What are your favorite websites storing on your computer?

How just one hour of browsing left 1,117 cookies on my computer

Andrew Levinson | May 2019

Cookies are one of the most misunderstood pieces of the modern web. While technically a cookie is just a simple text (.txt) file stored on your computer when you visit websites, its purposes are often confusing. The technology that enables basic online shopping is the same technology that allows third parties to track your movement across all your online activities. That raw power makes this worthy of a deeper dive.

To illustrate this, I did my own experiment. Starting with a clean slate, I cleared my browsing history, cache, and cookies. I then browsed the US internet's most popular websites[1] for one uninterrupted hour. At the end of the hour, I exported the 1,117 new cookies that were placed on my computer during that time, with the help of a Firefox plugin, and analyzed the results.

{{ graphTitle }}

News
Entertainment
E-commerce
Google Products
Unknown
{{ xAxisLabel }}
Cookie Classifications by Party

Cookies can be described as either first-party or third-party. The distinction is based on whether the cookie comes from the domain of the website you're visiting (the website displayed in the URL bar) or whether it comes from a different, third-party domain (i.e. ads.com).

A total of 472 first-party cookies and 660 third-party cookies were placed on my computer from visiting 25 websites in one hour.

That sounds like a lot for such a short amount of time. Let's take a look at first-party cookies.

First-Party Cookies Only

When categorizing by site type, it's clear that both News and Entertainment related websites placed the largest amount of first-party cookies on my computer.

Every site I visited placed at least two first-party cookies on my computer. Yahoo stored just two cookies on my computer while Wired.com placed 60 as I was reading a single article.

Second to Wired.com was the clothing company, Everlane. Do you ever get that feeling that the same ads are following you everywhere you go?

Well, cookies make that possible and Everlane. Followed. Me. Everywhere.

What kind of information do we know about each cookie? Unfortunately, the standard cookie file format does not include a purpose or description which means it's impossible to know with certainty how the cookies on my computer are being used.

However, there are a few sites dedicated to cataloging cookies and their purpose. I used Cookiepedia to do my research.

Click the button below to select a random cookie or hover over any point on the graph to explore.

Including Third-Party

In addition to the sheer volume of third-party cookies, it's immediately clear that most of these cookies have unknown origins. While some context clues can help determine what category of domain I was browsing, there is no easy way to definitively say what site I was on when these third-party cookies were placed on my computer.

Cookie Classifications by Type

In addition to classifying first-party vs. third-party, cookies can also be classified as persistent vs. session. Session cookies are only stored on your computer while you're browsing and are deleted as soon as you close your window. Persistent cookies, on the other hand, have an expiration date that supersedes the closing of your browser window. During my one hour of browsing, 92% of the cookies stored were the persistent type.

In general, session cookies are used for functional purposes like keeping you logged into a website or maintaining the state of your shopping cart across pages on a single domain. On the other hand, persistent cookies are often used for targeting and advertising purposes that follow you across sites.

Let's take a look at how long these 1,029 persistent cookies will be stored on my computer.

Persistent Cookies Expiration

The average duration for each persistent cookie was {{ numFormater(timeConvert(2100281437)) }} days with the longest being a 3rd party cookie that will be on my machine for 36,500 days (that's 100 years).


Max-value: {{ numFormater(domainX.max) }} days

Reflections

Cookies are not inherently malicious. Often they are necessary for functionality that impacts your experience on the web in positive ways. However, when unknown third parties with unrecognizable names store cookies on your computer for up to 100 years with the sole purpose of tracking your online activity and serving targeted advertisements, we should be concerned about privacy on the web.

New regulations like the General Data Protection Regulation (GDPR) in the European Union have set new standards for tracking consent on the web——the reason you've seen these cookie notifications every time you visit a new site. However, most companies in the US are doing the bare minimum to provide transparency on their cookie usage. The EU continues to lead the charge and will potentially provide more clarity on cookies consent in an ePrivacy directive revamp that may come as soon as Summer 2019, but that still only affects companies processing EU residents' data. The experience for internet users in the United States may largely stay the same for some time.

Vitaly Friedman, in an article published in Smashing Magazine, addressed issues surrounding cookies and tracking consent from a nuanced design perspective. In an ideal state, all websites that use your data would provide cookie management settings which allow users to see the purpose and expiration of every cookie. Additionally, the ability to toggle different cookies on and off would provide complete consent, but that obviously is not in the best interest of advertisers who want to place a lot of lengthy third-party tracking cookies on your computer.

What can you do?

If you're concerned like I was after my research, one of the easiest steps you can take is to turn off third-party cookies. Every major browser has this option. Safari already has third-party cookies disabled by default and Firefox will be disabling them by default in Firefox 65. But if you're like me and the other 63% of internet users[4], you most likely use Chrome, which does not block them by default. You can manually block third-party cookies by following these instructions.

Happy browsing...
Methodology, Sources, and Footnotes

This story was created by Andrew Levinson for an academic publication written by the students of Parsons School of Design // The New School.

Data was collected through the Firefox browser with the help of the cookies.txt plugin

The scroll events were made possible by the graph-scroll.js JavaScript library.

Footnotes & Sources:

  1. Wikipedia List of Most Popular Websites in the US
  2. Cookiepedia: The world's largest database of pre-categorized cookies
  3. Guidance on the rules on use of cookies and similar technologies by the Information Commissioner's Office
  4. Statcounter browser share statistics

Feel free to check out the code or email me.