Touring around the pages of the web isn’t always the one-way street you might think it is: most sites are eager to leave a calling card or two on your local machine in the form of cookies. Here we’ll lay out what’s being saved in your browser, why it makes a difference, and what you can do about it.
The basic job of cookies is to help a website recognize you if you come back, but what that actually means in practice varies—it might be your location (for an instant weather report), it might be your layout preferences (for a news site), or it might just be a marker that you were here three weeks ago (so the welcome message changes accordingly).
And you might be fine with that, if it means you don’t have to set your current geographical region for the umpteenth time. The trouble is, it’s not particularly easy to tell what cookies sites are leaving on your machine, and the data they store. Though Google Chrome will now show you a list, if you click on the icon to the left of the current URL.
Third-party cookies, so-called because they don’t originate from the actual site you’re on, complicate the picture further—they’re typically pushed to sites and to your computer via ads embedded in pages, and can build up a pretty comprehensive picture of your browsing habits to target adverts at you. They take the cookie concept and apply it across multiple sites and social networks, often without any explicit permission from the user or the sites in question.
Ordinarily, websites can’t read cookies other than the ones they’ve left themselves for fairly obvious security reasons, but some third-party cookies can assimilate tracking info across multiple sites, because they’re being injected into ads on multiple sites. Add in some simple detective work from the social sites you visit, and suddenly you have a marketing firm you’ve never heard of with a very good idea about who you are.
There’s also the supremely invasive supercookies. Verizon is one of the companies pushing for this kind of tracking. These cookies are inserted at the ISP level, so they don’t sit on your machine, but do identify you to sites you visit. Because they’re at the ISP and not the PC level they’re impossible to eradicate with a quick clearing of your history. After a probe from the FCC last year, Verizon’s supercookies are now opt-in and easier to manage by users.
Besides cookies, websites will also cache a small amount of data on your local drive, but this is more to do with the behavior of your browser than the site - images, for example, might get temporarily stored so they don’t have to be repeatedly reloaded. If you visit the same site more than once in a short period of time, only the new content gets loaded.
This is all usually much more convenient for users, but with the right tools, it can give anyone else who uses your computer or who controls your network an insight into your browsing habits that you’d rather they didn’t have. If you want to clean up after yourself, or deal with cookies sitting on your system, there are ways of taking back control.
Your browser gives you the power to block and erase cookies, should you want to. In Chrome, open Settings then click Show advanced settings and Content settings; in Firefox, open the main menu and click Options then Privacy. As for the latest version of Microsoft Edge, click Settings then Advanced settings from the app menu, and in Safari on macOS open up the Safari menu and choose Preferences then Privacy.
In all these cases you’ll see options to block third-party cookies specifically—cookies that aren’t being left by the site you’re on but by another agency in the background. In Safari, for example, the option you want is “Allow from websites I visit” to prevent any other cookies being stored.
Blocking third-party cookies is a handy default setting that—most of the time—won’t interfere with useful cookies (like site preferences) but will make it harder for companies to track you across multiple sites.
For a little extra help with your cookie management, Privacy Badger (for Chrome and Firefox) is one of the best options out there, as it attempts to intelligently block tracking cookies without fundamentally breaking the sites your visiting, which isn’t always easy. It’s particularly good at dealing with shady third-party cookies while leaving the essential first-party ones free to do their job.
Third-party cookie blocking is also supported in extensions like Adblock Plus, but remember to allow non-intrusive adverts on sites you enjoy reading and want to support—in some cases you can even allow ads to display while disabling third-party cookies, but it depends on the site.
Another option is to make use of your browser’s incognito or private mode. You start each private session with a clean, cookie-free slate, and although cookies and other files are collected while you browse, all this data is trashed as soon as the incognito mode ends. Just be sure you know what these private mode protect you against and what they don’t.
Incognito mode also empties the temporary file cache for you when you quit. To do this manually, in case you’ve browsed somewhere in regular mode you should have saved for incognito mode, head to your browser’s settings screen: choose Show advanced settings then Clear browsing data in Chrome, Advanced then Network in Firefox, Choose what to clear under Clear browsing data in Microsoft Edge, and finally Advanced, Show Develop menu and then Develop and Empty Caches in Safari for macOS.
Though they have many other benefits for security and privacy, neither HTTPS or VPN services on their own will stop cookies from appearing and tracking you. Where a VPN can help is in confusing the supercookies we mentioned earlier, should you be concerned about your broadband provider collecting more data than it should.
Cookie use and web technologies in general are evolving all the time, but you should now at least have a basic grasp of what’s being left on your computer and what you can do to stop it. If you’re going to take online privacy and security seriously though, you need to keep up-to-date with all of the ways your data is being collected and used.