Read our guide below and then find out more about individual trackers on our Tracking the Trackers pages:
What are cookies?
Cookies are small bits of text that are downloaded to your browser as you surf the web. Their purpose is to carry bits of useful information about your interaction with the website that sets them.
Contrary to a common belief, cookies do not contain software programs, so cannot install anything on a computer.
Cookies generally do not contain any information that would identify a person. Usually they contain a string of text or "unique identifier". This acts like a label. When a website sees the string of text it set in a cookie, it knows the browser is one it has seen before.
If you use a different computer, open a new web browser or delete your cookies, the website will treat you as if you have arrived for the first time (and a new cookie will be set).
What are cookies used for?
Cookies can be used for a variety of reasons:
- to help remember your preferences on a site
(whether you read the oldest or newest comments first; the volume on the video player)
- to understand how you and other users are using the site
(to tell what the most popular news story of the day is; to record how you responded to a new design or version of the site)
- for logging in to a service or to make sure you're logged in securely
(these cookies may contain information such as your email address and your name – the information you gave when you signed up. The website you signed up to is the only site that can access this information.)
The cookies that appear to cause the most controversy, however, are for managing the advertising you see on a website.
This is particularly the case when websites set a cookie from a separate advertising delivery company. This cookie can record when and where you saw an advert, where in the world you might have been when it happened and whether you clicked on it.
The cookie will send this information to the cookie owner, who records this data and uses it to make sure you don't see the same advert too many times.
If websites choose to pool some of the information this type of cookie collects as part of an ad network, the systems used by advertising delivery companies can create "segments" of browsers that display similar behaviours.
They will use this to try to draw conclusions about what the people behind the browsers might be interested in: "basketball lovers" or "hair product enthusiasts" or "adventure holiday takers", for example. Cookies that do this are known as third-party advertising cookies.
Over time they learn which types of adverts are most effective to these groups and can sell this service to advertisers.
How do I control cookies?
Although much of the public concern around cookies would suggest otherwise, they can be controlled if you know how:
You can set your browser to delete cookies every time you finish browsing (Find out more for FireFox, Internet Explorer, Chrome, Safari).
If you don't delete cookies, you can set "opt out" cookies on your browser. Each type of tracker will usually have an opt-out. Evidon – a company that monitors what trackers get used by websites – has aggregated many of them together on its opt-out page.
Other forms of web tracking:
Cookies are the most well-known form of online tracking, but there are many other ways that companies may use to track browsing behaviour on websites. These include:
Flash cookies: also known at "locally shared objects". These are pieces of information that Adobe Flash might store on your computer. This is designed to save data such as video volume preferences or, perhaps, your scores in an online game.
Flash cookies have caused controversy because they can not be deleted in the same way as other cookies. This has meant that some less scrupulous companies have used them as "cookie backups", loading a traditional cookie back into your computer if you delete it. You can control what sites store information on Adobe's website.
Server logs: when you load a page on a website, you are making a request to that website's server. This server will log the type of request that was made and will store information such as: IP address (which will allow website owners to infer location), the date and time the browser loaded the page, what page was loaded, and what site or page the browser was on before it came to that page (referrer).
Server logs form the basis for web analytics and can only be seen by the owners of the website.
Web beacons: these are small objects embedded into a web page, but are not visible. They can also be known as "tags", "tracking bugs", "pixel trackers" or "pixel gifs".
A simple version of this is a tiny clear image that is the size of a pixel. When a web page with this image loads, it will make a call to a server for the image. This "server call" allows companies to know that someone has loaded the page.
This is very useful to companies that want to learn if readers are opening their the emails they send. When the web beacon loads, companies can tell who opened the email and when.
This system has been abused by spammers who will identify active email accounts by sending emails that include pixel trackers. This is why many email systems will ask if you trust the sender before it displays images.
Web beacons are not as useful to website owners who already have access to their server logs. However, they are useful to advertisers displaying their ads on someone else's website or services that don't have server log access. Often advertisers will embed web beacons in their adverts to get an idea of how often an advert is appearing.
Useful links:
- Pinsent Mason's All About Cookies
- "How Behavioral Advertising Works" - a post on cookies from Mike Nolet the CTO of online advertising exchange AppNexus
- A guide to some of the most common trackers by Ghostery (part of Evidon)
- The Wall Street Journal's guide to blocking trackers
- The Internet Engineering Task Force's specification for cookies (Warning! Very technical)