Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Are Tracking Cookies, and Should They Concern Me?

In two other questions, What can a website I visit tell about me? and What are browser cookies and how are they used? I discussed some of the information that websites get, and techniques that they can use to collect and remember more.

What I didn’t talk about in much detail, is that through clever use of cookies, most typically associated with advertising, it is possible for some services (not sites) to gather a little more information about you. Or a lot.

And thus we have “tracking” and “third party” cookies to talk about.

Become a Patron of Ask Leo! and go ad-free!

Cookies 101

First a quick review: a cookie is just some data that is placed on your computer when you visit a website that is simply sent back to that same website (and only that exact same website) the next time you visit it.

That’s all.

So when you visit askleo.com, the web site might place a cookie on your machine that says “this person has seen the newsletter pop-up”. A week later when you visit askleo.com again that cookie is automatically and transparently sent to the web site, so that it knows that you’ve already seen the newsletter pop-up – presumably so that it won’t annoy you with it again.

That’s all cookies are – a way for websites to remember stuff between visits. What they remember is completely up to the website itself and what it chooses to place in the cookies it might leave on your machine.

Next we need to talk about how most advertising works on a website.

Cookie Watches You!Advertising 101

Most advertising on the internet is performed by services that connect large numbers of advertisers with large numbers of websites that have signed up to display or carry ads.

So when you visit http://example.com you might well see ads that have been placed there by http://ads.somerandomservice.com. (To be clear, all URLs are fictitious examples.) Later, when you visit some other site, maybe http://reallybigbookstore.com, you might also see ads that have also been placed there by that same advertising service – http://ads.somerandomservice.com.

And when I say “placed there” I do mean that the page you’re loading contains direct references to the ad service provider http://ads.somerandomservice.com. That means that when your browser loads the page from http://example.com, the HTML on that page says, in effect, “place an image here, and get that image from http://ads.somerandomservice.com/…” at which point your browser dutifully goes out to ads.somerandomservice.com and gets the image, which happens to be an ad.

This is where cookies enter into the picture.

Cookies + Advertising = Third Party

Whenever your browser fetches a URL – be it the page you asked for, or an element like an image within that page – the web site that it contacts to do so has the opportunity to place cookies on your machine.

So when you go to http://example.com, then of course example.com can place cookies. However, if that page also references another web site like http://ads.somerandomservice.com/ for an image on that page, then ads.somerandomservice.com can also place cookies as well.

These are called “third party cookies”.

  • You are the first party
  • The site you visit is the second party (example.com in our example)
  • The site(s) referenced for additional content by the site you visit are third parties. (ads.somerandomservice.com in our example)

So far so good; you visit a site, it can place cookies, and the sites that provide additional content on that page can also place cookies.

Here’s where it gets interesting.

Let’s walk through a scenario step by step:

  • you visit example.com
  • example.com has ads that are loaded from ads.somerandomservice.com
  • the first time you visit example.com, ads.somerandomservice.com puts a cookie on your machine that says “this is advertising visitor #12,345,678”
  • you then go off to visit some other site – perhaps reallybigbookstore.com
  • reallybigbookstore.com also displays ads loaded from ads.somerandomservice.com
  • Since ads.somerandomservice.com already has a cookie on your machine, that cookie is sent to ads.somerandomservice.com when the request is made to display an ad
  • ads.somerandomservice.com sees the cookie it put down earlier that says “this is advertising visitor #12,345,678”
  • ads.somerandomservice.com now knows that you visited both example.com and reallybigbookstore.com

That is a tracking cookie at work. Third parties like ad services can use cookies in this way to understand where you go on the ‘net within the sites they service.

Ads.somerandomservice.com “knows” what sites you visit, but only those sites that happen to display ads from ads.somerandomservice.com.

It gets bigger

So far all I’ve talked about is advertising services. In reality this simple technology can, and does, span more services.

For example you may have heard of a small company called Google. They have their fingers in many, many different pies:

  • advertising – Adwords for advertisers, Adsense for websites who want to make money from ads
  • analytics – Google Analytics, a comprehensive analysis tool that allows websites to understand how people use their site
  • personal productivity – Gmail, Contacts, Calendar and more
  • cloud services – Google Drive, Picasa photo sharing, YouTube and more
  • personal publishing services – Blogger

The list goes on.

The net result is that either by interacting directly with a Google service, or interacting with a site that uses a Google service1, you’re being exposed to many opportunities for Google to leave tracking cookies on your machine.

And it’s not just Google– they’re just a large, easy-to-understand and somewhat extreme example. The same may be true to varying degrees of other advertising networks and behind-the-scenes online service providers.

