Main content
Computers and the Internet
Course: Computers and the Internet > Unit 4
Lesson 3: User data trackingBrowsing history
AP.CSP:
IOC‑2.A (LO)
, IOC‑2.A.3 (EK)
, IOC‑2.A.7 (EK)
, IOC‑2.B.11 (EK)
Would you feel comfortable if your entire browsing history was shared with the world? A list of every website you visited, when you visited it, and how long you spent on it? In an informal poll of my friends, 80% said that no, they wouldn't like that very much at all.
However, our browsing history really isn't very private at all. It can be tracked by websites, browsers, ISPs, and even the government.
Websites tracking browser history
A website can track which of its own webpages a user has visited, which probably isn't too surprising.
However, a website can also track a user's browsing history across other websites by using third-party cookies, as long as each site loads the cookie from the same domain.
To prevent tracking across multiple websites, most browsers allow users an option to disable third-party cookies.
Alternatively, some browsers default to disallowing third-party cookies.
Browsers tracking browsing history
Browsers store the browsing history for us across the entire web, a feature that makes it easier to re-find websites we visited in the past and autocomplete URLs as we're typing.
That handy feature means that anyone with access to our computer, like a parent, roommate, or classmate, can also see which websites we've visited.
Most browsers give users options to clear the browsing history, however. In some browsers, you can even opt to clear the browsing history every time the browser restarts.
Many browsers also provide an incognito browsing mode, a new browser window that will not store browsing history at all. Once you close the window, it will also forget any cookies generated in that session.
Routers tracking browsing history
Anyone who can access the router that forwards a packet can monitor the destinations of HTTP requests.
An Internet Service Provider (ISP) administers the first routers that a packet travels through (excluding the home/office/school) router, so the ISP can see every HTTP request that's sent through those routers. Users can use HTTPS-secured websites to hide the contents of their requests, but HTTPS will still reveal the domain names. ISPs can use that information to find customers that are engaged in illegal activities, such as downloading pirated movies.
But ISPs aren't the only ones with access to routers. Government organizations have found various ways to gain access to routers and their forwarding data. In the US, the NSA reportedly installed backdoor surveillance monitoring programs on routers before they were exported to foreign customers. start superscript, 1, end superscript
For governments, monitoring online activity can be a way to discover behavior that they consider dangerous or unwanted. For citizens, governmental monitoring may reduce their privacy and threaten their freedom of speech. Journalists have reported that it's harder now to research stories about government activities, as their sources are afraid to communicate over the open Internet. squared
Concerned users have a few options to increase the privacy of their browsing history.
One popular option, especially for journalists, is a Virtual Private Network (VPN). When using a VPN, the computer sends a packet of encrypted data with a destination of the VPN server to the ISP. The VPN server decrypts the data, finds out where the user actually wants to send the packet, and then forwards the packet to that destination.
The VPN server knows the user's browsing history, but the ISP does not. Plus, other routers after the VPN will only see that the packet came from the VPN IP address, not from the user's IP address. A VPN subscription is often expensive, however, and the additional stop along the way can result in a slower browsing experience. The benefits may outweigh the costs for journalists, but VPNs are not yet used by the standard web surfer.
Another option is Tor, an open source program for anonymizing Internet traffic. When using Tor, the computer sends an encrypted packet through a large number of volunteer relays. The data is packaged such that each relay only knows where it came from and where it's going, and no relay knows both the sender IP address and the destination IP address.
Tor can provide truly anonymous browsing, but it also severely slows down the browsing experience, since it has to hop through volunteer relays that can be located anywhere on the Internet.
A final option is to lobby ISPs and governments to reduce their amount of monitoring or tighten their processes around accessing the browsing history of users. For example, the Electronic Frontier Foundation (EFF) is a non-profit that researches issues around digital privacy and tries to make changes through litigation, technology, and activism.
🙋🏽🙋🏻♀️🙋🏿♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!
Want to join the conversation?
does VPN server knows what we are doing ?? if soo... are they selling our data for their profit(3 votes)
Good question! Some VPN providers state they are "logless", and hence they claim they don't log (know) what users are doing.
Hope this helps!(13 votes)
"The data is packaged such that each relay only knows where it came from and where it's going, and no relay knows both the sender IP address and the destination IP address.", would anyone please explain it further? Thanks.(1 vote)- The idea is similar to a boss asking an employee to prepare a document. The employee knows the request came from the boss (i.e. where it came from) and knows it will be delivered back to the boss (i.e. where it's going).
The employee does not know why the report is being made (i.e. the sender IP address) or to whom it will be presented too (i.e. the destination IP address). Only local (pair-wise) information is communicated, not global (the entire path).
The employee is like a relay in this case.
More technically, the packets are addressed with local information, so the start and end IP addresses are never known in full at any step in the route/path.
Hope that helps!(14 votes)
Even if you turn on incognito mode or something on google, could people hack your "incognito mode" and get your search history on incognito mode, or will it have like completely no trace of what you searched (Except open tabs of course)?(4 votes)- Incognito mode is a mode offered by a number of modern web browsers. Incognito mode generally prevents the persistence of browser history, site cookies, and otherwise.
However, incognito mode does nothing to modify the underlying web traffic. The web traffic of the user utilizing incognito mode can still be captured and viewed by their ISP (Internet Service Provider), employer, etc.
Incognito mode is meant to offer a private browsing experience, but it is not meant to be infallible. You can inspect the user's web traffic without needing to employ any type of "hacking."(5 votes)
- I looked up roblock and got a virus(4 votes)
That is a perfect example of never trusting weird-looking websites. For instance, if the website you are visiting/viewing doesn't have a classic "HTTPS://" then... EXIT OUT OF THE SITE IMMEDIATELY. Hackers might program to make the website immediately download a virus inside your computer before you exit it. Please remember this tip in the future(2 votes)
does school know we use vpns?(3 votes)
If the school were to track IP addresses of VPN servers, then they could.(2 votes)
- Can people access past browsing history when you are using a a so called" highly sophisticated " browser like Braves private window with Tor browser .(2 votes)
If I use an VPN, can other still see my browsing history through the router or ISP? Thanks(1 vote)
Yes you can see your browsing history with whatever your doing(3 votes)
- Can cookies, when stored in one’s hard drive, request to view the browsing history of a given browser? In other words, is the ONLY way a website can track your browsing on OTHER websites by putting third party cookies on the webpages of other sites? Or is there a way for a cookie to view your ENTIRE browsing history across ALL websites?(2 votes)
If you're on a website that hosts resources from another website, that's two sets of cookies that are able to track you - ones from the website you're on, and ones from the website your current website is pulling resources from. A cookie cannot view your activity if it is not in some way linked with the website you're currently on.(1 vote)
If I delete my history, is there a history 'trash bin'?(1 vote)
Depending on what you are clearing (if you are talking about search history), there will often still be copies of things stored in internal databases, e.g. your hard drive or Google's servers. However, you can just not see it.(2 votes)
- I have a VPN in my house, could people hack into it and get personal information off me and my family?(0 votes)
- It is possible to get around the security measures enforced by a Virtual Private Network, but it is rather challenging. Many malicious actors wouldn't be willing to invest the time and effort to attack general users who are on a VPN, so you do not have much to worry about there.
However, there is still the human element of security. If you visit a malicious website or download a malicious program of your own volition, the VPN will not be able to protect you against such threats.(3 votes)
