AdamTheTech Logo
AdamTheTech
Enthusiast of Technology, Web Development, and Sci-Fi

Microsoft’s Free Virtual Machine Images

Deus Ex: Human Revolution Review

Embed dll Files Within an exe (C# WinForms)

What’s in a Google Cookie? Can They Track Me Online?

Please be aware that this entry is over two years old. Therefore, it may contain broken links, outdated information, or views and content which are no longer completely valid.

During the mid to late ‘90s, I remember the common treatment towards browser cookies at the time was to set your browser to not accept any cookies at all.  “They are evil”, “They contain private/personal information”, “They will damage your computer” were some of the more common statements at the time.  For the most part, cookies are small text files that are stored on a user’s hard disk by a web site’s server, allowing the web site to later retrieve it if needed.

Cookies store web site preferences, login information/status, and other temporary information.  On their own, they can’t really do anything.  Most of the time, you can get by without them, but as a result, you will lose the benefits of saved preferences.  Websites simply store data pertinent to their specific website inside the cookies, then may request to read it back at a later date when you revisit the page.  HowStuffWorks.com offers a more in-depth explanation of how cookies work in general.

Yes, cookies can contain information that can give clues to what sites you visit, what searches you perform, and what kinds of items you may place in your amazon or newegg shopping cart or wish list.  But for the most part, if you delete those cookies, the record of your surfing preferences vanishes from the workstation.

Cookies can keep track of how many times a specific workstation accesses a website (the cookie may contain a unique ID number).  Once you visit a website, it checks to see if it has previously stored a cookie on your computer with a unique ID in it (and checks to see what saved preferences you had so they can be loaded).  If it sees the cookie, the web server logs you as a repeat visitor.  If not, the website creates a new cookie for you with a new ID number and logs you as a new unique visitor.

Since cookies are meant to be convenient places to store data related to the websites you visit for a temporary amount of time. There are, however, a few situations where your surfing habits and search terms do not vanish into obscurity.  Here’s how to keep your searches and surfing habits fairly anonymous:

Do not login to a search engine site and perform a search.  If you have a username associated with any search sites (yahoo, google, etc), don’t log in to perform your search.  They can (and probably will) associate your searches with your username.

Do not search using your ISP’s search engine. They can track your movements far better because you are signed onto their network with a username in the ISP’s database.  This means AOL, Verizon, NetZero, etc.

Do not enter personal information in a search box. Your name, address, phone number, social security number, bank account number, credit card number, etc.  That just is not a smart thing to do.  This is how people were tracked down in the recent AOL search data release (however, I’m not saying that any other search engines release their data haphazardly).  Either way, this should be common sense.  What you’re effectively doing is passing a post-it note to a stranger with your information on it.

Block/Filter Cookies. You can block cookies from websites, and you can filter them to accept/block them from specific websites.  In Opera, you can filter cookies or anything else by going to “Tools” > “Preferences” > “Advanced” tab > “Content”.  In Firefox, there is an extension called CookieSafe that you can use, plus another extension called CustomizeGoogle, which does much more than just handle Google’s cookies.

If you’re paranoid about cookies, what you can do is try to block everything first, then accept cookies from specific sites that you trust and need cookies to operate correctly (ie, newegg’s wish list).

Remove backtracking & link redirects. Google uses redirect links within their search results.  I’m sure if you use RSS feeds, you may see something similar with feedburner, or some other RSS service.  That is how they go about tracking the number of hits and collecting various browser data.  Here’s a good explanation and way of preventing google backtracking.

Clear your browser cache, history, cookies, and form fields. Opera and Firefox have the option to dump everything on demand or on exit.  With IE, it has to be done manually in separate places

IE6
Go to “Tools” > “Internet Options”.  On the “General” tab, click “Delete Cookies”, “Clear History”, and “Delete Files”.  These may take a bit of time to finish.  Next, go to the “Content” tab, click the “AutoComplete” button, and click “Clear Forms” and “Clear Passwords”.

Opera
Go to “Tools” > “Delete Private Data”.  Make sure you check/uncheck what you want to clear.  There is an option in there that will close all of your open tabs, so uncheck that if you want to save any.

To dump history, cache, and cookie data upon exit, simply go to “Tools” > “Preferences” > “Advanced” tab.  In the “History” section, check the box labeled “Empty on exit”, and in the “Cookies” section, check the “Delete new cookies when exiting Opera” option.

