Questions: Understanding Website Cookies and Tracking
5 questions to test your understanding
Score: 0 / 5
Question 1 Multiple Choice
After reading about tracking cookies, a user opens private browsing mode before visiting a shoe store. They believe they will not be tracked since private mode clears cookies. What is wrong with this reasoning?
ANothing — private browsing mode prevents all forms of tracking
BPrivate mode clears cookies after the session ends, but browser fingerprinting can still identify the browser during the session without using cookies at all
CThe user would only be tracked if they clicked on an advertisement
DPrivate mode works for first-party cookies but not third-party cookies
Private browsing prevents cookies from persisting after the session, but fingerprinting — which identifies your browser by its unique combination of screen resolution, installed fonts, time zone, hardware, and other passive signals — requires no cookies at all. These signals are collected the moment the page loads, invisibly, without any storage on your device. Private mode addresses cookie-based tracking but leaves fingerprint-based tracking fully intact.
Question 2 Multiple Choice
How does a third-party advertising network know which websites you've visited, even though you never created an account with that network?
AThe network intercepts your browser's DNS queries to reconstruct your browsing history
BWebsites you visit sell your browsing data to the network in real time
CCode from the ad network is embedded in many different websites; when those pages load, your browser automatically sends the network's cookie back — allowing the network to track your activity across all those sites
DThe network can only see your activity if you have clicked at least one of its ads previously
Ad networks like Google or Meta place their tracking code on thousands of websites. When your browser loads a page containing that code, it contacts the ad network's servers and sends any existing cookies for that domain — just as it would for a first-party request. Because the same network's code appears across many sites, it accumulates a cross-site profile from these automatic browser requests, all without you ever visiting the ad network's own website or creating an account.
Question 3 True / False
A first-party cookie and a third-party cookie can both be stored in your browser during a single page visit, even though they are set by different organizations.
TTrue
FFalse
Answer: True
When you visit a website, the page may load resources from multiple sources: the site's own server (which may set first-party cookies) and embedded third-party scripts or images from ad networks, analytics providers, or social media buttons (each of which may set their own third-party cookies). Your browser stores all of them, tagged by the domain that set each one. The first-party cookie remembers your login; the third-party cookie logs the visit for the ad network. Both are written in the same browser session.
Question 4 True / False
Blocking most cookies in your browser settings fully prevents advertising networks from tracking your browsing behavior.
TTrue
FFalse
Answer: False
Cookies are only one layer of a multi-layer tracking system. Browser fingerprinting identifies your device by passively reading its configuration — screen resolution, installed fonts, browser plugins, GPU, time zone, language settings — and combining these into a near-unique identifier. This requires no storage on your device and cannot be blocked by cookie settings. Even with all cookies disabled, a fingerprinting script can recognize your browser on return visits. Full protection requires fingerprint-resistant browsers or extensions, not just cookie blocking.
Question 5 Short Answer
Why does seeing the same advertisement follow you across multiple unrelated websites not require those websites to share data with each other directly?
Think about your answer, then reveal below.
Model answer: Each of the unrelated websites has independently embedded code from the same third-party ad network. When your browser visits any of them, it automatically sends the ad network's cookie back to the network's servers — not to the other websites. The ad network is the common hub: it sees the visits from all participating sites because your browser communicates with it on each page load. The websites themselves never exchange data; they simply all load the same tracker, which does the aggregation centrally.
This is the key architectural insight: you don't need websites to collude with each other if they all independently include the same third-party code. The ad network becomes a passive aggregator — it collects cross-site data not by receiving reports from websites but by being a direct participant in every page load. Understanding this structure explains why blocking third-party cookies (or the tracker's domain via DNS blocking) is more effective than hoping websites will stop sharing data with each other.