Tin hats all round!
September 10, 2005 4:58 PM   Subscribe

What do website owners know about me when I visit their website?

Excuse my abject ignorance about this (at least by comparison to many Mefites) but I really don't know and am really curious.

I'm thinking of big corporate/governmental websites. What do cookies tell them? Isn't there a unique number for my computer? Do they know that? What does that number tell them? Anything else?
posted by Ugandan Discussions to Computers & Internet (15 answers total)
 
First off, unless you're using a proxy server, they'll know your IP (and with that, either your employer if you're accessing a site from work and your work has an outgoing server like webgateway.yourcorporation.com, or your ISP if you're accessing it from home or another place).

Unless you've installed something that'll mess with the standard settings, they'll know your type of computer, your browser, and depending on how fine-grained their statistics software is, other stuff such as installed browser plugins (but not what other things you've got installed).

As to the cookie question: If they've signed up with either a big tracking site, or are part of some kind of governmental tracking site that uses the same cookie on different sites, they'll know what other sites you might have visited, how long you were there, etc.
posted by slater at 5:06 PM on September 10, 2005


Cookies don't really tell them anything. In order to read a cookie off your computer, they first have to set that cookie. So in other words, they only know what they've told your computer about you.

They will know you're IP address. The IP address may be unique to you, or it may chance. Back in the dial-up days people would (usualy) get new IP address every time they connected to the internet. With always-on internet connections, you'll keep the same for weeks, months, or even years. But your IP address isn't related to your spesific computer, rather you're 'connection' to the internet.

If you have a laptop, for example, you'll have a diffrent IP at home then at the coffie shop using their wifi.

With a supena, a company who's website you've visited can demand information about you from your ISP, which should know you're home address, telephone number, etc. But keep in mind that requires a supena, and lawyers and all that. It's definetly not an automatic process, but that's how the RIAA can sue you for sharing MP3s.

If you visited the page from a link on another page, your browser may send that as a 'refer' along with the HTTP request. This will let them see what pages you visted *from*. Most browsers allow you to turn this off.

They'll also see what browser type and version you have.
posted by delmoi at 5:12 PM on September 10, 2005


For a vanilla HTTP request, they get: User-Agent, IP address, resource requested. (They can reverse lookup the IP address to approximate your geographic location) If they want to sniff for it, they can get all sorts of browser info (javascript support, screen size, etc etc). Oh, they also get the referring page (where you can from).

If you allow them to set a cookie on your machine, they (and their advertisers) can link isolated page views and clicked links to form an aggregate view of your browsing patterns.

Good reading: HTTP (@ wikipedia). Also cookies (ibid.)

On preview, yeah.
posted by misterbrandt at 5:14 PM on September 10, 2005


Some cookies also store your username/password and preferences for the site (mefi for example). They would have access to those, although your password is likely encrypted so it can't be read by me breaking into your house and looking at your cookies.
posted by fatbobsmith at 5:15 PM on September 10, 2005


...not that I'm planning on breaking into your house or anything...
posted by fatbobsmith at 5:16 PM on September 10, 2005


To clarify what fatbobsmith said, under normal circumstances, sites can only read cookies that were set by that site, not all of your cookies.
posted by cillit bang at 5:21 PM on September 10, 2005


Just to re-emphasize/summarize what others have said:
1) A cookie can only be read by a computer in the same domain name that set the cookie (e.g. a cookie set by www.metafilter.com can be read by www.metafilter.com, ask.metafilter.com, etc.)
2) The contents of the cookie come from the web server that set the cookie. (That is, it contains no information that they don't already know).

So, in that sense, the cookie doesn't reveal any identifying information about you. However, it does tell reveal to the web server that you are the same person (or, actually, using the same computer) who visited on the previous occasions that you visited. Linking together the data from all your visits to the web site may reveal more about you then if they didn't know that it was the same person each time.

The other information that people are talking about (IP address, browser type, OS) is information that is revealed by your web browser whenever a web page is requested (whether or not cookies are involved).
posted by winston at 5:41 PM on September 10, 2005


Many, many sites such as All Net Tools have pages that will display back to you the environment variables that your browser sends out.
posted by gimonca at 5:51 PM on September 10, 2005


It's possible, though not extraordinarily likely, that a site might also know your username on your machine. This could happen if you've got a local file on your hard drive, in one of your user folders, pointing to an external site. For instance, at my tracking site you can see that someone came to tuwa.blogspot.com with a referer of file://localhost/Users/smccreedy/My_Documents/backups/12.06.04.html , which means of course that the user name is smccreedy. This might or might not bother you, depending on how privacy-minded you are or how sensitive the information is on your computer. I couldn't imagine any .gov computers sending referers, for instance (I know that the doj.gov computers don't--I was visited by those twice. Much prefered the NOAA visits, thanks).

It's also possible that the webmaster at a site you vist often could begin to infer lifestyle habits based on your geographical location (indicating time zone) and the timestamp of your visits, though that also might not matter to you. It would be easy not to notice; it would also be easy to misconstrue motives (always visiting a site at around 4:00 a.m. your local time? does that mean you're a partier? Just going to bed? Just waking up? On an overnight desk job?) It would be inference, not necessarily knowledge.
posted by Tuwa at 10:19 PM on September 10, 2005


Using your IP address, they can generally figure out what country and ISP you're connecting from.
posted by fuzz at 3:00 AM on September 11, 2005


In theory, sites can also tell which others sites you've visited, but in practice I doubt many have ever actually done this.
posted by malevolent at 3:03 AM on September 11, 2005


Hi! I don't know that they do this but some of those advertising banners which are everywhere are using a lot of cookies and I wouldn't be surprised if they are generating databases containing the browsing patterns of particular users. All it takes is one site, with appropriately bad privacy policies and contracts with the advertising network in order to bring personally identifying information into the browsing database. Then, that can be correlated and combined with credit information, driving record, voting history, criminal record, purchase histories, anything.
posted by nervousfritz at 3:15 AM on September 11, 2005


delmoi: "With a supena, a company who's website you've visited can demandinformation about you from your ISP, which should know you're homeaddress, telephone number, etc. But keep in mind that requires asupena, and lawyers and all that."

Subpoena. Not to be snarky, just for future reference.
posted by rafter at 3:00 PM on September 11, 2005


Nervousfritz wrote: ...I don't know that they do this but some of those advertising banners which are everywhere are using a lot of cookies and I wouldn't be surprised if they are generating databases containing the browsing patterns of particular users.

This does occur; information is collected within a network of sites. My company buys advertising that's behaviorally targeted; basically our ads would be served within the network of sites to people who visited sites of a certain category such as Music or Babies. So if someone visited a site for baby names and then a site for gardening, our ad could show on the gardening site because the ad network knows that the user visited a Babies site.
posted by superkim at 5:24 AM on September 12, 2005


With Javascript I believe they can discover your screen resolution, and perhaps the size of the window their page is being displayed in.
posted by Good Brain at 10:51 PM on September 12, 2005


« Older What's that "Shaman" song/artist?   |   Online collaboration Newer »
This thread is closed to new comments.