You are being tracked!

Many companies are looking over your shoulder when you visit websites. Think of Facebook, Google, and all kinds of advertising networks. They store your surfing behavior in cookie files on your PC. What exactly are cookies and how do they work?

Your visits to websites provide companies with a lot of data. Such companies store your surfing behavior in cookies. Sometimes websites allow other sites to place cookies on your computer. These are called 3rd party cookies. Because these cookies are not great for your privacy, it is a good practice to regularly clean up the cookie files on your PC.

What are cookies?

A cookie is a small text file that a website puts on your computer’s hard disk when you visit the site. The main function of cookies is to distinguish one user from another. You will therefore often find cookies on websites where you must log in. A cookie ensures that you remain logged in while using the site. We can distinguish 3 kinds of regular cookies: Functional cookies, analytical cookies, and tracking cookies.

The Supercookie

With the other kind of cookie, the supercookie, we can distinguish 2 kinds. One is also known under different names: “Flash cookie” or “Local Shared Objects” or LSOs. Flash cookies are found in video ads store information in a similar way to regular cookies but are stored in different locations on your system.

The other kind of supercookie is a bit more malicious, these originate from your ISP. These cookies are not stored on your own system, making them impossible to remove. ISP’s use them to recognize each device and know what it is doing online. Because these are not stored on your own system, you have very few options to stop an ISP who wants to sell your data. This only works when the user uses HTTP instead of HTTPS. These trackers use the X-UID-Header.

The UID-Header tracking works as follows: When the user device sends an HTTP request to the destination server, the ISP injects an HTTP-Header (“X-UIDH”) before the request reaches the destination server. The website then directs the request to Ad Exchange, where advertisers can make a (paid) API call to the ISP which in turn maps the header to a temporary ID and returns the ID and/or advertising segments. This only works when the user connects to the destination using HTTP, if the user uses HTTPS the connection is encrypted, which means the ISP can not utilize this technique.

How to remove cookies

Normal Cookies and flash cookies

Normal cookies can be removed easily, the method is usually very similar to overall browsers. Usually, this can be done by going to your browser’s settings and remove them with the tool that removes cookies, usually located in browser history.

Another way is to use your antivirus software, most of them have a tool to remove malicious cookies, including tracking cookies.

You can also manually find the files and delete them one by one, but this is not recommended as you might delete files that are needed for your browser to work.

Supercookies from ISP

The only possible way to delete these cookies is to gain access to your ISP’s server and remove them yourself. Given this is impossible, your only option to avoid this kind of tracking is to prevent your ISP from tracking your devices. This can be achieved by using a virtual private network or VPN.