Cookies - 28 June 2021 | By TermsHub

Updated at: 09 December 2021

What Is a Cookie? How It Works and Ways to Stay Safe

What Is a Cookie? How It Works and Ways to Stay Safe

Cookies in our everyday life

Remember when you were on eBay admiring the intricate French porcelain tea set, and then when you open your Facebook, that tea set seems to follow you around because now Facebook suggests other French porcelain wares in local stores near you? That’s the magic of the internet or HTTP cookies, or just called “cookies”.

Cookies are pieces of data unique to you that enable websites to remember your preferences the next time you visit them.

Simply put, a cookie is like that friendly barista at the coffee shop you frequent visit. He already knows your name and how you like your coffee, so you won’t have to explain your complicated coffee request every time you order. Now and then, he proposes new drinks on the menu that are still related to your main concoction. With kids or elderly people, I used to say that cookies are like Hansel and Gretel’s “bread crumbs”, the idea was to drop bits and pieces along the way so that even if they wander far through the forest, the bread crumbs will trace them back to their home.

Cookie types and definitions

From the original “magic cookies” back in 1994, internet cookies have emerged into several types and have been adopted for numerous uses, depending on the site or company who created them.

Ad Cookies

Advertising companies use ad cookies to track user data that can be used to connect a specific product to a target market properly. You usually get these cookies when you open a website with ads on it. One thing to note is that even if the website that you are on has nothing to do with advertisements if it has ads placed all over the page, you are still bound to get ad cookies even if you don’t click on them.

Session Cookies

Session cookies temporarily store data while you are on a website. But as soon as you close your browser, all this data will also be lost.  You will have to type in your information again once you try to visit that same website next time as it won’t “recognize” you. One example is when you are on a clothing line store with multiple web pages. You throw a few items into your shopping cart as you scroll thru their catalog. Without session cookies, you will have to add these items to your cart manually as you go from page to page on the website. However, most online stores use a combination of session cookies and other types of cookies to work.

Persistent Cookies

The opposite of session cookies, persistent cookies get saved on your browser and stay on your computer even after closing it. So the next time you visit the same website, you won’t have to enter your information as your preferences are already saved, like your email personalization, your username, and password, or the contents of your shopping cart.

Flash Cookies

Flash cookies are cookies that are dependent on a browser plugin called Adobe Flash. This cookie is mainly used to remember specific flash player preferences like resuming where you left off on a video or an ad. Because it is specific to Adobe Flash, flash cookies aren’t deleted when you choose to delete “all cookies” on your browser. Instead, you will have to manually go to the Adobe Flash Player settings to delete this type of cookie.

Flash cookies are commonly used nowadays by games to save users’ progress. They find flash cookies more convenient. This is because they are not easily deleted. Thus, gamers can’t easily cheat their way off the game. Flash cookies can also store up to 100 Kilobytes of data compared to third-party cookies that only store up to 4 Kilobytes.

Zombie Cookies

Zombie cookies go hand in hand with flash cookies. These tracking cookies are saved on your computer without your consent. For example, when you go to a certain website, a combination of a third-party cookie and a Flash cookie gets stored on your hard drive. When you try to clear cookies on your browser, the third-party cookie gets deleted but the flash cookie, as explained above, is stored in an Adobe Flash Player folder and won’t be affected.

When you revisit the same website, it will recreate the third-party cookie from the flash cookie saved on your computer. That’s why sometimes, even when you already cleared cookies on your browser, you are surprised that it still remembers all your deleted preferences. And even how many times you cleared cookies on your browser, it will continue to be recreated every time. It’s called “zombie” for a reason.

Opt-Out Cookies

Opt-out cookies are your protection from third-party cookies. It serves as a block or a shield preventing your data from being sent to the servers of the website that you are on. However, opt-out cookies are only website-specific. While you are protected on a particular website, the protection it offers is restricted and does not stretch through all the websites you visit.

When you accept an opt-out cookie from a website, you essentially tell its servers that you do not want your information tracked and shared or have any cookies installed in the future.

HTTP Only Cookies

An HTTP Only Cookie is an added tag that makes an internet cookie more secure. It acts like a security staff who checks everyone who enters an exclusive party and refuses entry to anyone who is not on the guest list. In addition, it guards and protects the confidential information contained in a cookie. Even if a flaw is detected and someone gets a hold of the cookie (thru cross-site scripting), it will return with a blank one.

First Party vs Third Party Cookies

First-party cookies are also called “same-site” cookies. This means the website owner themselves creates them. They are much safer as long as you are browsing thru legit sites and confident that they are not compromised.

