Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Are Tracking Cookies, and Should They Concern Me?

They don’t worry me, but others feel differently.

Cookies are placed on your machine by websites -- often more websites than you realize. We'll review cookies and how third parties can use them.
The Best of Ask Leo!
A person walking through a dense forest, leaving a trail of cookies behind them.
(Image: DALL-E 3)

In two other articles — What Can a Website I Visit Tell About Me? and What Are Browser Cookies and How Are They Used? — I discussed how websites gather information about the people who visit them.

What I didn’t talk about in much detail is that through clever use of cookies — typically associated with advertising — some services gather and use more information about you.

We need to talk about tracking and third-party cookies.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Tracking cookies

Cookies are pieces of data stored on your computer by websites to remember information between visits. Third-party cookies, often used by advertising services, track your behavior across multiple websites. While this enables targeted advertising, individual users aren’t personally tracked, and data is analyzed only in aggregate.

Cookies 101

First, a quick review: a cookie is just some data placed on your computer when you visit a website. That data is sent back to that website the next time you visit it.

That’s all.

When you visit askleo.com, for example, the website might place a cookie on your machine that says “This person has seen the newsletter pop-up.” A week later, when you visit askleo.com again, that cookie is automatically and transparently sent to the website so it knows you’ve already seen the newsletter pop-up and it won’t annoy you with it again.

That’s all cookies are: a way for websites to remember things between visits. What they remember is completely up to what the website chooses to place in the cookies it leaves on your machine.1 They can contain pretty much anything.2

Next, we need to talk about how most advertising works on a website.

Advertising 101

Most advertising on the internet is performed by services connecting large numbers of advertisers with large numbers of websites signed up to display ads.

So when you visit https://example.com, you might see ads from https://ads.somerandomservice.com. (To be clear, all URLs here are fictitious examples.) Later, when you visit some other site — maybe https://reallybigbookstore.com — you might see ads there from that same advertising service: https://ads.somerandomservice.com. When your browser loads the page from https://example.com, the HTML on that page says, in effect, “Place an image here. Get that image from https://ads.somerandomservice.com/…” at which point your browser dutifully goes out to ads.somerandomservice.com and gets the image, which is an ad.

This is where cookies enter the picture.

Cookies + Advertising = Third-Party

When your browser fetches a URL — be it the page you asked for or an element within that page, like an ad — the website it contacts can place cookies on your machine.

So when you go to https://example.com, then of course example.com can place cookies. However, if that page also references another website (like https://ads.somerandomservice.com/) for an image on that page, then ads.somerandomservice.com can place cookies as well.

These are called third-party cookies.

  • You are the first party.
  • The site you visit is the second party (example.com in our example).
  • The site(s) referenced for additional content by the site you visit are third parties (ads.somerandomservice.com in our example).

So far, so good; you visit a site, it can place cookies, and the sites that provide additional content on that page can also place cookies.

Here’s where it gets interesting.

Let’s walk through a scenario step by step.

  • You visit example.com.
  • Example.com has ads that are loaded from ads.somerandomservice.com.
  • The first time you visit example.com, ads.somerandomservice.com puts a cookie on your machine that says, “This is advertising visitor #12,345,678.”
  • Now you go visit reallybigbookstore.com.
  • Reallybigbookstore.com happens to use the same ad service, ads.somerandomservice.com.
  • Ads.somerandomservice.com already has a cookie on your machine. When the request is made to display an ad, that cookie is sent to ads.somerandomservice.com.
  • Ads.somerandomservice.com sees the cookie it put down earlier that said, “This is advertising visitor #12,345,678.”
  • Ads.somerandomservice.com now knows that you — advertising visitor #12,345,678 — visited both example.com and reallybigbookstore.com.

That is a tracking cookie at work. Third parties use cookies to understand where you go on the net within the sites they service.

It gets bigger

So far, all I’ve talked about is advertising services. In reality, this simple technology can and does span more services.

For example, you may have heard of a company called Google. They have their fingers in many, many pies.

  • Advertising – Adwords for advertisers, Adsense for websites who want to make money from ads
  • Analytics – Google Analytics, a comprehensive analysis tool that allows websites to understand how people use their site
  • Personal productivity – Gmail, Contacts, Calendar, and more
  • Cloud services – Google Drive, photo sharing, YouTube, and more
  • Personal publishing services – Blogger

The list goes on.

The net result is that by interacting directly with a Google service or interacting with a site that uses a Google service3, you are exposed to many opportunities for Google to leave tracking cookies on your machine.

It’s not just Google; they’re just a large, easy-to-understand, somewhat extreme example. The same is true for varying degrees of other advertising networks and behind-the-scenes online service providers.

Blocking third-party cookies

Most browsers block third-party cookies by default. It seems like this would invalidate much of what I’ve listed above. Sadly, that’s often not the case.

When third-party cookie blocking on the rise, advertisers and other services have developed other approaches. Tracking still happens via cookies, so-called ever-cookies, local storage, on-page information, and more. It’s more complex, for sure, but not that difficult.

That’s why you’ll sometimes see ads that “follow” you around the internet even if you have third-party cookies disabled.

Who cares?

My fervent belief is this:

Your actions as an individual are completely uninteresting. No one cares.

No one is tracking you personally. Besides, most of these services collect way too much data to drill down to any one person.

Instead, this type of tracking is examined in aggregate. For example, with this data, the advertiser can determine things like “40% of people who visit example.com also visit reallybigbookstore.com.” None of them say or care that “Leo Notenboom visited both example.com and reallybigbookstore.com.”

At best, they can say, “Anyone who visited example.com and looked at X should then be shown ads for X when they visit reallybigbookstore.com.” Note that it’s “anyone” — generic, anonymous people — and not “Leo Notenboom”.

Advertisers and website owners eat that stuff up. They use it to make decisions that support their profitability.

But, again, I strongly believe that Leo Notenboom just isn’t that interesting as an individual.

And don’t take this personally, but neither are you.

Do this

Don’t sweat cookies or other targeted advertising. I know it can feel creepy, but I strongly believe they’re not looking at you as an individual but rather as anonymous people who behave in specific ways.

Don’t be anonymous to me! Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Footnotes & References

1: Exactly where cookies are stored varies from browser to browser, but CTRL+SHIFT+Del is a common keystroke to bring up the dialog that allows you to clean them.

2: While cookies can contain anything, because of the way they’re used, it doesn’t matter what they contain. They can’t harm your computer.

3: Like Ask Leo!, which uses Google services.

4 comments on “What Are Tracking Cookies, and Should They Concern Me?”

  1. I really am not concerned about being tracked, rather I prefer not to have any distractions taking up my screen space.
    That is why I use Privacy Badger, uBlock Origin and DuckDuckGo Privacy Essentials. Firefox is my default browser and Privacy & Security is set to Standard. When I visit a webpage, what appears on my screen is the main content and little else.
    There are a few websites that I do whitelist to support the owners and I’m willing to put up with the ads. The browser is set to clear the browsing history and cookies when I exit, except for websites that I log into, such as Ask Leo!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.