Online tracking

Browser cookies can reveal your online habits, so how do you protect yourself?
Learn more

01 .Cookies

Browser cookies

Cookies have a useful purpose in remembering your settings and preferences in websites, but can also be used to record how and where you go on the internet.

This report looks at:

Tracking your online activity

When you use the internet, you leave something behind: small pieces of information about the sites you’ve visited, search terms, your computer’s internet address and whereabouts.

This trail, made up of tiny breadcrumbs of information about you, is aggregated into data banks that can be mined for information about your internet habits which is sold to marketers and advertisers.

There’s been an explosion in personal information created and stored online in recent years. Just think of the daily, even hourly, transactions that internet users can do via the net – banking, messaging, shopping, viewing, listening to music, researching, publishing and so on.

These repositories of personal information are gleaned from our online activities through our internet browser and cookies. A cookie is a small piece of data that is stored on a user’s computer, which allows it to be identified so that only data intended for an authorised user is sent to that user.

What is a cookie?

Technically, a cookie is a piece of code passed between your browser and a website’s server when your browser connects to a website using the http process. The cookie is stored on your computer the first time you visit the site and then passed from your computer to the website’s server, which then determines the identity of your computer.

Applications run through the internet use cookies to function and recognise if a user is new to the site or is registered and has recorded preferences for certain content or settings. It could be said that they are “privacy neutral” and they have become the standard way for browser-based applications to authenticate connections.

Most websites use cookies for a variety of purposes. In their most benign function, the analysis helps improve website design and understand how visitors use a website. There are more intrusive uses, however, because cookies allow internet advertising companies to build a picture of you and target advertising to you that can be closely aligned with your country, gender, interests and other attributes that can be gleaned from your online habits.

A website, such as a banking site, has a legitimate need to have cookies on its site to assist with verifying a user for log-on and financial transactions. But the website may also have cookies that belong to third-party organisations, such as marketers and advertisers, that will also be installed on the user’s computer. These cookies can collect data on the websites that a user is visiting and then direct relevant advertising to that user. If the user visits shopping sites, it may serve up ads for other online shopping or auction sites, for example. If the user visits technology news sites and product review sites, the user may be then shown sites from technology retailers.

Types of cookie

Not all cookies are created equal. In itself, a cookie is just an application, it’s just that how they’re set to work can determine if they have a positive purpose or can be used as a way to undermine the safety of the user.

  • Short-term cookies or session cookies last for as long as someone is using a site while logged in. These are the type used for banking transactions and can store details for making payments, storing shopping baskets and viewing balances. When a user logs out of the site, the session is finished and the information is no longer held by the website.
  • Long-term or persistent cookies last longer than a single browsing session. They have many uses and can make returning to websites a better experience because they retain a user’s settings. A persistent cookie, for example, can retain a language preference for a website or recognise that someone has already registered for a site and automatically prompt them to log in when they get to the website.
  • Tracking cookies are persistent cookies that have a long timeline for expiry that can be used to keep track of where else a user goes on the internet. Privacy advocates have raised concerns about the information that can be gathered about internet-browsing habits because they belong to third-party companies, such as advertisers, and collect data on what websites you visit beyond the original website.

Sign up to our free

Receive FREE email updates of our latest tests, consumer news and CHOICE marketing promotions.


In Australia, the Privacy Act outlines 10 national privacy principles. These principles don’t specifically address electronic privacy and internet-related personal information, but are intended to cover the collection of personal information via websites.

  • Personal information should only be collected if it is necessary for one or more of its functions or activities and it should not be done in a way that is intrusive or unfair.
  • If an individual has not consented, organisations must not use or disclose personal information for any reason other than the primary purpose of collection.
  • Adequate protections are in place to secure any personal information collected.
  • Organisations must have a clearly expressed privacy policy which addresses the collection, use and disclosure of personal information - this includes information gathered by their websites using cookies.

The European Union drafted a specific directive to member countries to protect the privacy and personal data of internet users in relation to cookies and other tracking and monitoring applications. The directive is intended to be drafted into the countries' local laws and countries are on a timeline for compliance.

The directive prohibits storing and using information of internet users without consent. It doesn’t outlaw the use of cookies because it acknowledges they serve a useful purpose in websites, but it does say that users must have clear and precise information about the way cookies and other technologies are used on sites. It ensures that users are asked for their consent and given the right to refuse the use of cookies.

If you visit a site published in the EU, it may have a small banner at the top of the homepage that explains the cookie policy with links to more details on how cookies are used on the site. Some sites provide detailed information on the cookies that are used on the site. Australia has a long way to go to meet these sorts of protection measures. In the US, they are considering a Do Not Track law that givers users the right to opt out of online tracking.

Your say - Choice voice

Make a Comment

Members – Sign in on the top right to contribute to comments