- My computer name (the name I assigned to my computer)?
- Profile information???
- My browsing history (any/all sites I’ve visited and when) or can they just tell the number of items in my history?
- Email addresses associated with my computer?
I’ve reviewed similar questions but I’m not sure I truly understand what information a web server can collect from my connection/browser.
This turns into a fairly complex answer pretty quickly. It’s both more and less than you might think.
I’ll start by covering what every website sees.
Become a Patron of Ask Leo! and go ad-free!
Page visits
Almost every web server on the planet keeps a record of the pages that have been requested of it. Each time a webpage is requested, the server adds a line of information to that log.
Here’s an example log entry from my own server of someone accessing https://askleo.com/someones-sending-email-address-stop/ (my article “Someone’s Sending from My Email Address! How Do I Stop Them?!“).
109.152.159.2 – – [24/Jul/2018:09:26:44 -0700] “GET /someones-sending-email-address-stop/ HTTP/1.1” 200 47906 “https://www.google.com/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/601.7.8 (KHTML, like Gecko) Version/9.1.3 Safari/537.86.7”
There are several interesting bits of information there:
- 109.152.159.2: the IP address of the internet connection of the computer requesting the page.
- [24/Jul/2018:09:26:44 -0700]: the date, time, and time zone offset that the page was requested.
- GET /someones-sending-email-address-stop/ HTTP/1.1: the operation (GET), the page requested, and the HTTP protocol version to be used.
- 200: the return code. In this case, 200 means success.
- 47906: the size of the response in bytes. In this case, this would be the size of only “/someones-sending-email-address-stop/”, without any additional files (like images or support files) it might reference.
- https://www.google.com/: the site that had the link to https://askleo.com/someones-sending-email-address-stop/ that this person clicked. This person arrived at Ask Leo! after performing a Google search and clicking on a link in the results.
- “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/601.7.8 (KHTML, like Gecko) Version/9.1.3 Safari/537.86.7”: this fairly long and obscure string, known as the “User Agent” string, identifies the browser used (Safari), the operating system (Mac OS X), and occasionally some other things the browser chooses to put in there.
As you can see, it’s both a lot, and not so much.
Your IP address doesn’t convey as much as most folks think. I’ve written about this repeatedly, but unless you’re a law enforcement agency with a court order, the best a website owner can tell is your ISP and roughly where on the planet you are — sometimes as accurate as your neighborhood, and sometimes only as close as your continent. In our example, the IP address is owned by British Telecom, and is somewhere in the UK, possibly York, as determined by a quick “whois” lookup on the IP address.
But that’s about it. Note the things you’re worried about that aren’t on the list: your computer name, your profile, your history, and your email address are not made available to a web server by a simple website visit.
However…
Websites remember what you tell them
Sites that allow you to sign in know who you are because you told them.
They generally log this information as well, either in the server logs I described above or in other logs maintained by whatever software on the server is processing the login. If the website profile associated with that login includes things like your email address, then the server knows that too.
Because you told it.
That’s something most people fail to remember: the vast majority of data collection and tracking exists because you explicitly provided it somehow.
Websites remember what their associated sites remember
In that same vein, whether it’s information you provided or was collected from simple visitor logs, websites that are associated with one another can certainly share data. There are several different examples.
- Sites from the same provider naturally share data. Gmail, Google Search, YouTube, and other Google properties all likely realize that you are you by virtue of your having logged in to check email.
- Sites from related properties may do the same. We don’t think of sites like Instagram and Facebook as being related, but they are (Facebook owns Instagram). I don’t know that they share data, but they certainly could. There are many such relationships out there.
- Unrelated sites could enter into agreements to share data. In theory, this would be disclosed on a privacy page, but is typically limited to wording about sharing information with “third parties”.
- Advertising.
Advertising is a special case.
Advertisers remember you, sort of
We’re all aware of ads that seem to follow you around from site to site. The sites that have those ads don’t need to know who you are at all; they just need to use the same or related advertising services.
All the advertising service needs to know is that “this computer looked at external hard drives” in order to then show you ads for external hard drives as you surf other sites. No personal information whatsoever was necessary to make that happen. It feels like you’re being tracked, but you’re not.
