Cookies and more

So a web page is built out of many different files – the HTML, the stylesheets, the Javascripts, the images and possibly many more.

Often, all these files live on the same server. As each one is requested, your browser sends some identifying information to the server, but that’s fine – you navigated to somesite.com, so you’re happy to help somesite.com display that content to you in the most optimal way possible.

But, when those ancillary files aren’t all stored on somesite.com is when things get interesting. For example, to prevent servers from getting overloaded, you might put all your images onto a separate server – maybe images.somesite.com. But it’s also common for third-party Javascript files to be loaded from other servers, whether it’s Amazon Web Services for cheap file hosting, a media player for playing some background music or a tracker from someshadycompany.com. Suddenly, all that identifying information is being sent to places you didn’t even know about. And each of these servers can also leave a cookie on your machine, so it can identify you.

To make it even trickier, nearly all websites use “analytics” code. This is special Javascript designed to measure your site’s performance, to see how many visitors you have, to see how long they stay on your site, how quickly the server is reacting. Most people use Google Analytics – which means nearly every website you visit sends your information to Google.

Everyone wants their website to be shared widely – that post you spent ages writing might just go viral. So the site owner sticks sharing buttons on the site. “Facebook Likes”, “Share on Twitter” – all of these are third party Javascript, sending your information and recording cookies, with the providers of those buttons.

Finally, there’s a ton of other stuff that gets loaded with a web-page. For example, some sites include tiny images that are loaded from third party sites (the so-called Facebook Pixel is one example), which, again, are used for Analytics. That video player that’s showing that funny cat video is actually loading from another site and dropping its cookies.

In fact, a quick experiment, run after GDPR Day, showed that the same page, when shown in the US was one hundred times larger than the same page, stripped of trackers, shown in the EU. So not only are these things tracking you, they’re also using up your data allowance and slowing everything down.

Disclaimer: All the information here is greatly simplified. Don’t write in and complain that I’ve got it wrong. Pretty please?