Bring up the word “cookies” and most people’s minds drift to grandma’s famous chocolate chip recipe right out of the oven. But in the context of the internet, browsers and computers, “cookies” take on a whole different meaning altogether.
Cookie, as you’ll come to find out in this guide, can both enhance the way you browse the internet as well as pose a serious security and privacy threat in the wrong hands.
What are Cookies?
Cookies, also known as web cookies or internet cookies, are pieces of information stored in your web browser and used to communicate to a web server.
When you search the internet you do so on a browser, likely Chrome, Firefox or Safari. These web browsers create and store simple and unique text files as you visit various sites online. These files, known as cookies, store information locally in your browser that can then communicate (pass) information back to the originating website or server from whence they came.
It is a common misconception that cookies are inherently “bad” or that they are a virus. While cookies can be used maliciously, they are also usually innocuous and simply store information used to improve your web experience and speed up the internet (more on their uses later).
What Cookies Do
Most websites utilize cookies in order to improve your experience. For example, when registering on a website you may be asked to fill out a form with your name, interests, and email address. This information can be stored in a cookie on your web browser for future use. In the event that you visit that same site again, the cookie will communicate that information to the web server hosting that website and you will no longer be prompted to “register”.
In this way, the cookie was used to customize your web experience based on your preferences and the fact that you had already registered on the site.
What Types of Information Does a Cookie Store?
The majority of information a cookie stores is about the browser itself. In fact, for a cookie to properly work it doesn’t even need to know where you are from (though some will log IP and location data). Further, legitimate security-minded websites will encrypt any personally stored data about you.
The Six Parameters Cookies Can Pass
- The cookie’s value
- The name of the cookie
- The expiration date of the cookie
- The path the cookie is valid for
- The domain the cookie is valid for
- Whether or not the cookie requires a secure connection
That said, cookies can and sometimes do store a broad range of information about you, including personally identifiable information such as:
- Name
- Address
- Phone number
But remember, a cookie can only store this information if you provide it to the website or type it in a form on the page. Cookies cannot access other files on your computer.
Types of Cookies
Session Cookie
This cookie, also known as a “transient cookie” is erased from your browser’s memory once you close the web browser. Think of this cookie as a temporary file of information that is only stored and useful during that single web browsing session.
Persistent Cookie (first Party)
Also sometimes called a “stored cookie”, “permanent cookie”, or “first party cookie” this file is similar to a website’s long-term memory. These files are used to remember your preferences on a website in case you ever visit it again in the future.
Without these first-party cookies, websites would not be able to remember things you like such as your preferred:
- Language selection
- Settings
- Themes
- And more…
These persistent cookies also play a key role in authentication. For example, if you were to delete them, you may find yourself having to log back into a website every single time you visited it.
The majority of first-party cookies are set to expire within one to two years, meaning that if, during that timeframe, you do not visit the site again, they will be permanently deleted.
That’s the good news. The bad news is that companies can also use persistent cookies to track you online, recording your browser habits and reporting back. For this reason, persistent cookies have been the discussion of privacy-minded individuals for years.
Third Party Cookies
Third-party cookies are those cookies that often give “cookies” in general a bad name. A third party cookie is a cookie stored from a site/server other than the one you actually visited.
Whereas first-party cookies provide benefits such as enhancing the user experience by remembering your settings, third-party cookies do not offer this value. Instead, their purpose is primarily for the tracking of your browsing history, demographics, online behavior, spending habits and more.
Because of the type of data they can collect, third-party cookies are the preferred cookie of advertising networks to improve ad targeting and delivery.
Luckily, most modern browsers provide simple ways to block these cookies. For example, on Chrome:
- Go to More > Settings > Advanced > Privacy and Security > Content Settings > Cookies > Block Third-Party Cookies.
Malicious Cookies
The primary purpose of these cookies is often to build a “profile” of you that can be used to sell data to other parties, for advertising or other nefarious purposes.
Examples include:
- Zombie Cookies
- Flash cookies
- Supercookies
Each of which are often notoriously difficult to get rid of for various reasons.
Closing Thoughts Regarding Browser Cookies
It’s important to remember that not all cookies are bad. Without these little gems of information, the web would not be as pleasant to use or as efficient as it is today.
For regular web users, cookies improve the browsing experience. For marketers, they allow for the tracking of how sales were generated (i.e. from which campaigns) in an effort to increase revenue and optimize performance. And for developers, they can provide vital information to customize the experience users have with their apps and websites, as well as maintain login information (authentication).
None the less, there are certainly security and privacy concerns to be aware of as an essential part of keeping yourself and the web safe.