Summary: Websites can collect a fair amount of information about you. In this first step we look at what every website sees no mater what it does.
When I visit a web site that collects visitor statistics - I understand they can see my IP which will tell them I am a Verizon customer with a Mac/Intel operating system, the area where I may live, what browser I use, if I'm new to the site, and click information on the site- but can the site collect the following information:
- My computer name (the name I assigned to my computer)?
- Profile information???
- My browsing history (any/all sites I've visited and when) or can they just tell the number of items in my history?
- Email addresses associated with my computer?
I've reviewed similar questions but I'm not sure I truly understand what information a web-server can collect from my connection/browser.
•
This turns into a fairly complex answer pretty quickly. It's both more, and a lot less, than you might think.
This article will start by covering what every website sees.
•
I'll use a simple web site, like this one as an example. Here's an actual log entry that shows what's provided when someone visits the URL http://ask-leo.com/who_is_leo.html:
There are several interesting bits of information there:
-
64.105.215.206: the IP address of a visitor.
-
[22/Sep/2008:15:36:26 -0500]: the date, time and time zone offset that the visitor came by.
-
GET /who_is_leo.html HTTP/1.1: the operation (GET), the page requested, and the protocol version to be used.
-
200: the return code. In this case 200 means success.
-
12120: the size of the response - in this case the size of the file "who_is_leo.html" without any of the embedded images which are retrieved with separate requests.
-
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1": this fairly long and obscure string known as the "User Agent" string identifies the browser used (FireFox 3), my operating system (Windows XP), and occasionally some other things that the browser chooses to put in there.
As you can see it's both a lot, and not really so much.
Your IP address doesn't really say much. I've written about this repeatedly, but unless you're the police with a court order, the best a web site owner can tell is your ISP, and roughly where on the planet you are - sometimes as accurate as your neighborhood, and sometimes only as close as your continent.
What a website cannot do is use this information alone to identify you by name, phone or address.
And it certainly cannot tell things like your computer name, profile, history or email addresses.
However.
There are two interesting exceptions to that.
Sites can typically remember what you've told them. So, for example, if you tell a site your username is "Fred", say by logging in, then that site can, indeed, remember that if it chooses to do so. This is typically by using cookies.
Tracking. Tracking's a loaded term, but the fact is that there's a lot of it going on, often in places and ways you don't necessarily consider: more cookies, toolbars and now even ISPs are getting into the act.
So far we've seen the bare minimum that every website gets whether or not they ask for it.
I start to look more deeply into cookies and tracking in What are browser cookies and how are they used?
Related:
What are browser cookies and how are they used? Browser cookies are a way that web sites can leave information on your computer that they can use when you return to their site. Simple and powerful.
When I visit a web site, can the server identify me? A server can easily identify any users that visit their web sites. However, there are services that will allow you to surf anonymously.
-
What can people tell from my IP address? People can tell very little from your IP address. They cannot, for example, tell who or where you are. How much they can tell varies a great deal.
Article C3509 - September 22, 2008
Here's a great website that will tell you basically everything that any website can find out about you from your web browser:
http://gemal.dk/browserspy/
Posted by: John at September 22, 2008 3:59 PMbeing Canadian we are not allowed to see videos on the major tv networks web pages and i guess they know who we are by our ip address. if you miss an episode and want to watch it later you can't unless you hide your ip address.not too fair
Posted by: David McCabe at September 23, 2008 9:31 AMGreat info, thanks!
Posted by: Sergio at September 23, 2008 10:31 AMGood info. Thx.
Can a website tell where I have come (what website I was at previously) and what website I go to next?
For example, if I am at store alpha and go to store beta, can alpha see that I left them to go to beta, and can beta see that I came from alpha? Thx.
Cookies, on the other hand, are another matter and open a series of related issues. I'll be discussing that in future articles.
23-Sep-2008
Leo,
Every time I log off of my computer and just prior to turning it off and unplugging it, I do the following:
1. I go to start, settings, control panel (I actually have an icon for the control panel on my desktop), Internet Options, settings, view files. This shows everything I downloaded from the Internet; hopefully that was all I downloaded.
2. I then do a CNTL + A. This keyboard shortcut highlights everything.
3. I then press the DEL key.
4. It asks me if I really want to do this. And I say yes.
5. All cookies and everything else are deleted.
6. I then repair Internet Explorer.
7. “No”, I don’t want to reboot.
8. I then press the Windows key, the up arrow, press Enter and then shut the PC down.
Of course I have to always log onto all the websites I go to, but at least nobody, theoretically, knows my Internet habits.
Posted by: Richard Broberg at September 23, 2008 5:56 PMIf you'd like to "hide" your IP address, you can go to http://www.guardster.com and use their service.
Posted by: Andrea Schumann at September 25, 2008 6:33 AMLeo, are you using pop-up ads on you web pages?
On opening this article a blue pop-up ad appeared on the page, asking if I wanted to sign-up for Ask-Leo newsletter. Was this generated by your site, or is it generated by some kind of malware that I am infected with?
29-Sep-2008
In a previous newsletter, you challenged your readers to google themselves and see what they find. Well, I did, and I was shocked! There was even a reference to a response I made to one of your newsletters! The problem is I have an unusual name, and when I want to post a comment on your website, it asks for my name (required). I take it I can't use a fake name, so what should I do?
I too have a unique name - unique enough that all the results of searching on it are related to me somehow. Things like commenting on websites like this one don't bother me, and I use my real name. Doesn't matter to me if that shows up in a search result.
If it's some place I do care, I do use a fake name. Even here, while it asks for your name you can still make one up if you want. Just means that if I contact you I'll call you by that fake name.
So in general, use a fake name, or no name at all, when you think it might matter. The most important point of all is to be aware that what's posted online stays online for a long, long time.
05-Oct-2008
If you've nothing to hide, don;t worry!
Posted by: Bill Chubb at October 7, 2008 9:58 AM