I’m still trying to understand this newfangled internet thing.
When I go from one website to another, does the new website know from which website I came? For example, if I go from this page to CNN, does CNN know that I came to it from the SDMB? If so, can CNN even see further back, like if I was on ESPN prior to the SDMB?
Do the answers change in “private” mode? Does accepting or rejecting the cookies have anything to do with it? How about logging in with a username and password?
Finally, is there a nice summary somewhere that outlines the process from soup to nuts, including what information websites are able to capture?
As with most questions like this, it depends. Sites can create links that include the origination point, so CNN would know that the link a user followed came from SDMB, for example. But that would require SDMB to create the appropriate link. This is how shopping references usually work, so the store knows where the user came from to know if their advertising works and to give kickbacks as needed.
But if you just typed in the CNN URL into your browser window, there wouldn’t be a traceback in the URL. However, depending on your privacy settings CNN may be able to read your cookies and see where you’ve been recently.
There’s no cookbook that outlines all information that can be passed or read, there are too many variations and methods.
The HTTP Referer header can track the page from whence you came, regardless of a querystring that includes an origination point. A specialized tracking link does often contain info such as affiliate ID or campaign name.
To answer a question in the OP, no the site can’t trace any further back from that via http headers. It just knows the site on which you clicked a link.
And yes as Telemark says there is no referrer if you type cnn.com into your browser, or open the site from a bookmark.
If there are ads served by the same adtech company involved in both sites and you don’t block them, there is a decent chance that someone can identify you as the same visitor and build a database of the sites you have visited. That somebody probably includes Google and/or Facebook for many sites, but may not include the actual site you’re vising.
Unless you are being ultra careful, technically a web site can exactly identify you via companies that provide that service. There’s a remarkable amount of data that can get snuck thru via various methods. (There’s an awful one involving 1x1 gifs that’s not cookie-based.) While a single piece of info, like what size browser window you’re using, may not seem helpful, all of them put together will uniquely identify your device. Since at some site somewhere your real name, email address, etc. was put in they can then match you on other sites.
Remember, just because you’re paranoid doesn’t mean they’re not tracking you.
yes, for me it assumed I had 1440x2560 when in fact I am using a 4K TV. Plus, it assumed 32bit Windows not 64. But more scary, the autofill test gets my address and phone number, which prompted me to go into Chrome and delete my address - not sure where my phone number came from…
Yes, this is usually known. When you click a link on a website, your browser usually sends something called the referrer (sometimes spelled “referer”) which by default includes the domain of the that site (e.g. boards.straightdope.com). This is also sent for images and other files that the page loads to be able to function.
It is possible for the originating website to tell the browser not to send the referrer, or for user to configure their browser to not send referrers (though this can break some webpages, albeit not many). And, if you open the link from the URL bar, no referrer is sent.
What @Telemark is most likely talking about is link tracking, which is basically the opposite of the referrer. It’s part of how the originating website can keep track of whether or not you clicked on a link. This usually (but not always) involves modifying the link so that you actually load a web page on the website that then redirects you to the new site.
Private mode forces the system to only send the domain and not the full URL (unless you disable the referrer altogether). Outside of private mode, this can be overridden by the website. Cookies have nothing to do with this. By design, websites cannot see each other’s cookies, which would include login information.
It thinks I’m using Chrome when I’m not. It thinks I’m in London when I’m quite a way away. (I know that websites can get my location closer than that based on all the “local girls from XXXXXX want to fuck” popups I get.)
To a knowledgeable computing person, this is technically true modulo various very sneaky ways to get around limits. (Cross-site scripting, for example.)
But a less technically inclined user might misinterpret this statement to be a lot broader than it is.
They might not realize that it doesn’t cover 3rd-party cookies for example. So you visit a single site and suddenly your cookie cache is churned through by a bunch of sites. Some places will read/write as many as 100 cookies in your cache from different “affiliates”. (And really awful sites will go higher.)
Casual users might be interested in scanning this Wikipedia page on such cookies and see all the weird things that can be done with cookies (or even without cookies, avoiding browser cookie restrictions).
