Your membership has expired

The payment for your account couldn't be processed or you've canceled your account with us.

Re-activate

    How to Control Web Cookies and Boost Online Privacy

    Don't like being tracked on the web? The right browser settings can help.

    Computer watching you iStock-612722480

    Odds are that your computer’s browser is full of cookies, tiny files left behind as you go from website to website. Mine is. My personal machine has close to 5,000 cookies.

    Some of the web cookies on your machine are used by big advertising companies looking to gather and store information about you—what you shop for, which sites you visit, and so on. That can feel like a violation of your privacy and make you think you should dive in and delete them all.

    But other cookies contain important information that makes your web experiences smoother. Which is why you really shouldn’t dive in and delete them all.

    More on Online Privacy

    Privacy experts have been talking about cookies for years, but the subject remains confusing. It doesn't have to be. Managing cookies is a privacy maintenance task that everyone should understand, the digital equivalent of regularly changing your smoke detector batteries.

    And Dec. 4, National Cookie Day—which celebrates the baked kind, not the digital ones—is a great time to take care of business. It's as easy as baking some Toll House chocolate chip treats, pouring yourself a glass of milk, and opening your browser preferences.

    Note that managing cookies is just one component of protecting your privacy.

    "Companies may use non-cookie technologies to track you across websites, and clearing cookies won't address that," says Justin Brookman, privacy director for Consumers Union, the policy and mobilization division of Consumer Reports. "But cookies are still the most common way companies track you on the web."

    Use the right settings and you can enhance your privacy while making sure websites still work the way they should.

    What Are Cookies, Exactly?

    A cookie is “a little bit of data stored on your computer by a website that’s related to your activity on the site,” explains Selena Deckelmann, a director of engineering for the Firefox browser at Mozilla.

    Cookies are simple files, not programs, and they don’t contain malware or anything that can damage your computer. They're also tiny—many are just 3 to 10 kilobytes—so they're not occupying a significant amount of space on your hard drive.

    They're small but powerful. Deckelmann was shopping for a sink recently. She went to a hardware retailer's website, browsed various models, and then left to visit more sites. And she immediately started seeing ads for faucets, vanities, and other sink-related items.

    Sound familiar?

    Cookies help explain how that happened. "A company can drop cookies across the web and get a decent sample of your browsing activity," says Casey Oppenheim, co-founder of the web security firm Disconnect.

    How Do They Work?

    When Deckelmann visited the retailer's website, it deposited a number of cookies on her computer, in a location determined by her browser. Some of those cookies—called first-party cookies—came from the domain that she saw in the URL at the top of the browser window, such as Amazon.com or Lowes.com. (We'll discuss “third-party” cookies below.)

    The first-party cookies left by the retailer carried information such as an indication that she had logged in successfully. They may have recorded her location (to help the website display the right language and currency) and what she placed in her shopping cart.

    But how does the website use that information?

    Each time you go to a webpage, your browser sends out a request for the files needed to display the page. And along with that request goes a copy of every cookie that originated with that domain. The browser sends Amazon.com the cookies left by Amazon.com, while BestBuy.com gets the cookies left by BestBuy.com, and so on.

    Lots of those cookies expire when you close the browser, but not all of them.

    When Deckelmann came back to the site the next day or the next week, the browser sent back copies of the remaining cookies. That’s how the site seemed to know who she was, and what she’d done during her last visit.

    Without first-party cookies, websites would seem a lot stupider.

    So What's the Problem?

    We’ve only been talking about first-party cookies. But during Deckelmann's visit to the retail website, other companies may have deposited their own, third-party cookies.

    How did that happen? Well, a webpage is made up of many files and little bits of code. Many of those bits and pieces come from the retailer itself. But other elements, such as ads and social media buttons, come from other companies.

    A huge percentage of all the ads you see online are handled by DoubleClick, which is owned by Google, so let's use that company as an example. When you see an ad embedded in a webpage, there's a good chance it's coming from the domain DoubleClick.net. And the advertisement may carry cookies along for the ride.

    Next time you go to any site with elements originating on DoubleClick.net, your browser sends DoubleClick a copy of all its cookies. If you visit many websites that contain chunks of DoubleClick content, your browser supplies the company with a steady stream of cookies.

    And remember, DoubleClick.net is just one example of the many domains that supply elements to webpages and leave cookies on users' machines.

    That's why the entire internet seemed to know instantly that Deckelmann had been shopping for sinks.

    As Oppenheim says, "From a consumer perspective, there's a big difference between first-party cookies and third-party cookies."

    Can I Stop Receiving Cookies?

    One way to do that is by browsing in “Private" mode (for Safari or Firefox) or “Incognito” (for Chrome). Browsing this way doesn't keep your internet service provider or a web server from knowing what you're doing online, but it does keep cookies from working. And that can be illuminating.

    “It’s showing you what it’s like to live in a world without cookies,” Deckelmann says.

    For instance, if you normally stay logged into Facebook, you'll have to log in again if you visit using a Private window.

    “If I clear my cookies, it screws up my workflow,” says Oppenheim. “Having to sign in every time is a hassle.”

    Full disclosure: ConsumerReports.org uses cookies, though the site doesn't accept advertising. You can learn more in the Consumer Reports privacy policy.

    How About Third-Party Cookies?

    You may not mind third-party cookies. After all, you might like seeing ads for items you’ve been shopping for.

    But, if you want to, you can block just third-party cookies and let through first-party cookies. That will reduce the number of companies collecting and storing information about you.

    Deckelmann has a three-pronged plan for accomplishing this, just by using your browser settings. (Ad-blocking web extensions also accomplish this, along with other tasks; that's a discussion for another day.)

    The first step is to make sure you have a record of all the passwords for sites that require a login. (A password manager can help with that.) Once you’ve done that, Deckelmann suggests going ahead and clearing all your cookies, as outlined below. Trying to delete cookies one at a time would take forever, and even experts can’t tell with any certainty what each individual cookie does.

    “It’s like your purse,” Deckelmann says. “Periodically you need to dump that thing out and start fresh.”

    The trade-off: Your web surfing experience will be a little choppy for the next few days as you re-enter passwords and update other settings.

    Here's how to clear cookies in three popular browsers.

    Chrome: Under the Chrome tab at the top left of your screen, click “Clear browsing data.” Check the box: “Cookies and other site data.” Then click the bar at the bottom right of the window that says “Clear browsing data.”

    Firefox: Under the Firefox tab at the upper left of your screen, go to Preferences > Privacy & Security > Show Cookies > Remove All.

    Safari: Under the Safari tab at the upper right of your screen, go to Preferences > Privacy > Manage Website Data > Remove All.

    How Targeted Ads Work

    Do you often see online ads that relate to your likes and hobbies? On the "Consumer 101" TV show, Consumer Reports expert Thomas Germain explains to host Jack Rico what targeted ads are and how they work.


    Allen St. John

    Allen St. John is a senior tech editor at Consumer Reports. He has been with CR since 2016, focusing on digital privacy and covering smartwatches, wireless speakers, and headphones. Previously, Allen was a senior editor at Condé Nast and a contributing editor at publications ranging from Road & Track to the Village Voice, and his work has appeared in the New York Times Magazine, the Wall Street Journal, Rolling Stone, and other national outlets. He is a New York Times bestselling author, and lives in Montclair, N.J., with his wife and his dog, Rugby.