NYC Digital Safety

Online Tracking

Cookies may sound cute and harmless, but they are tracking and surveillance tools that websites — including the library’s website — use to streamline and customize your experience, and to assemble a user profile on you. A website retrieves a stored cookie from your browser each time you visit, tracking you and your behavior from visit to visit.

Cookies may store a variety of personal data. Over repeat visits, websites can use cookies that identify you to amass detailed information about you, your habits, and your interests. Cookies do have an expiration date, and you can also remove or block them.

There are two kinds of cookies that behave differently than the typical cookie we just discussed. The first kind, third party cookies, allows sites you do not visit to track you, adding the cookie via embedded content,such as a social media like button, on your destination site.

Sinister zombie cookies resist deletion by saving themselves outside of the browser context, allowing companies to accumulate data about you for many months or many years.

If your library users are wondering what a cookie looks like, you can use your browser’s settings to take a look. In Google Chrome, under the Content tab in Advanced settings, you’ll find your Cookies tab where you can view individual cookies from nearly every site you’ve visited. The cookie content itself is not much to look at — a string of numbers and letters encoding your data for the site — but if you don’t clear cookies often you likely have hundreds or thousands tracking you, persisting on your browser for years.

Cross Site Tracking and Third Party Tracking allow more companies access to your data and browsing habits. Third party trackers are often marketing companies, and it may be difficult or impossible for you to know who on a given website is monitoring your behavior. Tracking companies may share user data with each other, further aggregating your personal data and the depth and detail in your profile.

Protecting Your Information

You and your library users can install a browser add-on — on your own computers — to prevent your browser from sharing data. Apps such as NoScript, ScriptSafe, and UMatrix all block scripts, or chunks of code that display this information. Encourage your users to research each add-on option to decide which one is best for them. You might suggest they read reviews, check features and frequency of updates. Add-ons like NoScript can break certain websites that rely on JavaScript, but you can choose to “trust” websites and allow scripts to run.

Web browsers allow you to clear your browsing history on your local device, so anyone who uses the device after you cannot see what websites you’ve visited. This is especially important on a public or shared computer. Look for this “clear browsing history” option in your browser’s preferences or settings tab. Erasing your browser history on your own device doesn’t change what data websites or ISPs have already collected and stored about you. It’s important to note that public library computers erase all user information between sessions. While this helps protect patron privacy, it does mean that users will lose many files they save to library computers. Still, it’s a good habit to delete files on public computers before they log out.

Prevent Tracking

In your browser’s settings tab–the settings for Firefox are shown here–you change your cookie settings. Here, you have the option to block cookies completely, clear all cookies, and decide how long to keep cookies. If you clear all cookies, you’ll have to log back into your online accounts, since those sites no longer recognize you without your cookie. If you block cookies completely, some website features like account logins may not work. You can use the exceptions tab, however, to allow cookies from specific websites you trust, like the library’s website.

You and your customers can change your browser settings to minimize third party and cross-site tracking. Firefox, shown here, has a options to block all known cross-site trackers, and “do not track” option which tells sites you don’t want to be followed, though sites aren’t obligated to comply.

Our customers’ search history is a rich source of data for trackers. Search algorithms may personalize results, which means they are also withholding some content. A search engine called The DuckDuckGo does not filter results, or compile data on user queries. It can be a good alternative for searches the user wishes to keep private.

Private or incognito browsing is the best option if patrons do not want their browsing history and cookies to be saved locally, on their device, by their browser. This is especially useful when patrons are using a public computer. Their activity is not hidden, however, from websites they visit. Nor is it hidden from administrators for the library’s local area network and the internet provider.