Why it's a good idea to clear browser history and cookies

In early March 2017, Yahoo CEO Marissa Mayer announced she would forego her annual bonus and annual equity grant for the year and redistribute the money to the technology corporation's employees.

Mayer embraced the pay cut in part to accept responsibility for a series of security breaches that occurred during her tenure. An incident back in 2013 involved the theft of data associated with more than one billion of Yahoo's users.

Another incident, which is thought to have occurred in 2015 and 2016, saw hackers break into its systems and steal proprietary code relating to Yahoo's use of cookies. This code allowed the attackers to forge cookies for 32 million users, thereby allowing them to access victims' accounts without a password.

Cookies are a tool that, along with browsing history, help web browsers like Mozilla Firefox speed up users' browsing sessions. But as the Yahoo incident illustrates, cookies also pose a threat. Attackers could steal them to gain access to our accounts and, by extension, make off with our personal information.

You've probably heard someone at one point tell you to delete your cookies/browsing history and/or clear your cache when you were experiencing technical issues online. In this article, I will discuss why users might consider deleting and clearing these elements at least periodically (if not regularly).

How web browsers handle your history

Before we get into the notion of deleting cookies and other elements of a user's browsing history, it's important that we first understand how users generate histories while browsing the web.

Taking a broad view, "history" in this situation refers to information that a user generates while using a web browser. This data ranges from files downloaded to sites visited to other important tidbits. Every piece of history falls into one of seven categories. These are as follows:

Active Logins

Active logins are when a user signs into a website and then migrates away from that site while their web browser keeps them logged in. Sometimes, users must designate a website for "persistent logins" or "authenticated sessions" with their web browser. Other times, active logins occur automatically with websites for which they've requested their web browser remember their login credentials.

Browsing and Download History

For most web browsers, browsing history is the aggregate of web destinations stored in a user's History menu as well as the sites that auto-complete in the browser's location bar. Download history refers to the all the files an individual has downloaded off the Internet while using their web browser.

Cache

Keep calm and clear your cache

Temporary files like web pages and online media are stored in the cache. Doing so speeds up the web browsing experience. It's easier for the web browser to load a saved file than to load a new copy of the website or page.

Cookies

Websites commonly use cookies to track users' site preferences, login status, and information regarding active plugins. Third-parties can leverage cookies to gather information about users across multiple websites. Forging a cookie, as was the case in the Yahoo security event, can sometimes enable bad actors to gain access to a users' account without knowing their password.

Form and Search Bar Data

This portion of a user's history refers to all the information they've typed into forms displayed on web pages and into their browser's search bar.

Offline Website Data

Sometimes, users choose to store information from a web browser on their computer. This allows them to access the information even when they're not connected to the web.

Site Preferences

Whenever a user visits a website, Site Preferences saves the configurations specified by the user for that particular destination. These types of preferences include pop-up blocker usage, character encoding, and zoom level.

Reasons for deleting your web browsing history

Now that we can identify the different elements that make up our web browsing history, let's get into why you would want to occasionally wipe these elements:

You logged into one of your accounts on a public computer.

There's times when we find the need to browse the web or log into our email using a public computer. When we do, the last thing we want is for that computer to remember our login credentials or keep a copy of the websites we visited. It's best to remain anonymous and delete your history in this case. (As an added incentive, you'd probably be doing others who used the public computer and who didn't think of clearing their information a favor.)

You don't want websites tracking you.

Tracking

Everyone likes to browse the web, but you don't want all these websites remembering who you are. You especially don't want third-parties following you around the web across multiple sites.

By deleting your history, you make it much more difficult for websites and other entities to identity you.

You're encountering bugs when trying to load a website.

Files stored in a cache represent a snapshot of a web page or website at a given period of time. These saved files prove problematic if the site owner introduces a new feature or update that affects how the site functions. Buggy behavior could ensue, which is why users should clear the cache periodically to make sure they're accessing the most up-to-date versions of the websites they love.

Your browser is slow.

Web browsers save cookies as files to your hard drive. They're small in size (only a few KB), but over time, you can accumulate a lot of them. This volume means your web browser must use more and more computing power to properly load saved web pages, which means your browser sessions will likely get slower and slower. Cookies and the cache do help speed up your web browsing, but it's a good idea nonetheless to clear these files now and then to free up hard disk space and computing power while browsing the web.

You changed your login credentials.

There are times where we choose (or need) to change our passwords. This presents a problem if we don't clear our cookies. Failure to do so could prevent a website from successfully authenticating us for a service. Deleting cookies and creating a new one with the updated login credentials will solve this problem.

Looking ahead…

In upcoming articles, I'll provide a step-by-step guide for how you can delete your browsing history on the most widely used web browsers. Stay tuned!

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

  • #browser
  • #cookies
  • #Privacy

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.