Firefox
Go to “Tools” > “Clear Private Data”.  Make sure you check/uncheck what you want to clear.  Your tabs will stay open by default, unlike Opera.

To dump history, cache, and cookie data upon exit, simply go to “Tools” > “Options” > “Privacy” tab, and click the “Settings” button on the lower right.  Check the items you want dumped upon exit, and check the “Clear private data when closing Firefox” option.

You can use a proxy to forward traffic through.  Now, on one hand, this allows you to disassociate your internet traffic from the IP address your ISP gives you.  Tor, run by the EFF, is one such publicly available proxy service.  There are other various ones up and running as well.

The downside to using a proxy server is that even though your net traffic is disassociated from your IP address, some proxies log the data you send and request through it.  It’s more or less a catch-22 in terms of attempting to attain absolute privacy (who do you want logging your data?).  But of course, there are a few proxy servers with strict privacy polices.

Keep your computer free of spyware/adware/malware.  This is probably one of the largest areas of illegitimate use of your surfing habits, search terms, and whatever other private information that these kinds of software can gather.  The tried and tested tools of the spyware prevention trade include Spybot, Adaware, HijackThis!, and Spyware Blaster (plus, there are some people who prefer Windows Defender, but others claim it’s full of too many annoyances to use).  Proper firewall and anti-virus protection goes a long way too.

Anyway, we started out here interested in deciphering the data that is being stored inside of a google cookie.  So, here’s an example of what you would see if you opened one of google’s cookies:

PREF
ID=cb0ba67602420705:TM=1156552394:LM=1156552394:S=A-mJgF4C-9P_HdxF
google.com/
1536
2618878336
32111634
3033578544
29804711
*

Gobbledygook, right?  Not quite.  There is some information you can glean from the contents of this cookie.  Using a browser to read the cookie (Opera and Firefox have this ability) often results in showing what all of this says.

PREF is the name of the cookie, which most likely stands for “preferences”.  google.com is the domain from which the cookie came from.  So, putting two and two together, a preference that may be stored for google’s webpage is which language that you want google.com to appear in.

The ID value is a unique identifier that allows the server to keep track of various preferences and hit traffic for your browser session.  Something that would be kept track of would be to see how popular a certain new google service is.  Do people hate it so much that they only visit once and leave, or do they like it and visit it several times?

The cookie can also store the expiration date of the cookie (the point at which it is no longer useful and will be ignored by the website’s server), and possibly the date of your most recent visit to the website.

By itself, it really doesn’t store much in the way of personal information…just site preferences and the like.  All the real tracking happens on the web server itself.  Take a look at this official google blog post that offers a basic explanation of their cookies and what information is gathered on by the web server .  In short, it can log your IP address, what type of browser you’re using, what Operating System you’re using, the date and time you accessed the website, and the unique ID of the cookie that was stored on your computer.

Now, if you put some of that information together, you can probably find out a few things about the user that was surfing the website.  The two identifiable portions of this are of course the IP address and the cookie’s unique ID.  Between those two pieces of data, it’s possible to perform a correlation and match unique IDs to several IP addresses (if your IP address changes), or a single IP address to several cookie IDs (which may or may not be very accurate since different people can use the same IP address at different times, depending on how their ISP distributes IP addresses).  Essentially, tracking users by this method is not very accurate.

On the other hand, if you login to google’s website with your username and password, they will be able to track you with greater ease, seeing as they would be able to log every IP address you log in from, every cookie that is sent to you, and every search you perform.  The log results on a particular user in that case would then provide useful information when put all together, such as being able to provide targeted ads that are geared towards your interests.  Or, on a more sinister note, they could be used in the way AOL’s search data was used–to correlate all the search data and find out who the person was that actually performed the searches as a result of what they themselves entered in the search box.

As I mentioned earlier, there are a few ways to guard yourself from active tracking methods like this.  It may be a good idea to adopt a few of them into your “safe surfing” habits, but other than that, the only way to be 100% anonymous on the Internet is to cut your ethernet cable and bury your computer in concrete.

Ultimately, it’s your actions and critical watch over your own personal information that dictates what others can and can’t find out about you (seriously, who enters their credit card number in a google search, anyway?  That alone should be common sense, but if it isn’t, now you know that it is not a very smart thing to do).

The danger in being tracked online isn’t really about cookies…it’s about what you do online.

(Originally published on a now-defunct blog)