Would you feel comfortable if your entire browsing history was shared with the world? A list of every website you visited, when you visited it, and how long you spent on it? In an informal poll of my friends, 80% said that no, they wouldn't like that very much at all.
However, our browsing history really isn't very private at all. It can be tracked by websites, browsers, ISPs, and even the government.
Websites tracking browser history
A website can track which of its own webpages a user has visited, which probably isn't too surprising.
However, a website can also track a user's browsing history across other websites by using third-party cookies, as long as each site loads the cookie from the same domain.
To prevent tracking across multiple websites, most browsers allow users an option to disable third-party cookies.
Screenshot of Firefox privacy preferences screen. It says "Choose what to block" and has two checked checkboxes for "Trackers" and "Cookies". Next to the trackers checkbox, there's a dropdown with "In all windows" selected. Next to the cookies checkbox, there's a dropdown with an option selected that says "All third-party cookies (may cause websites to break)".
Alternatively, some browsers default to disallowing third-party cookies.
Screenshot of an article on the Time.com website loaded in the Brave browser. An overlay says "Shields UP for this site" and "10 cross-site trackers and other creepy things blocked".
Browsers tracking browsing history
Browsers store the browsing history for us across the entire web, a feature that makes it easier to re-find websites we visited in the past and autocomplete URLs as we're typing.
That handy feature means that anyone with access to our computer, like a parent, roommate, or classmate, can also see which websites we've visited.
Screenshot of browsing history from Firefox browser. Shows a table with the title and URL of seven websites, all around the topic of mother's day gifts.
Most browsers give users options to clear the browsing history, however. In some browsers, you can even opt to clear the browsing history every time the browser restarts.
Screenshot of Brave interface for clearing browsing data. Shows a dropdown for "Time range" that has "All time" selected, three checked checkboxes for "Browsing history", "Cookies and other site data", "Cached images and files", and two buttons that say "Cancel" and "Clear data".
Many browsers also provide an incognito browsing mode, a new browser window that will not store browsing history at all. Once you close the window, it will also forget any cookies generated in that session.
Screenshot of a new incognito mode in the Chrome browser. Includes a description of what will and won't be saved while browsing in that mode.
Routers tracking browsing history
Anyone who can access the router that forwards a packet can monitor the destinations of HTTP requests.
An Internet Service Provider (ISP) administers the first routers that a packet travels through (excluding the home/office/school) router, so the ISP can see every HTTP request that's sent through those routers. Users can use HTTPS-secured websites to hide the contents of their requests, but HTTPS will still reveal the domain names. ISPs can use that information to find customers that are engaged in illegal activities, such as downloading pirated movies.
Illustration of ISP monitoring browsing history. On the left side, a laptop is shown browsing the website "piratesmovies-r-us.com". An arrow goes from the laptop to an ISP router and is labeled with an HTTP request to "piratesmovies-r-us.com". An arrow with the same HTTP request goes from the ISP router to another router.
But ISPs aren't the only ones with access to routers. Government organizations have found various ways to gain access to routers and their forwarding data. In the US, the NSA reportedly installed backdoor surveillance monitoring programs on routers before they were exported to foreign customers.
Illustration of the government monitoring browsing history. On the left side, a laptop is shown browsing the website "terrorism-101.com". An arrow goes from the laptop to a router and is labeled with an HTTP request to "terrorism-101.com". That router has the icon of a government building on top of it. An arrow with the same HTTP request goes from that router to a server.
For governments, monitoring online activity can be a way to discover behavior that they consider dangerous or unwanted. For citizens, governmental monitoring may reduce their privacy and threaten their freedom of speech. Journalists have reported that it's harder now to research stories about government activities, as their sources are afraid to communicate over the open Internet.
Concerned users have a few options to increase the privacy of their browsing history.
One popular option, especially for journalists, is a Virtual Private Network (VPN). When using a VPN, the computer sends a packet of encrypted data with a destination of the VPN server to the ISP. The VPN server decrypts the data, finds out where the user actually wants to send the packet, and then forwards the packet to that destination.
Illustrations of a VPN. On the left side, a laptop with a web browser is shown. An arrow goes from the laptop towards a router labeled "ISP" and is labeled with "To: VPN, From: Client". An arrow goes from the ISP router towards a server labeled "VPN" and is labeled the same. A third arrow goes from the VPN server to another server and is labeled "To: Server, From: VPN".