Now, naturally, you may feel that this is, or is not, a big deal.

Who cares?

My fervent belief is this:

Your actions as an individual are completely uninteresting.

No one is tracking you personally. Besides, most of these services collect way too much data to spend time looking at any one person.

The more interesting uses of this type of tracking are when the data is examined as a group, or in aggregate. For example, with this data, the advertiser can determine things like “40% of the people that visit example.com also visit reallybigbookstore.com”.

Advertisers and website owners eat that stuff up.

The good news for the paranoid is that most browsers can identify third party cookies and can be configured to reject them. That’s fine, and you can do that if you feel so inclined.

I’ll caution you that there may be web sites whose functionality might actually rely on third party cookies, and you may find yourself needing to add exceptions somehow. Third party cookies are not evil, and can be used for more than just advertising and tracking.

The bad news, of course, is that if you do block third party cookies there are other ways that these services can still collect most of what they’re interested in. The only practical way to avoid this type of data collection is to simply not use the internet at all.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Footnotes & references

1: Like Ask Leo!, which uses both Google Analytics and Google Adsense.

33 comments on “What Are Tracking Cookies, and Should They Concern Me?”

  1. Thanks Leo,
    I have wondering about these cookies for some time now. Every time i do a virus scan i get a lot of these things. Now i understand what they are and how they work I’m not that concerned.

    Thanks once again . I have bookmarked your site for future reference. Keep up the good work.

    Reply
  2. Thanks Leo,
    I have no sence about the cookies. I know about the cookies from you.I want to know from you that I work thoes website get paid to read email and paid to click.Thoes websites are true or fals, please said me. Please tell me about the website which name is http://www.e-mailptr.com.Thanks again.
    pranab

    Reply
    • Many scans are grosly oversensitive or overbroad in the definition of “adware”.
      Tracking cookies are just small bits of text data stored on your computer. There is absolutely NO executable code here, so they can’t be considered as software at all.
      Adwares are applications designed to push invasive ads on you.

      Reply
  3. well, i’d recommend using adblock for firefox and any versions of IE, if you use IE i greatly recommend using firefox, it protects you and your data so much more, and restores your tabs if you choose to save them, or your computer randomly shuts off. ads can sometimes place trojans in your computer. that’s what happened to my friend. also, get adblock, it greatly reduces the number of tracking cookies you get. and if you’re worried, scan every week, like make a schedule. that’s what i do. :3

    Reply
  4. I am not concern with tracking cookies. I think only paranoid people are concerned by this and go to extraordinary great lengths preventing tracking cookies in which I think it’s a waste of time and energy.

    That sounds like SUPERAntiSpyware to me for saying Adware cookie. I think they ought to reword that because it makes it look like you got malware when you haven’t.

    Reply
  5. Hi,

    Best way to hide ourselves from such trcking cookie is to use Ghostery add on for firefox.You can see live trcking cookies using Mozilla add on Collusion

    Thanks!

    Reply
  6. > I’ll caution you that there may be web sites whose
    > functionality might actually rely on third party cookies

    What would be a few examples of that?

    Reply
    • Several web mail services use third party cookies.
      Many other sites that demand you to login also use an intermediate site to that purpose. This process demand the use of third party cookies.
      Google translate can’t work without those as the text to translate appears to be transmited as a cookie.
      If I disable third parti cookies, I just can’t access my Yahoo! mail, GMail and several other accounts.

      Reply
    • Some sites might use a third-party service to perform credit card transactions. Most websites can’t do that themselves, so they use a third party site which may need to leave a cookie, which by definition is a third-party cookie. Other examples might include a site using a third-party website to verify logins etc.

      Reply
  7. so, its a good idea to go to internet options and click delete then do a disk clean every time we log off. right? i`ve always wondered why a sites like askleo.com always asks me to sign up for the news letter every time i use it. i always clear my cashe and cookies.

    Reply
    • It’s not really a good idea to always delete all cookies. They are really very benign. Unless you are a person who has some compelling reason not to be hacked (criminals and terrorists are the first thing that come to my mind.)

      Cookies are there to make your internet experience seamless and more useful to you. It would be nice if Askleo.com knew a tiny bit about you each time you came – because that is like having the waitress in your favorite restaurant recognize you and give you your favorite table when you come in. It’s pretty easy to tell if a website is a good guy or a bad guy. Just like with askleo.com you come to the site because you like the content. If you have the same feelings about Amazon, or Ebay or any other site that you like, then that site can go on your good-guy list.

