Helping people with computers... one answer at a time.

Browser cookies are a way that web sites can leave information on your computer that they can use when you return to their site. Simple and powerful.

Can [a] site collect the following information:

- My computer name (the name I assigned to my computer)?

- Profile information???

- My browsing history (any/all sites I've visited and when) or can they just tell the number of items in my history?

- Email addresses associated with my computer?

In a previous question What can a website I visit tell about me? I discussed the information that's made available to all websites no mater what they do. The original question included these.

The strict answer remains "no" to the question as posed, but in reality things aren't quite that simple.

For example, web sites can remember what you tell them, and we often tell them more than we think.

And the remembering? That's typically using something called a "browser cookie".

Cookies are nothing more than data a website can place on your computer that's automatically sent by your browser the next time you visit the same site.

It's called a cookie because it doesn't have to be anything specific. It could, for example, just be a flag that you've visited the site before, or perhaps a number that somehow identifies you to that site.

For example, when you visit Ask Leo! and you see the newsletter subscription pop-up, a cookie is placed on your machine that says "ask-leo.com: this person has seen the newsletter pop-up, don't show it again". The next time you visit a page on ask-leo.com from the same computer and browser that cookie is automatically sent along with your page request and the site knows not to bug you with that newsletter popup again. (By the way, if it does check out this article.)

Another example is a site where you need to login. A cookie might be used to "remember" your login name.

"A site might know your name ... but only because you told it your name the first visit."

The first time you visit such a site, you type in your login name and password, and perhaps click a button labeled "remember me". Once the login is successful, the site might put a cookie on your machine that says "username=Fred". The next time you visit that site that cookie is automatically sent with your page request, and the site "knows" that you're Fred, and pre-fills in the username field.

The most interesting example appears at first to be a little more obscure but is ultimately the most powerful for the website operator.

The first time you visit a site, you register and login. The site then places a cookie on your machine not with anything you'd recognize, but instead with some kind of unique identifier. Perhaps a retail store will place your specific customer number in a cookie on your machine. Now, when you return to that store's web site your computer automatically provides your customer number, and the web site knows that you're a returning customer. So far so good.

But the store has been collecting data about you as you've shopped and made purchases. A simple store might use your customer number to pre-load your shipping address for you when it comes time to check out. That's not stored on your computer, but on the store's computers. Since it knows who you are, by virtue of the customer number stored in a cookie (and perhaps your subsequent login - important for security, but not technically required), they can access their own database of customer information and retrieve your shipping address.

Some stores go even further - greeting you by name the moment you return before you even login, and customizing the products that they display specifically based on what they can see are your previous interests and purchase habits.

All because a single cookie they placed on your machine lets them know immediately who you are.

Now, before we go getting all paranoid, it's important to realize that not just anyone can see every cookie.

For example, cookies associated with "ask-leo.com" cannot be read by any other site. So yes, you might be sending more information to ask-leo.com (the information that says you've already seen my popup, for example), but that information only goes to ask-leo.com and no other.

Similarly, your customer number at http://reallybigbookstore.com/ would be stored in a cookie that's accessible only to reallybigbookstore.com and no one else.

It's also important to note that cookies only contain information that's been placed there by web sites, and thus can only contain information that the site already knows. A site might know your name, and send that in the second and subsequent visits - but only because you told it your name the first visit.

Cookies are nothing more than a way for websites to remember something - anything they choose to remember - from visit to visit.

Are you interested in what cookies are on your machine? You can check 'em yourself:

In Internet Explorer:

  • Click on the Tools menu

  • Click on the Internet Options menu item

  • Click on the General tab, if it's not already showing

  • In the section labeled "Browsing history" click on the Settings button

  • Click on the View files button

In the resulting view, everything that begins with "cookie:" is a cookie placed by the named site. You can view the cookies in notepad, if you like, but generally, the information within a cookie is rarely meant to be read by humans, so it might not make a lot of sense.

In FireFox:

  • Click on the Tools menu

  • Click on the Internet Options menu item

  • Click on the Privacy tab

  • Click on the Show Cookies... button

Once again, listed by site, are the cookies FireFox has collected on your computer. Firefox happens to do a better job of displaying the contents of cookies for you, though once again they still might not make a lot of sense.

Cookies, in and of themselves, are nothing to be concerned about. They enable a tremendous amount of functionality on the web. If you were to disable cookies completely you'd quickly find that a bunch of stuff would stop working, or become really, really inconvenient.

However.

Cookies can be used in some interesting ways to tell more about you than you might expect...

There's another layer to the whole cookie discussion that we'll investigate in What are tracking cookies and should they concern me?.

Article C3512 - September 25, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Arthur
October 4, 2008 2:32 PM

Your kinds of cookies include:
browser cookies
tracking cookies
second party cookies
third party cookies

Using Windows Explorer, is there any way to distinguish which kind of cookie file I'm looking at? (include looking at cookie Properties)

GLORIA
December 2, 2008 9:43 AM

Thank you very much LEO!. I still have a problem, though... I have enabled all cookies and I keep getting that message that suggests enabling cookies in order to open some files..

frank thomson
April 10, 2011 1:14 PM

hi leo
Thanks for the useful articles concerning cookies, spybot detected tracking cookies and brouser cookies , which where removed from my pc, this in turn led me to look into cookies. and their properties.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.