How Do Cookies Track You Online?
Cookies are small text files stored in your browser by websites you visit. While first created to maintain session state (keeping you logged in), cookies have evolved into a primary mechanism for tracking your behaviour across the web - Both on a single site and across thousands of unrelated sites via third-party cookies. Unlike browser fingerprinting, cookies can be deleted, but deleting them does not stop all tracking.
Types of Cookies
| Type | Lifetime | Set by | Privacy Risk | Examples |
|---|---|---|---|---|
| Session cookies | Deleted when browser closes | First-party (the site you visit) | Low | Shopping cart, login session |
| Persistent cookies | Days to years (set expiry) | First-party | Medium - Remembers preferences and tracks return visits | Language preference, "remember me" login |
| Third-party cookies | Persistent (days to years) | Ad networks, analytics platforms embedded in the page | High - Tracks you across all sites that embed the same tracker | Google Analytics, Facebook Pixel, DoubleClick ads |
| Supercookies / Evercookies | Persist even after deletion | Third-party scripts | Very high - Recreated from ETags, localStorage, IndexedDB | Used by ISPs; hard to remove without wiping browser storage |
How Third-Party Tracking Works
When you visit site A, the page may load a tracker pixel or script from an ad network's domain. That domain sets a cookie in your browser with a unique ID. When you visit site B - Which also embeds the same ad network - The tracker recognises your cookie ID and builds a profile of your cross-site behaviour. After visiting thousands of sites, the ad network has a detailed picture of your interests, demographics, and purchasing intent, all without you ever directly visiting the tracker's site.
How to Block Cookie Tracking
- Use a privacy-focused browser (Firefox, Brave) or enable "Enhanced Tracking Protection" in Firefox settings - This blocks third-party trackers by default.
- Brave blocks all third-party cookies, fingerprinting attempts, and ads by default with no configuration required.
- Install a content blocker extension (uBlock Origin, Privacy Badger) for browsers that do not block trackers natively.
- Enable "Prevent cross-site tracking" in Safari (enabled by default on modern versions).
- Regularly clear cookies and site data, or use containers (Firefox Multi-Account Containers) to isolate sites from each other.
- Note: deleting cookies does not prevent browser fingerprinting - Use the fingerprint tool to see what your browser exposes even without cookies.