      Reply
  8. Great article. I always assumed the terms “cookies” and “third-party cookies” were interchangeable. Well, I get it now – thanks. But Leo, you left me hanging… What are the other ways those services can collect what they’re interested in?

    Reply
    • Here are two articles you will enjoy that will help you understand that:
      ask-leo.com/just_how_do_websites_track_or_monitor_our_activity.html
      ask-leo.com/what_can_a_website_i_visit_tell_about_me.html

      Reply
  9. I ran CCleaner (free version) a couple of days ago and had ‘Cookies’ checked. Since then I sense that moving around the internet is a little slower. Sites seem to take a little longer to load. Could that be because cookies are reloading or something like that?

    Reply
    • You computer will also actually cache pages of sites you frequent regularly online. Clearing out your cookies, history and cache make it so that everything has to be done completely from scratch. Yes, it will be slower. For the most part these things are downloaded to your computer to make browsing the internet easier for you.

      Reply
    • The thing I like about CCleaner (and I assume other similar programs have features like this) is that it can show you a list of web sites that have saved cookies on your computer and let you select a list to save (i.e., to not delete the cookies) when you clean your computer. It’s usually a long list, but I scan through and select the sites I recognize that I intentionally visited, and typically leave any site with “ad” or “analytics” – sorry Google, and Leo – in it in the delete list (makes me feel better, even though it may or may not reduce the info they have on me). Then the next time I run CCleaner (which isn’t terribly often – maybe monthly), it remembers the sites I saved last time and displays another list where cookies were added and I can select more sites I recognize and add them to the list of ones to save.

      Reply
  10. You know what would really be fun? If someone would code a browser add-on that wouldn’t delete tracking cookies but would ‘corrupt’ or ‘pervert’ the data therein. Maybe something simple like adding (or subtracting) a random number to that visitor number so folks being tracked get someone else’s tailored ads served up to them. It should make for amusing reading if nothing else. (I have no idea if it would result in any impact on the number of ‘hits’ the ads get. That would be an interesting sociological experiment.)

    Reply
  11. Here Leo’s response to the supercookie issue. To avoid identification and future tracking.
    “And the only guaranteed way to do that is to start with a completely fresh computer each time that you browse.”
    This is a pretty extreme example, but if anyone values their privacy that much they could run their computer from any number of Linux live CD’s which run off the RAM which is erased when your computer shuts down. It is a pain booting from a live CD whenever you want to go on line though. I personally don’t worry about cookies much but I do get annoyed by being bombasted with the same ads over and over. I find the new version of firefox much more obnoxious with ads than it used to be, to the point I will probably go back to Chrome, which isn’t perfect either.

    Reply
  12. thanks you explaining once again the tale of the tracking cookie but i do have one question that you did not address lol after a day on the internet and i must add i only go to a few sites but i do have two different email addresses i attend to anyway i find at least 200-300 cookies on my computer sometimes as many as 500 plus please tell me that 300 or so cookies wont affect the performance of my computer and i will stop deleting them every day i know the delete is futile but it gives my satisfaction to get rid of them by the way i use super anti spyware as well as maleware bites and i have norton for my anti virus and firewall and all the others except for super anti spyware either dont see or ignore the cookies my question already lol does lets say on an average day 300 tracking cookies affect my computer or maybe i should just stop using super etc etc and not know whats on the computer thanks for your answer

    Reply
    • Cookies don’t affect performance in any noticeable way. They are just small data files which are only accessed by the website which place them there. The reason you have so many is because the advertisers on those sites also place cookies to identify your computer to any other website which uses that advertising service. Deleting cookies regularly would actually slow you down as you would have to log in to every website which you would normally be automatically logged into. Programs like those you mentioned scan for tracking cookies. There’s generally no harm in removing those, but on the other hand there’s really no harm in leaving them alone. I wouldn’t necessarily recommend stopping those antispyware scans as they scan for other problems other than cookies.

      Reply
  13. Hi,
    Just wondering if a cookie is capable of stealing information inputted on other sites? I’ve seen a lot of conflicting answers online. For example, if I inadvertently visit a site such as a potentially fraudulent pop-up ad and it stores cookies on my browser and I then visit my email account and input my password can the stored cookies from the ad site collect this information? If I were to revisit the ad site again would the information be transferred? Thanks.

    Reply
    • No. A site can only see the contents of the cookies they, themselves place on your computer. What makes it appear more sinister is the fact that many websites use ad services which place cookies and then another website which uses the same third party ad service shows ads influenced by those tracking cookies. The article you are commenting on explains all of this.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.