The VPN server knows the user's browsing history, but the ISP does not. Plus, other routers after the VPN will only see that the packet came from the VPN IP address, not from the user's IP address. A VPN subscription is often expensive, however, and the additional stop along the way can result in a slower browsing experience. The benefits may outweigh the costs for journalists, but VPNs are not yet used by the standard web surfer.
Another option is Tor, an open source program for anonymizing Internet traffic. When using Tor, the computer sends an encrypted packet through a large number of volunteer relays. The data is packaged such that each relay only knows where it came from and where it's going, and no relay knows both the sender IP address and the destination IP address.
Tor can provide truly anonymous browsing, but it also severely slows down the browsing experience, since it has to hop through volunteer relays that can be located anywhere on the Internet.
A final option is to lobby ISPs and governments to reduce their amount of monitoring or tighten their processes around accessing the browsing history of users. For example, the Electronic Frontier Foundation (EFF) is a non-profit that researches issues around digital privacy and tries to make changes through litigation, technology, and activism.
An illustration of a bald eagle wearing a router labeled NSA with a banner underneath that says "Illegal spying is illegal" and the URL "eff.org/nsa".
Want to join the conversation?
- does VPN server knows what we are doing ?? if soo... are they selling our data for their profit(4 votes)
- Good question! Some VPN providers state they are "logless", and hence they claim they don't log (know) what users are doing.
Hope this helps!(14 votes)
- "The data is packaged such that each relay only knows where it came from and where it's going, and no relay knows both the sender IP address and the destination IP address.", would anyone please explain it further? Thanks.(1 vote)
- The idea is similar to a boss asking an employee to prepare a document. The employee knows the request came from the boss (i.e. where it came from) and knows it will be delivered back to the boss (i.e. where it's going).
The employee does not know why the report is being made (i.e. the sender IP address) or to whom it will be presented too (i.e. the destination IP address). Only local (pair-wise) information is communicated, not global (the entire path).
The employee is like a relay in this case.
More technically, the packets are addressed with local information, so the start and end IP addresses are never known in full at any step in the route/path.
Hope that helps!(14 votes)
- Even if you turn on incognito mode or something on google, could people hack your "incognito mode" and get your search history on incognito mode, or will it have like completely no trace of what you searched (Except open tabs of course)?(4 votes)
- Incognito mode is a mode offered by a number of modern web browsers. Incognito mode generally prevents the persistence of browser history, site cookies, and otherwise.
However, incognito mode does nothing to modify the underlying web traffic. The web traffic of the user utilizing incognito mode can still be captured and viewed by their ISP (Internet Service Provider), employer, etc.
Incognito mode is meant to offer a private browsing experience, but it is not meant to be infallible. You can inspect the user's web traffic without needing to employ any type of "hacking."(5 votes)
- does school know we use vpns?(3 votes)
- Can cookies, when stored in one’s hard drive, request to view the browsing history of a given browser? In other words, is the ONLY way a website can track your browsing on OTHER websites by putting third party cookies on the webpages of other sites? Or is there a way for a cookie to view your ENTIRE browsing history across ALL websites?(3 votes)
- If you're on a website that hosts resources from another website, that's two sets of cookies that are able to track you - ones from the website you're on, and ones from the website your current website is pulling resources from. A cookie cannot view your activity if it is not in some way linked with the website you're currently on.(2 votes)
- Can people access past browsing history when you are using a a so called" highly sophisticated " browser like Braves private window with Tor browser .(3 votes)
- I have a VPN in my house, could people hack into it and get personal information off me and my family?(1 vote)
- It is possible to get around the security measures enforced by a Virtual Private Network, but it is rather challenging. Many malicious actors wouldn't be willing to invest the time and effort to attack general users who are on a VPN, so you do not have much to worry about there.
However, there is still the human element of security. If you visit a malicious website or download a malicious program of your own volition, the VPN will not be able to protect you against such threats.(4 votes)
- is there a way to fully erase my browsing history?(2 votes)
- What happens if someone hacks into your VPN and installs a virus into your devices?(2 votes)
- if you want my full honest opinion... get rid of your devices... or something idk im not that smart. anyone else this good?(1 vote)
- I looked up roblock and got a virus(2 votes)
- That is a perfect example of never trusting weird-looking websites. For instance, if the website you are visiting/viewing doesn't have a classic "HTTPS://" then... EXIT OUT OF THE SITE IMMEDIATELY. Hackers might program to make the website immediately download a virus inside your computer before you exit it. Please remember this tip in the future(1 vote)