You have probably come across many sites prompting you to accept their cookies, right? Cookies are a common web browsing concept, but many people only have a vague idea of what they are and how they work. This is not surprising, but learning more about cookies and how they work can help improve your web browsing experience.
So what are cookies, anyway? Here is an overview to get you started.
- 1 Defining Web Cookies
- 2 How Do Cookies Work?
- 3 Cybersecurity Risks Posed by Cookies
- 4 Removing Cookies
Defining Web Cookies
Cookies are text files with embedded pieces of data relevant and unique to you as an individual web browser. They are downloaded and stored locally on your computer on either the browser or the hard disk, as will be explained later.
These text files and the data they contain are used to identify you (and your computer) when you visit a website multiple times. They are designed to help improve and personalize website users’ browsing experiences.
A Brief History
Cookies have been in use for decades. The current version of cookies is preceded by a more primitive old computing version dubbed “Magic cookies.” Magic cookies worked similarly to modern ones, but they were not as thorough or efficient.
Lou Montulli, a web browser programmer, is credited with creating the modern cookies. He did it when helping improve an online shopping store’s web design in 1994. He came up with the idea as a solution for that single website, but the concept was adopted widely and is accepted as a standard operating procedure for 99% of websites today.
Types of Cookies
There are two types of cookies: Magic cookies and HTTP cookies. Magic cookies are an older version used with older browsers, and they are rarely used today. HTTP cookies are the industry’s preferred standard.
HTTP cookies come in two main types:
Session cookies last only as long as your web browsing session, which essentially is the time you spend on a website. They collect data as you go and actively personalize your browsing experience. They are primarily used for logging your history for when you want to go back to previous pages. They also help third-party anonymizer plugins function as intended.
Session cookies are stored on the computer’s random access memory (RAM). They expire and are deleted as soon as the browsing session ends.
As their title suggests, persistent cookies last longer than session cookies. They are stored in the computer’s hard disk and can remain their indefinitely. However, it is worth noting that most persistent cookies have an expiration date and an automatic deleting sequence that activates upon expiration.
How Do Cookies Work?
As mentioned, cookies are designed to improve and personalize your browsing experience. They do this by tracking and analyzing your activity on the website. They do this using one of the following three approaches:
This is the primary purpose of cookies. Websites use them to track users’ activity on their platforms, including the pages they visit, how much time they spend on each page, the items they view and purchase, and more.
Session management entails customizing the user’s browsing experience in real-time. For example, recalling individuals’ login information is a good example of session management.
Website cookies’ ultimate goal is personalization. They do this by learning users’ preferences and making recommendations based on this data.
Take the example of two people – a man and a woman – shopping for clothes on an e-commerce store. The man will likely purchase men’s clothing, while the woman will purchase women’s clothing.
The website’s cookies will track each user’s activity on the website, including their preferred products, and store the information. The stored information will then be deployed the next time these users visit the e-commerce store. The male user will find recommendations for men’s clothing, based on data stored in the cookies, and the woman will find recommendations for women’s clothing. The cookies will learn each user’s preferences and customize suggestions more efficiently over time.
Cybersecurity Risks Posed by Cookies
Cookies do not contain viruses or malware, so they do not pose a direct risk of infecting your computer. However, they can still be exploited for the data they contain, and hackers can use this data to launch indirect cyber-attacks.
The degree of cybersecurity risks posed by cookies depends primarily on their source. There are two common cookie sources:
First-Party Cookie Sources
These cookie sources are the websites you are browsing. They are developed by the website for productive (non-nefarious) purposes. However, their security depends on the source website’s security – unsecured and compromised websites will send out compromised cookies.
Third-Party Cookie Sources
These cookie sources essentially are third-party platforms (hitchhikers) lurking on the main website or any of its pages. They are usually embedded in ads and links leading to other websites. They are primarily used by marketers to track users’ browsing and shopping habits – the marketers then use this data to customize and personalize targeted ads. They are usually less secure than first-party cookies, and so they pose a higher security risk.
There also exists a variant of third party cookies dubbed zombie/flash cookies. These cookies install automatically and permanently. This means that you don’t have to grant them permission, and they will be restored even after deleting them manually. They are mostly used to tracking individual users’ (persons of interest) browsing activities. Websites also use them to ban specific users and IP addresses.
You don’t have to accept cookies (albeit some cookies download automatically), and you can remove them whenever you wish. This is relatively easy, but the trick lies in finding them. Cookies may be scattered all over your browser or hard disk. You can localize their individual storage locations via the settings page under the following tabs: Tools, Internet Options, or Advanced Settings. Different browsers have different cookie removal procedures, so follow the prompts.
P.S. Getting rid of cookies will remove all personalization data, and you will essentially be starting anew. As such, be careful when deciding which cookies to remove – it is useful to retain cookies from websites that you visit often.