Of course, it could be more than that. The web servers of the advertisers have that same log information we started with, except they also know on what sites their ads were placed. So in a sense, they can see what sites you’re visiting.
And, of course, if you’re logged in to one of those sites, or a related site, or a site related to the advertising service, they might know who you are — because you told them.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Here’s a great website that will tell you basically everything that any website can find out about you from your web browser:
http://gemal.dk/browserspy/
being Canadian we are not allowed to see videos on the major tv networks web pages and i guess they know who we are by our ip address. if you miss an episode and want to watch it later you can’t unless you hide your ip address.not too fair
Good info. Thx.
Can a website tell where I have come (what website I was at previously) and what website I go to next?
For example, if I am at store alpha and go to store beta, can alpha see that I left them to go to beta, and can beta see that I came from alpha? Thx.
Cookies, on the other hand, are another matter and open a series of related issues. I’ll be discussing that in future articles.
23-Sep-2008
If you’d like to “hide” your IP address, you can go to http://www.guardster.com and use their service.
Leo, are you using pop-up ads on you web pages?
On opening this article a blue pop-up ad appeared on the page, asking if I wanted to sign-up for Ask-Leo newsletter. Was this generated by your site, or is it generated by some kind of malware that I am infected with?
29-Sep-2008
In a previous newsletter, you challenged your readers to google themselves and see what they find. Well, I did, and I was shocked! There was even a reference to a response I made to one of your newsletters! The problem is I have an unusual name, and when I want to post a comment on your website, it asks for my name (required). I take it I can’t use a fake name, so what should I do?
I too have a unique name – unique enough that all the results of searching on it are related to me somehow. Things like commenting on websites like this one don’t bother me, and I use my real name. Doesn’t matter to me if that shows up in a search result.
If it’s some place I do care, I do use a fake name. Even here, while it asks for your name you can still make one up if you want. Just means that if I contact you I’ll call you by that fake name.
So in general, use a fake name, or no name at all, when you think it might matter. The most important point of all is to be aware that what’s posted online stays online for a long, long time.
05-Oct-2008
I never thought my name was common but I do not come up in the first pages of the search. However, the image search came up with a photo of me driving in an autocross competition in 1989, my father’s college yearbook (same first name) when he was graduating (small college), and my grandparent’s grave marker (grandfather’s middle name was William)
If you’ve nothing to hide, don;t worry!
That’s the problem. We have! Lmao
August 19, 2018 at 4:42 am
On the pop-up ad why don’t you include a button for “I already receive it thanks”?
If you are referring to Leo’s pop-up ad for the newsletter, closing the ad by clicking on the X in the upper left will keep it from popping up again for a month, unless you clear your cookies. Clearing the Ask Leo! cookie will cause the pop-up to appear the next time you visit askleo.com.
I do. It’s the close button in the upper left of the pop-up. :-)
Hi can I please ask what happens if you don’t visit a website but don’t have any firewalls or security protection if you have javascript disabled can the website owner see more information
If you don’t visit the website, they can tell nothing.
Oh I’m sorry accidently auto correct I mean it you do sorry
Even with Javascript disabled the website owner can still see a lot. Much of it is discussed in the article above.
What about vpns can they change our ip somehow they dont even understand what country are we in?
Yes.
Hi Leo,
This may seem ridiculous, but I’ve been having a doubt. If I go on a website, say a video and audio converter website even if it’s trusted, and choose to upload a file, it would open up my File Explorer of course. But is it possible that through the file explorer, a website can alter or decrease the quality of any file available on the PC just through that window?
Thanks
No.
No.
Thanks for your responses. And like I said, I know it sounds ridiculous, trying not to worry about dumb things. You can delete my comment if you’d like.
Can you explain how to gather informtion of website vistor’s information like that ?
It’s all information gathered from the server logs and the site’s interaction with the users. The specifics are WAY beyond the scope of what I can provide here, and vary from site to site, host to host.
Hi Leo. Can the website owner see my name? Will they know it’s me personally that visited if I don’t click anything and the visit is less than a minute?
Read the article you are commenting on. It answers your question.
It depends on many things, covered in the article you just commented on.