Helping people with computers... one answer at a time.

There are numerous things that can be downloaded to your computer while surfing or shopping online. It's best to know what they are and how to manage them.

Hello, Leo. I occasionally purchase things online. Nothing terribly important – just the occasional movie or music album. As such, I've always wondered what information is saved on my computer when I do purchase something online. I've read that certain low quality mp3 files can contain purchasing information and some music retailers include your purchasing information within the mp3 file whether they are low quality or not.

How big of a privacy concern is that? In the unlikely event that someone hacked my computer could they find my purchasing info just by scanning my mp3s with some program?

Another thing I do begrudgingly is I use online banking. I already know of the concerns of having my account hacked, or my bank being hacked. However that still leaves me with questions. When I login to my account, obviously I receive cookies, but what else if anything is saved on my computer? If anything else is saved on my computer, how would I know and how would I delete it? The same question applies to my online email accounts.

Last but not least, what problems do I need to fear if I accidentally close my browser before logging out of my email account? Or something of similar importance? And does clearing cookies do the same thing as logging out?

In this excerpt from Answercast #27, I look at the various things that are downloaded as you use your computer and what (if any) you should be concerned about.

Downloading purchasing information

Several good questions in here that I think I want to address in general.

I do want to clarify one thing and that's the definition of this purchasing information you're concerned about getting stored on your computer or in your mp3 files.

  • The short answer is that your credit card information, your payment information, is not stored in any of these places.

Credit card information is actually held to a fairly high standard by the credit companies. Reputable online merchants are not allowed to store it in any way on your computer or even on their own. There are strong rules and regulations to maintain that level of privacy.

Information in mp3 files

So, let's talk about mp3 files really quickly.

I download, or I should say I purchase my mp3s from Amazon.com. One thing that Amazon does is they allow me to play those mp3s on any device I own; unrestricted. There is literally no restriction on my ability to play those files on any device that I happen to own (that's capable of playing mp3 files.)

What they do to prevent piracy is they encode the mp3 file with something that identifies the account that purchased the mp3 file.

Now, I honestly don't know if it is in plain text. If you can just poke around in the mp3 files and see my email address. I would be shocked!

More likely, it is encrypted in some form. It's information that only Amazon could use to identify the account that purchased the mp3 file.

So for example, if my mp3 file suddenly ended up showing on peer-to-peer file sharing networks (in other words, it was being pirated), then Amazon could come back to me and say, "Hey, we noticed that this mp3 file has an identifier in it that identifies you as the person who purchased it. Why is it on these illegal file sharing sites?"

Privacy is protected

It's not something to worry about because I'm pretty convinced my privacy is well hidden and that only Amazon could identify who the purchaser of the mp3 file is.

Nothing more than that is going to be in there. Certainly not things like credit card information, or addresses, or any of the billing info and so forth. So, that doesn't concern me much at all.

Online banking

Now with respect to online banking, most of what you are concerned about falls into two buckets: cookies and cache.

When you surf the web, in general, web pages are downloaded and they are downloaded into your browser cache so that the next time you visit that page, it's already in your cache and doesn't have to be downloaded... over a possibly slow internet connection.

  • There are things on your computer that are saved in your internet cache.

The interesting thing is that https connections are not supposed to be cached. If you do all of your banking over an https connection (which you should), then that issue just goes away.

On https://, everything gets downloaded every time. The upside is that the screens that displayed your banking information, for example, are not being saved on your computer anywhere: with one exception I'll get to in a second.

The other issue is cookies. Cookies are typically the approach that sites use to maintain your login. When you login to a website, they place a cookie on your machine that basically says, "This person has logged in, and they can stay logged in for this amount of time."

  • Cookies can be persistent or not.

Typically, when you close your browser, non-persistent cookies go away. So if you close your browser and come back to your banking site, you will find that you are no longer logged in because that cookie went away.

Persistent cookies are the opposite. They actually persist across the start and restart of your browser. They typically have an expiration time. They're good for either hours, days, or weeks or in some cases, years.

They are simply pieces of information that are stored on your computer.

Hibernation files

Now, the third place (that I alluded to previously) is the paging and hibernation file. This one gets kind of weird.

While you have your web browser up (like viewing a web page, viewing your banking page), if you then hibernate your computer, there is very strong likelihood that the image of that page and everything that was on the screen at the time you hibernated will be placed in the hibernation file – hiberfile.sys.

If this is something that you are concerned about, I strongly recommend you disable hibernation and delete the hiberfile.sys if you find it.

That makes this problem go away.

Paging file

The final place is your paging file and that only kicks in if memory is low.

  • If you've got enough RAM in your computer, the paging file will simply not be an issue.

Unfortunately, there isn't really a whole lot of control you have over that. It's rare that something like web page cache information, cookies, anything like that would be placed in a paging file: simply because those are normally stored in other place – on your disk cookies and cache. There's just no need to keep them in a paging file.

So, bottom line is, if you really are concerned about this, then you really only need to do three things:

  1. Turn off the hibernation file like I mentioned earlier;
  2. Turn off the hibernation function if it's available on your computer;
  3. Clear your cache regularly

Cache and cookies

The cache shouldn't be a problem for https connections, but there's nothing wrong in clearing the cache periodically. It will actually speed up your browsing experience a little bit for a while.

Then, finally, go ahead and clear cookies from time to time. There's nothing wrong with doing that. I don't personally believe that there's a lot of sensitive information that's stored in cookies, but it's controlled by your bank so we don't really know what's stored in a cookie.

In general, they simply store an identifier that says, "This is Leo," and then they look up the sensitive information on their computers. It's never actually on your computer. But clearing cookies periodically is absolutely a good thing to do.

I recommend a program called CCleaner to do both the cache and cookie cleaning. It's safe. It clears the right things.

Clearing cookies changes a lot of things:

You will find that then when you clear cookies, you are clearing cookies for all sorts of applications. I believe CCleaner will let you set up exceptions, but the bottom line is that you may find yourself suddenly logged out from other applications in addition to your banking because you've cleared out their cookies as well.

Article C5486 - June 18, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Paul
June 19, 2012 8:50 PM

Hi Leo, CCleaner will let you set up exceptions for cookies you want to keep. I find it easiest to clean all cookies, then as I visit sites I want to keep coookies for I enter them into CCleaner's list as I go. Eventually the all cookies I want to keep are on the list.

James
June 22, 2012 3:02 AM

I've nothing against CCleaner, but you can tell Firefox or Opera to clear all new cookies when the browser is closed, and at least in Opera, you can specify exceptions.

Ken
June 23, 2012 11:29 PM

Hi Leo,
In Google Chrome the Clear Browser tool lets you clean the cookies. Click on the Tools/Settings/Show Advanced settings/Privacy/Content Settings/All Cookies and Site Data. Here you can delete any cookies you do not want. Some of the cookies make life easier. But the cookies can build up fast. I routinely go here and delete unwanted cookies.
In IE9 you can also delete unwanted cookies by going to Tools/Browsing History/Settings/ View Files. It is easier to differentiate cookies from other stuff if you do a Delete of the Browser History first. Then you can select the cookies you do not want and delete them.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.