Saturday, January 10, 2009

Can People See When I've Visited their Website???


You visit a competitors website, or your kid's/spouse's/friend's MySpace page and suddenly you get this sinking feeling. You think...hmmm....are they gonna know I was here? Are they gonna see how many times I checked it out? What pages I visited? How long I was on? Does that "cookie" thing know my name? And why is it called a cookie anyway?

We all here the terms "cookies" and "I.P." addresses. We all know that there's several security settings on our web browsers but few of us know how to use them or what they really do. So, without using any internet "cloaking" software or changing the settings on your browser, what does the average website or webmaster know about you when you visit their website?

First off, let me say that tracking consumers web surfing and buying habits is a multi-billion dollar business and it's NOT really what we're talking about here. When it comes to marketing companies tracking your online activity just know this. If you are "logged in" to any online service or website, yes your activities are being tracked to an extent by that company. Even if they don't use the information themselves, it is valuable information that most will sell to other companies for marketing purposes or use to display adds relative to the websites you visit. Read the terms of service agreement to any service such as AOL, Yahoo, Google, MSN and you'll see their potential uses of your information.

Back to what we're really talking about. Let's say you're at your home computer. It doesn't really matter in this case if your signed in to a service or your connection is "always on" via a broadband router. You visit a few friends (or enemies) through their Facebook / MySpace pages. Can they tell you we're there? The answer in this case is no. Even if you're signed into the service, neither Facebook nor MySpace makes that information available to the public or other users. Of course the MySpace and Facebook web servers (the big computers that host the sites)do record that information, and if your signed in, they do know your name (via your profile) and they have a record of where you've clicked. However, this information would only be released to law enforcement under order of a subpoena.

You'll seee add on applications for both MySpace and Facebook that claim they will show you who's been looking at your profiles but all they actually tell you is the I.P. address and region which I'll discussed in more detail below.

Let's go a slightly different route. Say you're a business owner or an investigator and your checking out a website of another business that your gathering data on. You visit their site several times and go to just about every page to gather info. The webmaster (which may be the owner of the company if it's a small business) will probably have analytics software that tracks visits. This software will tell them quite a bit of information on you, including...

  1. What service provider you use such as Verizon, Comcast, Sprint, Ameritech, ATT.
  2. What search term you entered on Google, Yahoo, MSN, etc that led you to their site, or if you simply typed the domain name into your browser bar.

  3. What site you came from which could be a banner ad, search engine, a link within another site, etc.
  4. What pages you visited on their website and how long you were on each one.

  5. What page you exited from.

  6. Statistics on how many times you visited over a period of days, weeks, months.
  7. The "IP" or Internet Protocol address of your computer, router, server or network
That all may sound a little intrusive and downright nosey but there is a bright side for those who appreciate privacy. Even with all this information, they probably don't know exactly who you are.

People often think that if someone has your I.P. address they can trace it and find out who you are but it's just not that simple anymore. I.P. stands for "Internet Protocol" and basically there's one assigned to any device that is part of a network, or in this case, the Internet. It's essentially the address for the device so information can be routed correctly to and from it.

The original purpose of the assigning I.P. addresses was to have one unique to every computer online which would make for easy identification. And in the early days of the world wide web it was commonplace for the "viewable" I.P. address to be that of an individual computer. The explosive growth of the internet and private networks along with the need for privacy and protection from hackers ultimately changed its role. These days, your computer is most likely part of a network that uses internal I.P. address. The network sits behind a router which has its own static or dynamic I.P. address which means it can change routinely in order to route information on the clearest paths.

Long story short, larger businesses/universities and government agencies can often be identified. But the IP will only reveal the businesses central acccess point or network, not an individual computer. (Once again, by law enforcement subpoeana this information can be obtained from the "ISP" internet service provider)

Smaller businesses or home computers will generally display an I.P. address of the internet service provider and the region of your connection. By using an I.P. trace (Several can be found on Virtualgumshoe.com under "Website Research"), someone can indentify general geographical information but even this info can be skewed. Roughly 90 percent of the time the location shown will be within 40 miles of the actual computer and the name will simply be the Internet service provider such as Comcast or ATT. Not very useful for finding a person or address.