Why you should delete cookies before signing in to Google or Facebook - gHacks Tech News

Why you should delete cookies before signing in to Google or Facebook

Whenever you use Google or Facebook without being logged in to an account, a cookie is saved to the local system.

It is anonymous at this point in time even though it reveals information about your browsing habits to the company that set it.

Google for instance knows that you have searched for this and that but cannot link the information to you as a person.  The company even states that it uses anonymous identifiers in its privacy policy.

The same is true for Facebook which may notice that you visit sites that display Facebook widgets but cannot link that to an account on the site.

If you decide to sign in to an account afterwards, all previous activities linked to the "anonymous you" are now linked to the user account. This is the case because the same root domain cookie is being used by Google and Facebook to track anonymous and logged in users.

google cookies

So, these companies know all sites that you have visited in the past if their contents were used on those sites. The same is true if you sign out of an account and visit sites afterwards that use these contents as well.

Google may know that you visited that NSFW website even if you made sure you did not search for it directly and signed out of your Google account prior to accessing it. The same is true for Facebook as long as sites you visit load widgets, apis or other elements from Google or Facebook domains.

This means basically that the data that these companies collect about you is only anonymous if you never sign in to an account on these sites, block third-party requests from these companies by default, or delete cookies regularly and especially before signing in or after signing out of an account.

The first option sounds easy enough. You may use two different browsers for that for example, or use private browsing mode and regular mode using a single browser.

The blocking of third-party requests can be blocked through the use of add-ons like NoScript for Firefox or Scriptsafe for Chrome to name two options.

The deletion of cookies requires extensions as well. While you can configure web browsers to delete cookies on exit automatically or manually, it won't help you during browsing sessions.

A browser extension like Self-Destructing Cookies can be used to delete cookies as soon as you leave the site they have been set on.

Tip: You can list all cookies a site saved on connect by pressing F12 in your browser of choice and switching to the storage tab of the Developer Tools interface that opens up. There you should find a list of cookies saved by the domain and third-party sites.

Please note that this is true for other companies and services as well but more often than not to a lesser degree considering the popularity of Google and Facebook on the Internet.

 

Summary
Why you should delete cookies before signing in to Google or Facebook
Article Name
Why you should delete cookies before signing in to Google or Facebook
Description
Google, Facebook and other companies may be able to link anonymous usage data to your account if you sign in to an account regularly without clearing cookies.
Author

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. jimbo said on December 23, 2014 at 7:26 pm
    Reply

    For the life of me I just couldn’t find the Storage tab in Firefox ! Drill down?
    Had to SH+F2, ‘cookie list’

    1. Martin Brinkmann said on December 23, 2014 at 7:30 pm
      Reply

      Forgot, you need to enable Storage in the preferences first.

  2. ChromeShine said on December 23, 2014 at 9:36 pm
    Reply

    And once you do this — delete cookies, you may have to sign-in again and blah,blah,blah. My History on Firefox is set to empty on exit, and under the Google and Bing settings, I have it set not to remember History, but ya never know. Many sites require cookies to work. Best just to realize you are being tracked wherever you go and leave it at that. Sadly, you will be tracked every step of the way on the Internet — this is the reality, and I accept it and use it. Your ISP and NSA know your every move. Just keep it in mind that the Internet is not a very private place to visit.

    1. GunGunGun said on December 23, 2014 at 10:33 pm
      Reply

      Only if they set their Cisco’s Router log everything using SMTP server or syslog, but it resource hog so they will not that dumb to enable that feature.
      I’m an network engineer, I disabled all kind of log feature on my Cisco to improve performance anyway, especially Cisco’s router that serves BGP (BGP also serves internet customer) which is almost un-logable.

      I don’t think I have to care about my ISP track me, if they aim and track, okay, I lose, but if they just run their router, no problem.

    2. Pants said on December 24, 2014 at 1:48 am
      Reply

      “Many sites require cookies to work”

      I have cookies turned off by default (but I allow either permanently or session only for about 10 sites where I log in such as a bank account). Except where you are required to log in (eg to make comments in a forum or access an account), I have yet to really come across any site that actually requires cookies to “function” – as in be accessible and readable.

      IMO, cookies are becoming obsolete as a tracking mechanism, as other methods of supercookies etc evolve (UIXH? headers, browser fingerprinting, http authentication unique ids, referrers, e-tags, window.name tags ) – and all it takes is one bad OpSec and the dots gets joined…

    3. ACow said on December 24, 2014 at 4:20 am
      Reply

      May I suggest Self-Destructing Cookies? The addon deletes cookies created by a website after its tab is closed, unless you tell it to keep them (2 clicks). This way I only keep the cookies I need. Private browsing for FB/G.The only thing that can still track me that I know of is fingerprinting (not the canvas one), but this one requires a little too much hassle to get around.

  3. Tim said on December 23, 2014 at 9:49 pm
    Reply

    I’m not a web techie so this is mainly theory, but I wonder whether they will track you anyway regardless of cookies.

    Lets say you visit a website that has the Facebook social plugin embedded in the page (with ‘Like’ buttons, etc. that a lot of websites have). The Facebook social plugin is loaded from Facebook’s servers, therefore Facebook know the IP addresses of the people who’ve visited that page.

    Of course, an IP address will usually be an ISP’s IP address and not specific to a particular person. That is until someone from that household (not necessarily even the same person) logs into Facebook at some point during the day, then they have a match between the IP that requested the plugin and the IP address of the person who logged into Facebook. They then have a name and physical address for that IP address. And because of the nature of Facebook where a lot of their users log in frequently, their latest IP address are always being reported to Facebook even if they’re using a dynamic IP address. Combined with electronic finger-printing should be fairly easy to identify the exact person.

  4. Dwight Stegall said on December 24, 2014 at 6:23 am
    Reply

    The only local and session storage cookies in Chrome are Superfish.com and some place I never heard of…….ghacks? :)

  5. David said on December 24, 2014 at 9:53 am
    Reply

    I bet they track you in other ways regardless. I agree that Firefox’s Self-Destructing Cookies extension is great. Close a tab and the cookies are gone. Dunno if it also deletes them when you leave a domain. Maybe.

  6. Sukhen said on December 24, 2014 at 3:27 pm
    Reply

    How about Incognito or private mode? Isn’t it good for FB, Banking, Credit Card transactions etc?

    1. Martin Brinkmann said on December 24, 2014 at 6:56 pm
      Reply

      It is fine as long as you don’t sign in using it and use service’s anonymously as well. If you use either, cookie tracking won’t work.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.