Helping people with computers... one answer at a time.
There are numerous things that can be downloaded to your computer while surfing or shopping online. It's best to know what they are and how to manage them.
Hello, Leo. I occasionally purchase things online. Nothing terribly important – just the occasional movie or music album. As such, I've always wondered what information is saved on my computer when I do purchase something online. I've read that certain low quality mp3 files can contain purchasing information and some music retailers include your purchasing information within the mp3 file whether they are low quality or not.
How big of a privacy concern is that? In the unlikely event that someone hacked my computer could they find my purchasing info just by scanning my mp3s with some program?
Another thing I do begrudgingly is I use online banking. I already know of the concerns of having my account hacked, or my bank being hacked. However that still leaves me with questions. When I login to my account, obviously I receive cookies, but what else if anything is saved on my computer? If anything else is saved on my computer, how would I know and how would I delete it? The same question applies to my online email accounts.
Last but not least, what problems do I need to fear if I accidentally close my browser before logging out of my email account? Or something of similar importance? And does clearing cookies do the same thing as logging out?
In this excerpt from Answercast #27, I look at the various things that are downloaded as you use your computer and what (if any) you should be concerned about.
Several good questions in here that I think I want to address in general.
I do want to clarify one thing and that's the definition of this purchasing information you're concerned about getting stored on your computer or in your mp3 files.
Credit card information is actually held to a fairly high standard by the credit companies. Reputable online merchants are not allowed to store it in any way on your computer or even on their own. There are strong rules and regulations to maintain that level of privacy.
So, let's talk about mp3 files really quickly.
I download, or I should say I purchase my mp3s from Amazon.com. One thing that Amazon does is they allow me to play those mp3s on any device I own; unrestricted. There is literally no restriction on my ability to play those files on any device that I happen to own (that's capable of playing mp3 files.)
What they do to prevent piracy is they encode the mp3 file with something that identifies the account that purchased the mp3 file.
Now, I honestly don't know if it is in plain text. If you can just poke around in the mp3 files and see my email address. I would be shocked!
More likely, it is encrypted in some form. It's information that only Amazon could use to identify the account that purchased the mp3 file.
So for example, if my mp3 file suddenly ended up showing on peer-to-peer file sharing networks (in other words, it was being pirated), then Amazon could come back to me and say, "Hey, we noticed that this mp3 file has an identifier in it that identifies you as the person who purchased it. Why is it on these illegal file sharing sites?"
It's not something to worry about because I'm pretty convinced my privacy is well hidden and that only Amazon could identify who the purchaser of the mp3 file is.
Nothing more than that is going to be in there. Certainly not things like credit card information, or addresses, or any of the billing info and so forth. So, that doesn't concern me much at all.
Now with respect to online banking, most of what you are concerned about falls into two buckets: cookies and cache.
When you surf the web, in general, web pages are downloaded and they are downloaded into your browser cache so that the next time you visit that page, it's already in your cache and doesn't have to be downloaded... over a possibly slow internet connection.
The interesting thing is that https connections are not supposed to be cached. If you do all of your banking over an https connection (which you should), then that issue just goes away.
On https://, everything gets downloaded every time. The upside is that the screens that displayed your banking information, for example, are not being saved on your computer anywhere: with one exception I'll get to in a second.
The other issue is cookies. Cookies are typically the approach that sites use to maintain your login. When you login to a website, they place a cookie on your machine that basically says, "This person has logged in, and they can stay logged in for this amount of time."
Typically, when you close your browser, non-persistent cookies go away. So if you close your browser and come back to your banking site, you will find that you are no longer logged in because that cookie went away.
Persistent cookies are the opposite. They actually persist across the start and restart of your browser. They typically have an expiration time. They're good for either hours, days, or weeks or in some cases, years.
They are simply pieces of information that are stored on your computer.
Now, the third place (that I alluded to previously) is the paging and hibernation file. This one gets kind of weird.
While you have your web browser up (like viewing a web page, viewing your banking page), if you then hibernate your computer, there is very strong likelihood that the image of that page and everything that was on the screen at the time you hibernated will be placed in the hibernation file – hiberfile.sys.
If this is something that you are concerned about, I strongly recommend you disable hibernation and delete the hiberfile.sys if you find it.
That makes this problem go away.
The final place is your paging file and that only kicks in if memory is low.
Unfortunately, there isn't really a whole lot of control you have over that. It's rare that something like web page cache information, cookies, anything like that would be placed in a paging file: simply because those are normally stored in other place – on your disk cookies and cache. There's just no need to keep them in a paging file.
So, bottom line is, if you really are concerned about this, then you really only need to do three things:
The cache shouldn't be a problem for https connections, but there's nothing wrong in clearing the cache periodically. It will actually speed up your browsing experience a little bit for a while.
Then, finally, go ahead and clear cookies from time to time. There's nothing wrong with doing that. I don't personally believe that there's a lot of sensitive information that's stored in cookies, but it's controlled by your bank so we don't really know what's stored in a cookie.
In general, they simply store an identifier that says, "This is Leo," and then they look up the sensitive information on their computers. It's never actually on your computer. But clearing cookies periodically is absolutely a good thing to do.
I recommend a program called CCleaner to do both the cache and cookie cleaning. It's safe. It clears the right things.
You will find that then when you clear cookies, you are clearing cookies for
all sorts of applications. I believe CCleaner will let you set up exceptions,
but the bottom line is that you may find yourself suddenly logged out from
other applications in addition to your banking because you've cleared out their
cookies as well.
Next from Answercast #27 – How do I see the "Undisclosed recipients" on an email I sent?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.