On the other hand, third-party cookies are created by companies other than website owners. These are commonly ad cookies and depend on the number of ads on a certain website. The data collected from these cookies are utilized by companies that advertise or analyze people’s browsing patterns on all sites where a specific ad is placed.

Google disclosed (2020) that they will discontinue using third-party cookies on Chrome by 2022, joining other browsers that have long been blocking these types of cookies like Safari.

How are cookies used on a computer?

A cookie’s main purpose when it was created in 1994 is to see how often a user visits a certain website on the internet, for the website owner to gauge how effective his web page is and what he needs to improve on if it’s not generating much traffic. From then on, the simple cookie has been redesigned many times to fit the needs of websites and company owners who use them.

Session management

An instance a user visits a certain website is called a session. Cookies make the browsing experience smoother by managing and restoring users’ preferences the next time they visit the same website. For example, on an eCommerce store, you scanned thru all their products and chose three items to put in your shopping cart.

However, you didn’t push thru with the purchase because you wanted to think it over first. The next day you went back to the website, you won’t need to browse thru all their products again and look for the three items that you liked yesterday. You only need to check your shopping cart, and they are all there, waiting for you to check out.

Convenience and Personalization

Continuing the above scenario, before you could add items to your cart, you were asked to create an account and enter all your information: complete name, age, birthdate, address, and telephone number. You also created a username and a password. The next time you open the website, your login information is automatically filled out, and all you need to do is click on login. The same goes with your shipping or billing address. If you keyed in all those info yesterday, it would be auto-filled today.

Tracking

The tracking attribute of cookies is mainly used by advertising and analytical companies. This helps them build better customer profiling.  For example, married women in their 50s usually browse through gardening,  sewing, and crocheting tools, while single women in their 20s look for DIY crafts and small businesses to put up. This type of information is what helps advertising companies target the correct market for their product.

Are cookies dangerous?

Cookies are not dangerous per se, but they pose a risk as the information is shared across the internet with other unknown groups.

Security

Your personal information stored in cookies is in clear text and vulnerable to hackers or anyone else who can illegally access your computer. Also, not all sites that have access to these cookies are genuine companies. Some have the sole purpose of hacking and stealing this information.

Privacy

Aside from that obvious flaw, browsers with cookies enabled acquire information about you – your personal information like age, gender, address, the types of websites that you frequent, the items that you look for, topics of your interest,  the products that you put in your shopping cart and more. Cookies, however, are not allowed to track or store sensitive information like credit card data. These collected data are used to achieve more deals or get more consumers, mainly for advertising companies.

Allowing or disabling cookies

You have the option to disable cookies altogether in your web browser to prevent your information from being retrieved. However, it can make for an unpleasant surfing experience. For example, most eCommerce platforms use cookies for their shopping carts to function, and if you disable them, you won’t be able to use that shopping cart option at all. In addition, for websites with account creation and lengthy forms to fill out, you will have to enter all those information over and over every time you visit.

Cookies expiration

Session cookies don’t contain an expiration date and get automatically deleted as soon as the browser is closed. Persistent cookies, on the other hand, have expiration dates on them. They are stored in your computer for some time. A persistent cookie is also automatically deleted from your computer after it expires. Depending on the creator of the cookie, a persistent cookie can be set to expire in a maximum of 20 years.

How to remove or clear cookies

From time to time, it’s best practice to delete or remove cookies from your computer.  They take up space in your hard drive, some cookies aren’t automatically deleted after their expiration dates, and outdated cookies can slow down the flow of data from the servers to your browser. That’s why sometimes you notice that it takes a lifetime for websites to load, but the results seem fine when you run a speed test on your connection. Follow the steps below to clear cookies for every type of browser.

Google Chrome

– Click on three dots on the top right corner of your Google Chrome browser. It will open the Settings menu, scroll down and click on Advanced. Next, click on Clear Browsing Data. You can choose which cookies to delete or select all and confirm by clicking Clear Data.

– For the Google Chrome app, tap More on the top right. Next, choose History and then Clear Browsing Data. You will then be given an option to select a time range or select All Time to delete all. Check the boxes next to Cookies and site data and Cached images and files and tap Clear.

Firefox

– Click the menu bars (three parallel lines) on the upper right-hand corner of your Firefox browser and choose the Privacy tab. Choose Clear your recent History and choose Cookies. Select a timeframe or select Everything.

