The Skinny on Internet Cookies

Cookies are a very small part of day-to-day internet use, but they’re part of some big questions regarding internet privacy. Are cookies safe? Should I enable them? Just what is a cookie? Find out all this and more below:

What is a cookie?

A cookie is a small text file stored on your computer’s web browser or in a related subfolder that provides data about your website visits.

What are cookies used for?

Cookies help websites personalize the user experience. They store data about your site preferences and saved credentials, and also keep track of your activity to make sure actions like shopping cart use carry over as you click through multiple pages on a website. Without cookies, the settings would reset each time you visit a website and click to a new page.

What are the different types of cookies?

• Session – Designated for a single session on a webpage. After you close your browser or have been inactive for a designated amount of time, these cookies will be deleted.
• Persistent – Remain in a browser or subfolder for a designated period of time, meaning they will activate whenever you return to the related domain. These can be used for third-party tracking (explained below).
• Authentication – Used to determine whether a user is logged in or not, and to pull up related information once a user is logged in.

• First party – The basic type of cookie which can only be accessed by the domain that a user accessed.
• Third party – Also known as tracking cookies, these are created by websites other than the one you’re browsing. Typically, they come from third-party advertisers who have ads, plugins and buttons embedded on hundreds of websites. These cookies can allow for third party marketers to track user activities and create segmented data to better target people visiting websites for materials like ads.

• Supercookie – Also known as a permacookie or UIDH (unique identifier header), these cookies are built into a site’s HTTP header. Because it is not added to the user’s browser or computer, they cannot be deleted the same way regular cookies can.
• Zombie cookie – Cookies created by third parties who advertise on websites that “resurrect” when deleted. They’re installed on user computers outside of where normal cookies are stored, and are recreated if deleted with other third-party cookies.
• Flash cookie – Cookies created by the Adobe Flash plugin which are not stored in the same place as other cookies. These can be used to recreate zombie cookies.

What do cookies mean for my security and privacy?

A cookie on its own is not designed to harm your computer. They cannot remove information from your hard drive, spread a virus or share information from one domain to another. Cookies can, however, be used as part of a cyber attack. If a user is on an unprotected network, it’s possible for a hacker to engage in cookie theft or session stealing, in which they access cookies on public platforms and use them to log into websites using another user’s information. Cookies can also be used when a hacker spreads a virus onto a system, which in turn inputs a malicious cookie onto your server which will open up to an attacker’s page if you try to open your internet browser.

More often, the concern about cookies relates to the use the information stored in them. As noted above, a cookie contains very little information, but with the existence of third-party cookies and cookies that cannot be deleted with traditional methods, many users are concerned that their online activities are being tracked without their consent. Some countries now include cookies as part of their laws regarding compliance (such as GDPR), but this is not consistent across the board. It’s up to users to read the terms of cookie use websites often provided in popups. Users also have the option to enable or disable cookies based on their browser; or download add-ons, which will help block some of these cookies; or cleaners, which will wipe your browser clean.

While the rules regarding how cookies can be used is not completely set in stone, you can still ensure your privacy rights are upheld and your data is safe by reading the messages you receive when you click on a website, keeping your browser clean and making sure that you know what you’re consenting to share.