Main content
Computers and the Internet
Course: Computers and the Internet > Unit 4
Lesson 3: User data trackingBrowsing history
Would you feel comfortable if your entire browsing history was shared with the world? A list of every website you visited, when you visited it, and how long you spent on it? In an informal poll of my friends, 80% said that no, they wouldn't like that very much at all.
However, our browsing history really isn't very private at all. It can be tracked by websites, browsers, ISPs, and even the government.
Websites tracking browser history
A website can track which of its own webpages a user has visited, which probably isn't too surprising.
However, a website can also track a user's browsing history across other websites by using third-party cookies, as long as each site loads the cookie from the same domain.
To prevent tracking across multiple websites, most browsers allow users an option to disable third-party cookies.
Alternatively, some browsers default to disallowing third-party cookies.
Browsers tracking browsing history
Browsers store the browsing history for us across the entire web, a feature that makes it easier to re-find websites we visited in the past and autocomplete URLs as we're typing.
That handy feature means that anyone with access to our computer, like a parent, roommate, or classmate, can also see which websites we've visited.
Most browsers give users options to clear the browsing history, however. In some browsers, you can even opt to clear the browsing history every time the browser restarts.
Many browsers also provide an incognito browsing mode, a new browser window that will not store browsing history at all. Once you close the window, it will also forget any cookies generated in that session.
Routers tracking browsing history
Anyone who can access the router that forwards a packet can monitor the destinations of HTTP requests.
An Internet Service Provider (ISP) administers the first routers that a packet travels through (excluding the home/office/school) router, so the ISP can see every HTTP request that's sent through those routers. Users can use HTTPS-secured websites to hide the contents of their requests, but HTTPS will still reveal the domain names. ISPs can use that information to find customers that are engaged in illegal activities, such as downloading pirated movies.
But ISPs aren't the only ones with access to routers. Government organizations have found various ways to gain access to routers and their forwarding data. In the US, the NSA reportedly installed backdoor surveillance monitoring programs on routers before they were exported to foreign customers.
For governments, monitoring online activity can be a way to discover behavior that they consider dangerous or unwanted. For citizens, governmental monitoring may reduce their privacy and threaten their freedom of speech. Journalists have reported that it's harder now to research stories about government activities, as their sources are afraid to communicate over the open Internet.
Concerned users have a few options to increase the privacy of their browsing history.
One popular option, especially for journalists, is a Virtual Private Network (VPN). When using a VPN, the computer sends a packet of encrypted data with a destination of the VPN server to the ISP. The VPN server decrypts the data, finds out where the user actually wants to send the packet, and then forwards the packet to that destination.
The VPN server knows the user's browsing history, but the ISP does not. Plus, other routers after the VPN will only see that the packet came from the VPN IP address, not from the user's IP address. A VPN subscription is often expensive, however, and the additional stop along the way can result in a slower browsing experience. The benefits may outweigh the costs for journalists, but VPNs are not yet used by the standard web surfer.
Another option is Tor, an open source program for anonymizing Internet traffic. When using Tor, the computer sends an encrypted packet through a large number of volunteer relays. The data is packaged such that each relay only knows where it came from and where it's going, and no relay knows both the sender IP address and the destination IP address.
Tor can provide truly anonymous browsing, but it also severely slows down the browsing experience, since it has to hop through volunteer relays that can be located anywhere on the Internet.
A final option is to lobby ISPs and governments to reduce their amount of monitoring or tighten their processes around accessing the browsing history of users. For example, the Electronic Frontier Foundation (EFF) is a non-profit that researches issues around digital privacy and tries to make changes through litigation, technology, and activism.
🙋🏽🙋🏻♀️🙋🏿♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!
Want to join the conversation?
"The data is packaged such that each relay only knows where it came from and where it's going, and no relay knows both the sender IP address and the destination IP address.", would anyone please explain it further? Thanks.(8 votes)
The idea is similar to a boss asking an employee to prepare a document. The employee knows the request came from the boss (i.e. where it came from) and knows it will be delivered back to the boss (i.e. where it's going).
The employee does not know why the report is being made (i.e. the sender IP address) or to whom it will be presented too (i.e. the destination IP address). Only local (pair-wise) information is communicated, not global (the entire path).
The employee is like a relay in this case.
More technically, the packets are addressed with local information, so the start and end IP addresses are never known in full at any step in the route/path.
Hope that helps!(24 votes)
- How trustworthy is Incognito?(10 votes)
Depends on what do you mean, because in Incognito, your data isn't saved in your device, but the IP you used to browse and the search results (links you opened) may be available to the WiFi manager, for example(15 votes)
does VPN server knows what we are doing ?? if soo... are they selling our data for their profit(7 votes)- Good question! Some VPN providers state they are "logless", and hence they claim they don't log (know) what users are doing.
Hope this helps!(20 votes)
If you erase browsing history, does companies like Microsoft and Google still have access to them?(10 votes)
Yes. They can still retrieve the information if they have such intentions. You can't really permanently erase anything from the internet--it's always there.(12 votes)
Even if you turn on incognito mode or something on google, could people hack your "incognito mode" and get your search history on incognito mode, or will it have like completely no trace of what you searched (Except open tabs of course)?(9 votes)
Incognito mode is a mode offered by a number of modern web browsers. Incognito mode generally prevents the persistence of browser history, site cookies, and otherwise.
However, incognito mode does nothing to modify the underlying web traffic. The web traffic of the user utilizing incognito mode can still be captured and viewed by their ISP (Internet Service Provider), employer, etc.
Incognito mode is meant to offer a private browsing experience, but it is not meant to be infallible. You can inspect the user's web traffic without needing to employ any type of "hacking."(12 votes)
- I looked up roblock and got a virus(12 votes)
You have to be careful of what you type into search engines as well. If you typed "Roblock" and clicked on the first link that popped up, you may be accessing a phishing website. Especially if you have to enter sensitive information.
Always be careful of what websites you enter and what information you give out.(3 votes)
If I delete my history, is there a history 'trash bin'?(8 votes)
Depending on what you are clearing (if you are talking about search history), there will often still be copies of things stored in internal databases, e.g. your hard drive or Google's servers. However, you can just not see it.(10 votes)
I have some questions! Are search engines - such as google - able to access our website passwords? If so, is that information available to people who work for the search engines?(7 votes)- While Google stores all of your information, it is not supposed to be accessible to their employees, but I am sure that they can access it. You can try checking out their privacy policy if you are curious more on that kind of thing.(7 votes)
- I have a VPN in my house, could people hack into it and get personal information off me and my family?(4 votes)
- It is possible to get around the security measures enforced by a Virtual Private Network, but it is rather challenging. Many malicious actors wouldn't be willing to invest the time and effort to attack general users who are on a VPN, so you do not have much to worry about there.
However, there is still the human element of security. If you visit a malicious website or download a malicious program of your own volition, the VPN will not be able to protect you against such threats.(7 votes)
- Why would people want to track your search history? Except if its your parents.(5 votes)
Keeping track of search history has multiple purposes.
Parents can use it to ensure their children's safety, while schools and companies can use it to monitor their students' or employees' internet activities and ensure responsible usage.
Additionally, ISPs and the government may access search history to maintain citizen safety and enforce laws.
Furthermore, companies can use search history to provide more accurate recommendations and advertisements.
However, there are ways to prevent tracking.(2 votes)