– On the Firefox app on your phone, choose the menu bars on the top right for Android and on the lower right hand for is iOS devices. Go to Privacy, choose Cookies, and select Clear Private Data.

Safari

– Choose Preferences on your Safari’s dropdown menu. Select Privacy and choose Manage Website Data and then Remove All.

– On your iOs device, choose Settings, go to Advanced, and select Website Data. To clear your cookies, select Clear History and website data.

Internet Explorer

– For IE on Windows 7, 8.1, and 10, choose Tools from the menu and choose to Delete browsing history. Next, check Cookies and website data and select Delete.

– For Microsoft Edge select More and choose Settings. Next, go to Clear browsing data and choose Cookies and saved website data, click Clear.

Consent Urged by the Cookie Law

The European Law called General Data Protection Regulation (GDPR) protects individual user data from unlawful use. It requires website owners to gain consent from a user to allow or disable cookies before installing them. Cookie consent should be gained thru the following

  • Initial and clear consent must be obtained before cookies are activated
  • Users must have the option to choose which cookies they would like to have installed and not be given a merely “allow all” or “disable all” option.
  • User consent must be voluntary and not coerced
  • Users should have an option to deny consent even after they have already given it.
  • Consent is considered a valid and legal document and must be stored properly.
  • Consent needs to be renewed every year or every six months.

Cookie consent is obtained thru “cookie banners” that appear on top or at the bottom of a cookie-enabled web page on your first visit. Even as new technologies for tracking emerged other than the common cookies like Web SQL, IndexedDB, and Local Storage, the laws governing all these innovations remain the same – consent is still a fundamental prerequisite.

Cookie Myths

Ever since internet cookies have been introduced, plenty of misconceptions went around the internet on what they are and what they do. Jupiter Research surveyed 2,300 internet users and published the results in 2005, and they reflect how users aren’t fully informed or rather misinformed on what cookies are all about. Some of the cookie myths users believe are:

  • Advertisers mainly use cookies.
  • Cookies are pop-ups.
  • Cookies are spyware.
  • Cookies are viruses and can delete data from a user’s computer.

According to the survey, 39 percent of internet users religiously delete or clear all the cookies from their browser monthly in fear that their information might be compromised. In addition, 44 percent assumed that deleting cookies increased their privacy.

These misconceptions are untrue, but they present a substantial threat to users whose focus is shifted to cookies instead of being cautious on the websites that they frequent where they can get actual viruses and spyware.

In fact, a cookie is just straightforward data. It’s not a program and cannot function on its own. Neither does it have the ability to delete information or cause harm to your computer.

Responsible Browsing

Although generally not harmful on their own, information stored in cookies can be used, accessed, or stolen by hackers or any sites or groups with malicious intent. Therefore, we should never be complacent when visiting web pages, and protecting our privacy should be our topmost priority. Take these tips to aid you in responsible browsing:

  • Sites that have the unlocked lock icon before the website address are a clear indication that it’s unsafe. The information you provide and collected by cookies in these sites doesn’t have any protection and can be easily accessed by virtually anybody. If you can’t avoid being on these sites if you are on public wifi, for example, use the incognito mode of your browser. This way, any information you type into websites can’t be collected or shared.
  • When a cookie consent asks your permission to use a third-party cookie, be quick to click decline. Although analysts mainly use most third-party cookies, your personal information is vulnerable as shared from company to company. The possibilities of it being used other than they intend to are endless.
  • You don’t always have to click accept. Even in legit sites, when you don’t feel like sharing details, go ahead and click on the decline button. You will be surprised that most websites will still function properly without activating any cookies.

Conclusion

Cookies generally make the web surfing experience effortless for users and sales targeting for companies more precise. They make everyone’s life a bit easier in this day and age when almost all of our daily functions involve the internet. Laws are in place to help protect users’ sensitive information. We just need to be responsible for doing our part of reading the “cookie banners” before clicking and allowing them on your computer and be diligent enough to review cookies in your browser and toggle with its privacy settings to find which suits your browsing habits.

PIPEDA: Personal Information Protection and Electronic Documents Act

Knowledge - 09 December 2021 | By TermsHub

PIPEDA: Personal Information Protection and Electronic Documents Act

Read more
What is Data Processing Agreement (DPA): The Essential Guide

Knowledge - 09 June 2021 | By TermsHub

What is Data Processing Agreement (DPA): The Essential Guide

Read more
What are Third-party Cookies and What Can You Do About Them?

Cookies - 25 May 2021 | By TermsHub

What are Third-party Cookies and What Can You Do About Them?

Read more