Everything You Need To Know About Cookies
Do you really know how much of your information is being tracked through cookies?
Although Americans bequeathed edible cookies to a grateful world, they must also claim responsibility for inventing the less palatable digital version. The principles underpinning cookies can be attributed to a founder of Netscape Communications, who chose a disarmingly innocent name for one of the modern electronic age’s biggest bugbears.
What is A Cookie?
At its simplest, a cookie is a small chunk of unencrypted HTML. Cookies are created when a user accesses a webpage and are subsequently stored in the web browser’s offline files. This enables the browser to recall login credentials, items in a shopping basket or other information the user has volunteered during a site visit. And it’s the latter attribute that has made cookies so controversial – their ability to retain information long after someone has exited their browser, and the ease with which cookie data can be sold onto unrelated third parties.
There is obvious scope for exploiting a system where each website logs and remembers who has visited, and what they’ve viewed. This data is often used for targeted web advertising, where innocently researching products or services can lead to weeks of related advertising appearing on completely unrelated sites. It becomes a greater problem when multiple users share a device, and even more so depending on the wholesomeness of those previous searches. While session cookies expire once a browser is closed, tracking cookies can endure for however long their creators have specified. There are also more specialist forms of cookie, including some that can only be transmitted across secure connections.
What Information Do Cookies Hold
Although internet addresses are routinely stored in a web browser’s memory, a cookie holds much more information. This may include the number and length of site visits, which pages were viewed, and in what order. Needless to say, this data is very valuable to advertisers, who will pay handsomely for cookies detailing user activities. Third-party cookies (those stored on a server unrelated to the host site, and embedded into the host’s webpages) are especially useful in identifying the tastes and predilections of individual consumers.
Cookies On the Loose
In 2011, action was taken on both sides of the Atlantic to inform people about how cookies monitor them. European laws require every website aimed at EU citizens to provide details about cookies usage and request the visitor’s prior approval. This is hard to miss, particularly on mobile devices where such notifications may occupy half the screen. People are more informed about whether they want their web browsing history to contain details of this particular site visit, though the repeated appearance of ‘click to confirm’ boxes are increasingly regarded as an annoyance similar to the pop-up advertising they seek to prevent.
Even greater frustration can be generated by the theft of unencrypted cookies, which may be copied or stolen in a process often known as session hijacking. Cookies are particularly susceptible to hijacking because they are rarely distributed using encryption, which enables anyone in receipt of cookie data to impersonate that user in subsequent online activity – providing passwords and 2FA aren’t also required.
A Matter of Convenience
It used to be possible to block cookies entirely, but relatively few websites display nowadays without them being enabled. Even so, their potential for abuse has led many consumers to request automatic cookie deletion when a browser is closed. Although user credentials will have to be repeatedly entered on future visits, this does restrict the amount of information that can be stored. However, as those pop-up adverts relating to last week’s internet activity continue to demonstrate, the cookie monster is still watching your every move…