If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

Browsing history

IOC‑2.A (LO)
IOC‑2.A.3 (EK)
IOC‑2.A.7 (EK)
IOC‑2.B.11 (EK)
Would you feel comfortable if your entire browsing history was shared with the world? A list of every website you visited, when you visited it, and how long you spent on it? In an informal poll of my friends, 80% said that no, they wouldn't like that very much at all.
However, our browsing history really isn't very private at all. It can be tracked by websites, browsers, ISPs, and even the government.

Websites tracking browser history

A website can track which of its own webpages a user has visited, which probably isn't too surprising.
However, a website can also track a user's browsing history across other websites by using third-party cookies, as long as each site loads the cookie from the same domain.
To prevent tracking across multiple websites, most browsers allow users an option to disable third-party cookies.
Screenshot of Firefox privacy preferences screen. It says "Choose what to block" and has two checked checkboxes for "Trackers" and "Cookies". Next to the trackers checkbox, there's a dropdown with "In all windows" selected. Next to the cookies checkbox, there's a dropdown with an option selected that says "All third-party cookies (may cause websites to break)".
Cookie blocking preferences for the Firefox browser.
Alternatively, some browsers default to disallowing third-party cookies.
Screenshot of an article on the Time.com website loaded in the Brave browser. An overlay says "Shields UP for this site" and "10 cross-site trackers and other creepy things blocked".
The Brave Browser includes a "shield" mechanism that is on by default and disables tracking cookies (amongst other things).

Browsers tracking browsing history

Browsers store the browsing history for us across the entire web, a feature that makes it easier to re-find websites we visited in the past and autocomplete URLs as we're typing.
That handy feature means that anyone with access to our computer, like a parent, roommate, or classmate, can also see which websites we've visited.
Screenshot of browsing history from Firefox browser. Shows a table with the title and URL of seven websites, all around the topic of mother's day gifts.
Browsing history from the Firefox browser. Shh, don't tell my mum!
Most browsers give users options to clear the browsing history, however. In some browsers, you can even opt to clear the browsing history every time the browser restarts.
Screenshot of Brave interface for clearing browsing data. Shows a dropdown for "Time range" that has "All time" selected, three checked checkboxes for "Browsing history", "Cookies and other site data", "Cached images and files", and two buttons that say "Cancel" and "Clear data".
Options to clear browsing data from the Brave browser.
Many browsers also provide an incognito browsing mode, a new browser window that will not store browsing history at all. Once you close the window, it will also forget any cookies generated in that session.
Screenshot of a new incognito mode in the Chrome browser. Includes a description of what will and won't be saved while browsing in that mode.
A new incognito window in the Chrome browser.

Routers tracking browsing history

Anyone who can access the router that forwards a packet can monitor the destinations of HTTP requests.
An Internet Service Provider (ISP) administers the first routers that a packet travels through (excluding the home/office/school) router, so the ISP can see every HTTP request that's sent through those routers. Users can use HTTPS-secured websites to hide the contents of their requests, but HTTPS will still reveal the domain names. ISPs can use that information to find customers that are engaged in illegal activities, such as downloading pirated movies.
Illustration of ISP monitoring browsing history. On the left side, a laptop is shown browsing the website "piratesmovies-r-us.com". An arrow goes from the laptop to an ISP router and is labeled with an HTTP request to "piratesmovies-r-us.com". An arrow with the same HTTP request goes from the ISP router to another router.
But ISPs aren't the only ones with access to routers. Government organizations have found various ways to gain access to routers and their forwarding data. In the US, the NSA reportedly installed backdoor surveillance monitoring programs on routers before they were exported to foreign customers. start superscript, 1, end superscript
Illustration of the government monitoring browsing history. On the left side, a laptop is shown browsing the website "terrorism-101.com". An arrow goes from the laptop to a router and is labeled with an HTTP request to "terrorism-101.com". That router has the icon of a government building on top of it. An arrow with the same HTTP request goes from that router to a server.
For governments, monitoring online activity can be a way to discover behavior that they consider dangerous or unwanted. For citizens, governmental monitoring may reduce their privacy and threaten their freedom of speech. Journalists have reported that it's harder now to research stories about government activities, as their sources are afraid to communicate over the open Internet. squared
Concerned users have a few options to increase the privacy of their browsing history.
One popular option, especially for journalists, is a Virtual Private Network (VPN). When using a VPN, the computer sends a packet of encrypted data with a destination of the VPN server to the ISP. The VPN server decrypts the data, finds out where the user actually wants to send the packet, and then forwards the packet to that destination.
Illustrations of a VPN. On the left side, a laptop with a web browser is shown. An arrow goes from the laptop towards a router labeled "ISP" and is labeled with "To: VPN, From: Client". An arrow goes from the ISP router towards a server labeled "VPN" and is labeled the same. A third arrow goes from the VPN server to another server and is labeled "To: Server, From: VPN".
The VPN server knows the user's browsing history, but the ISP does not. Plus, other routers after the VPN will only see that the packet came from the VPN IP address, not from the user's IP address. A VPN subscription is often expensive, however, and the additional stop along the way can result in a slower browsing experience. The benefits may outweigh the costs for journalists, but VPNs are not yet used by the standard web surfer.
Another option is Tor, an open source program for anonymizing Internet traffic. When using Tor, the computer sends an encrypted packet through a large number of volunteer relays. The data is packaged such that each relay only knows where it came from and where it's going, and no relay knows both the sender IP address and the destination IP address.
Tor can provide truly anonymous browsing, but it also severely slows down the browsing experience, since it has to hop through volunteer relays that can be located anywhere on the Internet.
A final option is to lobby ISPs and governments to reduce their amount of monitoring or tighten their processes around accessing the browsing history of users. For example, the Electronic Frontier Foundation (EFF) is a non-profit that researches issues around digital privacy and tries to make changes through litigation, technology, and activism.
An illustration of a bald eagle wearing a router labeled NSA with a banner underneath that says "Illegal spying is illegal" and the URL "eff.org/nsa".
A parody logo of the NSA by the EFF. Image source: EFF, Flickr

🙋🏽🙋🏻‍♀️🙋🏿‍♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!

Want to join the conversation?