that each time you exit the browser, you need to go to setting>clear data. It's relatively cumbersome.