What can a website I visit tell about me?

Home » Web

Summary: Websites can collect a fair amount of information about you. In this first step we look at what every website sees no mater what it does.

When I visit a web site that collects visitor statistics - I understand they can see my IP which will tell them I am a Verizon customer with a Mac/Intel operating system, the area where I may live, what browser I use, if I'm new to the site, and click information on the site- but can the site collect the following information:

- My computer name (the name I assigned to my computer)?

- Profile information???

- My browsing history (any/all sites I've visited and when) or can they just tell the number of items in my history?

- Email addresses associated with my computer?

I've reviewed similar questions but I'm not sure I truly understand what information a web-server can collect from my connection/browser.

This turns into a fairly complex answer pretty quickly. It's both more, and a lot less, than you might think.

This article will start by covering what every website sees.

•

I'll use a simple web site, like this one as an example. Here's an actual log entry that shows what's provided when someone visits the URL http://ask-leo.com/who_is_leo.html:

64.105.215.206 - - [22/Sep/2008:15:36:26 -0500] "GET /who_is_leo.html HTTP/1.1" 200 12120 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1"

There are several interesting bits of information there:

64.105.215.206: the IP address of a visitor.
[22/Sep/2008:15:36:26 -0500]: the date, time and time zone offset that the visitor came by.
GET /who_is_leo.html HTTP/1.1: the operation (GET), the page requested, and the protocol version to be used.
200: the return code. In this case 200 means success.
12120: the size of the response - in this case the size of the file "who_is_leo.html" without any of the embedded images which are retrieved with separate requests.
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1": this fairly long and obscure string known as the "User Agent" string identifies the browser used (FireFox 3), my operating system (Windows XP), and occasionally some other things that the browser chooses to put in there.

"What a website cannot do is use this information alone to identify you by name, phone or address."

As you can see it's both a lot, and not really so much.

Your IP address doesn't really say much. I've written about this repeatedly, but unless you're the police with a court order, the best a web site owner can tell is your ISP, and roughly where on the planet you are - sometimes as accurate as your neighborhood, and sometimes only as close as your continent.

What a website cannot do is use this information alone to identify you by name, phone or address.

And it certainly cannot tell things like your computer name, profile, history or email addresses.

However.

There are two interesting exceptions to that.

Sites can typically remember what you've told them. So, for example, if you tell a site your username is "Fred", say by logging in, then that site can, indeed, remember that if it chooses to do so. This is typically by using cookies.

Tracking. Tracking's a loaded term, but the fact is that there's a lot of it going on, often in places and ways you don't necessarily consider: more cookies, toolbars and now even ISPs are getting into the act.

So far we've seen the bare minimum that every website gets whether or not they ask for it.

I start to look more deeply into cookies and tracking in What are browser cookies and how are they used?

Related:

What are browser cookies and how are they used? Browser cookies are a way that web sites can leave information on your computer that they can use when you return to their site. Simple and powerful.
When I visit a web site, can the server identify me? A server can easily identify any users that visit their web sites. However, there are services that will allow you to surf anonymously.
What can people tell from my IP address? People can tell very little from your IP address. They cannot, for example, tell who or where you are. How much they can tell varies a great deal.

Article 12707 | Posted September 22, 2008

•

Recent Comments

9 Comments

Here's a great website that will tell you basically everything that any website can find out about you from your web browser:

http://gemal.dk/browserspy/

Posted by: John at September 22, 2008 3:59 PM

being Canadian we are not allowed to see videos on the major tv networks web pages and i guess they know who we are by our ip address. if you miss an episode and want to watch it later you can't unless you hide your ip address.not too fair

Posted by: David McCabe at September 23, 2008 9:31 AM

Great info, thanks!

Posted by: Sergio at September 23, 2008 10:31 AM

Good info. Thx.
Can a website tell where I have come (what website I was at previously) and what website I go to next?
For example, if I am at store alpha and go to store beta, can alpha see that I left them to go to beta, and can beta see that I came from alpha? Thx.

If site A links to site B and you click on that link, then site B will get information that says you came from site A. But without that cooperation, there's no way for an arbitrary site to know where you came from or where you are going.

Cookies, on the other hand, are another matter and open a series of related issues. I'll be discussing that in future articles.

- Leo
23-Sep-2008

Posted by: Bruce at September 23, 2008 1:05 PM

Leo,

Every time I log off of my computer and just prior to turning it off and unplugging it, I do the following:
1. I go to start, settings, control panel (I actually have an icon for the control panel on my desktop), Internet Options, settings, view files. This shows everything I downloaded from the Internet; hopefully that was all I downloaded.
2. I then do a CNTL + A. This keyboard shortcut highlights everything.
3. I then press the DEL key.
4. It asks me if I really want to do this. And I say yes.
5. All cookies and everything else are deleted.
6. I then repair Internet Explorer.
7. “No”, I don’t want to reboot.
8. I then press the Windows key, the up arrow, press Enter and then shut the PC down.

Of course I have to always log onto all the websites I go to, but at least nobody, theoretically, knows my Internet habits.

Posted by: Richard Broberg at September 23, 2008 5:56 PM

If you'd like to "hide" your IP address, you can go to http://www.guardster.com and use their service.

Posted by: Andrea Schumann at September 25, 2008 6:33 AM

Leo, are you using pop-up ads on you web pages?
On opening this article a blue pop-up ad appeared on the page, asking if I wanted to sign-up for Ask-Leo newsletter. Was this generated by your site, or is it generated by some kind of malware that I am infected with?

That's me. Malware wouldn't be about something as benign as a newsletter, or as on-topic as something relating to the site you're on.

- Leo
29-Sep-2008

Posted by: Kenneth Crook at September 28, 2008 9:57 PM

In a previous newsletter, you challenged your readers to google themselves and see what they find. Well, I did, and I was shocked! There was even a reference to a response I made to one of your newsletters! The problem is I have an unusual name, and when I want to post a comment on your website, it asks for my name (required). I take it I can't use a fake name, so what should I do?

It depends on what you want to accomplish.

I too have a unique name - unique enough that all the results of searching on it are related to me somehow. Things like commenting on websites like this one don't bother me, and I use my real name. Doesn't matter to me if that shows up in a search result.

If it's some place I do care, I do use a fake name. Even here, while it asks for your name you can still make one up if you want. Just means that if I contact you I'll call you by that fake name.

So in general, use a fake name, or no name at all, when you think it might matter. The most important point of all is to be aware that what's posted online stays online for a long, long time.

- Leo
05-Oct-2008

Posted by: Rondi Phillips at October 4, 2008 7:34 PM

If you've nothing to hide, don;t worry!

Posted by: Bill Chubb at October 7, 2008 9:58 AM

Post a comment on "What can a website I visit tell about me?":

Name: (Required)

Email Address: (Required)

(Email Address will not be published.)

Remember Me? YesNo

By popular demand...
my tip jar

Buy Leo a Latte!

Comments: (you may use HTML tags for style)

New!

Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

I can't respond to every comment. And I can't vouch for the accuracy of others who do.
Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...