Why you should delete cookies before signing in to Google or Facebook
Whenever you use Google or Facebook without being logged in to an account, a cookie is saved to the local system.
It is anonymous at this point in time even though it reveals information about your browsing habits to the company that set it.
Google for instance knows that you have searched for this and that but cannot link the information to you as a person. The company even states that it uses anonymous identifiers in its privacy policy.
When you’re not signed in to a Google Account, we store the information we collect with unique identifiers tied to the browser, application, or device you’re using.
The same is true for Facebook which may notice that you visit sites that display Facebook widgets or pages on Facebook, but cannot link that to an account on the site.
If you decide to sign in to an account afterwards, all previous activity linked to the "anonymous you" is now linked to the user account. This is the case because the same root domain cookie is being used by Google and Facebook to track anonymous and logged in users.
So, these companies know all sites that you have visited in the past if connections to Google or Facebook owned servers were made on those sites. The same is true if you sign out of an account and visit sites afterwards that use these contents as well.
Google may know that you visited that NSFW website even if you made sure you did not search for it directly and signed out of your Google account prior to accessing it. The same is true for Facebook as long as sites you visit load widgets, apis or other elements from Google or Facebook domains.
This means, basically, that the data that these companies collect about you is only anonymous if you never sign in to an account on these sites, block third-party requests from these companies by default, or delete cookies regularly and especially before signing in or after signing out of an account.
The first option sounds easy enough. You may use two different browsers for that for example, or use private browsing mode and regular mode using a single browser.
The blocking of third-party requests can be blocked through the use of add-ons like uBlock Origin, NoScript for Firefox or Scriptsafe for Chrome to name three options.
The deletion of cookies requires extensions as well. While you can configure web browsers to delete cookies on exit automatically or manually, it won't help you during browsing sessions.
A browser extension like Self-Destructing Cookies can be used to delete cookies as soon as you leave the site they have been set on. It supports a whitelist to protect some cookies from being cleared by the extension.
Tip: You can list all cookies a site saved on connect by pressing F12 in your browser of choice and switching to the storage tab of the Developer Tools interface that opens up. There you should find a list of cookies saved by the domain and third-party sites.
Please note that this is true for other companies and services as well but more often than not to a lesser degree considering the popularity of Google and Facebook on the Internet.
For the life of me I just couldn’t find the Storage tab in Firefox ! Drill down?
Had to SH+F2, ‘cookie list’
Forgot, you need to enable Storage in the preferences first.
And once you do this — delete cookies, you may have to sign-in again and blah,blah,blah. My History on Firefox is set to empty on exit, and under the Google and Bing settings, I have it set not to remember History, but ya never know. Many sites require cookies to work. Best just to realize you are being tracked wherever you go and leave it at that. Sadly, you will be tracked every step of the way on the Internet — this is the reality, and I accept it and use it. Your ISP and NSA know your every move. Just keep it in mind that the Internet is not a very private place to visit.
Only if they set their Cisco’s Router log everything using SMTP server or syslog, but it resource hog so they will not that dumb to enable that feature.
I’m an network engineer, I disabled all kind of log feature on my Cisco to improve performance anyway, especially Cisco’s router that serves BGP (BGP also serves internet customer) which is almost un-logable.
I don’t think I have to care about my ISP track me, if they aim and track, okay, I lose, but if they just run their router, no problem.
“Many sites require cookies to work”
I have cookies turned off by default (but I allow either permanently or session only for about 10 sites where I log in such as a bank account). Except where you are required to log in (eg to make comments in a forum or access an account), I have yet to really come across any site that actually requires cookies to “function” – as in be accessible and readable.
IMO, cookies are becoming obsolete as a tracking mechanism, as other methods of supercookies etc evolve (UIXH? headers, browser fingerprinting, http authentication unique ids, referrers, e-tags, window.name tags ) – and all it takes is one bad OpSec and the dots gets joined…
May I suggest Self-Destructing Cookies? The addon deletes cookies created by a website after its tab is closed, unless you tell it to keep them (2 clicks). This way I only keep the cookies I need. Private browsing for FB/G.The only thing that can still track me that I know of is fingerprinting (not the canvas one), but this one requires a little too much hassle to get around.
I’m not a web techie so this is mainly theory, but I wonder whether they will track you anyway regardless of cookies.
Lets say you visit a website that has the Facebook social plugin embedded in the page (with ‘Like’ buttons, etc. that a lot of websites have). The Facebook social plugin is loaded from Facebook’s servers, therefore Facebook know the IP addresses of the people who’ve visited that page.
Of course, an IP address will usually be an ISP’s IP address and not specific to a particular person. That is until someone from that household (not necessarily even the same person) logs into Facebook at some point during the day, then they have a match between the IP that requested the plugin and the IP address of the person who logged into Facebook. They then have a name and physical address for that IP address. And because of the nature of Facebook where a lot of their users log in frequently, their latest IP address are always being reported to Facebook even if they’re using a dynamic IP address. Combined with electronic finger-printing should be fairly easy to identify the exact person.
The only local and session storage cookies in Chrome are Superfish.com and some place I never heard of…….ghacks? :)
I bet they track you in other ways regardless. I agree that Firefox’s Self-Destructing Cookies extension is great. Close a tab and the cookies are gone. Dunno if it also deletes them when you leave a domain. Maybe.
How about Incognito or private mode? Isn’t it good for FB, Banking, Credit Card transactions etc?
It is fine as long as you don’t sign in using it and use service’s anonymously as well. If you use either, cookie tracking won’t work.