Helping people with computers... one answer at a time.

Cookies are placed on your machine by websites, but often more websites than you realize. We'll review cookies and how third parties can use them.

Can [a] site collect ... my browsing history?

In two previous questions, What can a website I visit tell about me? and What are browser cookies and how are they used? I discussed some of the information that websites get, and techniques that they can use to collect and remember more.

This particular part of the original question leads to today's article.

To be clear, a site cannot.

However, through clever use of cookies typically associated with advertising, it is possible for some services to track who in their network of advertisers you visit.

And thus we have "tracking" and "third party" cookies to talk about.

First a quick review: a cookie is just some data that is placed on your computer when you visit a web site that is simply sent back to that website the next time you visit it. That's all.

So when you visit ask-leo.com the web site might place a cookie on your machine that says "this person has seen the newsletter pop-up". A week later when you visit ask-leo.com again that cookie is automatically and transparently sent to the web site, so that it knows that you've already seen the newsletter pop-up - presumably so that it won't annoy you with it again.

That's all cookies are - a way for websites to remember stuff between visits.

Next, we need to step away from cookies for a moment and talk about how advertising typically works on the web.

"... your actions as an individual are totally uninteresting - no one is tracking you personally."

Most advertising on the internet is performed by services that collect large numbers of advertisers and match them up with large numbers of web sites that have signed up to display or carry ads. So when you visit http://example.com you might well see ads that have been place there by http://ads.somerandomservice.com. (To be clear, all URLs are fictitious examples.) Later, when you visit some other site, maybe http://reallybigbookstore.com, you might also see ads that have been placed there by http://ads.somerandomservice.com.

And when I say "placed there" I do mean that the page you're loading contains direct references to the ad service provider http://ads.somerandomservice.com. That means that when your browser loads the page from http://example.com, the HTML on that page says, in effect, "place an image here, and get that image from http://ads.somerandomservice.com/..." at which point your browser dutifully goes out to ads.somerandomservice.com and gets the image which happens to be an ad.

This is where cookies enter into the picture.

Whenever your browser fetches a URL - be it the page you asked for, or an element like an image within that page - the web site that it contacts to do so has the opportunity to place cookies on your machine.

So when you go to http://example.com, then of course example.com can place cookies. However, if that page also references another web site like http://ads.somerandomservice.com/ for an image on that page then ads.somerandomservice.com can also place cookies as well.

These are called "third party cookies".

  • You are the first party

  • The site you visit is the second party (example.com in our example)

  • The site(s) referenced for additional content by the site you visit are third parties. (ads.somerandomservice.com in our example)

So far so good; you visit a site, it can place cookies, and the sites that provide additional content on that page can also place cookies.

Here's where it gets interesting.

Let's walk a scenario through step by step:

  • You visit http://example.com

  • example.com has ads that are loaded from ads.somerandomservice.com

  • The first time you visit example.com, ads.somerandomservice.com puts a cookie on your machine that says "this is advertising visitor #12,345,678"

  • You then go off to visit some other site - perhaps http://reallybigbookstore.com.

  • reallybigbookstore.com also displays ads loaded from ads.somerandomservice.com

  • Since ads.somerandomservice.com already has a cookie on your machine, that cookie is sent to ads.somerandomservice.com when the request is made to display an ad.

  • ads.somerandomservice.com sees the cookie it put down earlier that says "this is advertising visitor #12,345,678"

  • ads.somerandomservice.com now knows that you visited both example.com and reallybigbookstore.com

The upshot? ads.somerandomservice.com "knows" what sites you visit, but only for those sites that happen to display ads from ads.somerandomservice.com.

That's what's meant by a "tracking cookie". Third parties can use cookies in this way to understand where you go on the 'net within the sites they service.

Now, naturally, you may feel that this is, or is not, a big deal.

My fervent belief is that your actions as an individual are totally uninteresting - no one is tracking you personally. Besides, most of these services collect way too much data to spend time looking at any one person.

The more interesting uses of this type of tracking are when the data is examined as a group, or in aggregate. For example, with this data the advertiser can determine things like "40% of the people that visit example.com also visit reallybigbookstore.com". Advertisers and web site owners eat that stuff up.

The good news for the paranoid is that most browsers can identify third party cookies and can be configured to reject them. That's fine, and you can do that if you feel so inclined. I'll caution you that there may be web sites whose functionality might actually rely on third party cookies, and you may find yourself needing to add exceptions somehow. Third party cookies can be used for more than just advertising and tracking.

But even if you do block third party cookies, there are some other things to keep an eye out for as well. I'll address a few of those in a subsequent article.

Article C3513 - September 26, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

8 Comments
Barry
February 13, 2009 5:28 PM

Thanks Leo,
I have wondering about these cookies for some time now. Every time i do a virus scan i get a lot of these things. Now i understand what they are and how they work I'm not that concerned.

Thanks once again . I have bookmarked your site for future reference. Keep up the good work.

Pranab kr Mondal
April 25, 2009 8:49 PM

Thanks Leo,
I have no sence about the cookies. I know about the cookies from you.I want to know from you that I work thoes website get paid to read email and paid to click.Thoes websites are true or fals, please said me. Please tell me about the website which name is www.e-mailptr.com.Thanks again.
pranab

harry godfrey
February 21, 2010 5:16 AM

When i do a scan, I get an enormous amount of ADWARE tracking cookies alerts, why is this?

...
June 13, 2010 8:18 PM

well, i'd recommend using adblock for firefox and any versions of IE, if you use IE i greatly recommend using firefox, it protects you and your data so much more, and restores your tabs if you choose to save them, or your computer randomly shuts off. ads can sometimes place trojans in your computer. that's what happened to my friend. also, get adblock, it greatly reduces the number of tracking cookies you get. and if you're worried, scan every week, like make a schedule. that's what i do. :3

Bobby
June 19, 2010 4:30 AM

I am not concern with tracking cookies. I think only paranoid people are concerned by this and go to extraordinary great lengths preventing tracking cookies in which I think it's a waste of time and energy.

That sounds like SUPERAntiSpyware to me for saying Adware cookie. I think they ought to reword that because it makes it look like you got malware when you haven't.

Jaxon
May 16, 2011 5:54 PM

Am i the only one who laughed when a pop up came up when they were reading this?

RP
March 5, 2012 11:56 PM

Hi,

Best way to hide ourselves from such trcking cookie is to use Ghostery add on for firefox.You can see live trcking cookies using Mozilla add on Collusion

Thanks!

Guest
May 13, 2012 11:29 PM

> I'll caution you that there may be web sites whose
> functionality might actually rely on third party cookies

What would be a few examples of that?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.