What Are Cookies and Why Are They Important
When you come across the word cookies while visiting some website, the first thing that may come to mind is delicious, chocolate chip filled treats. But what do these cookies have to do with the website we visit?
Do such questions also pop up in your mind and you start wondering about the purpose of cookies in the internet world? Let’s dive into further details about computer cookies and what they’re used for.
Table of contents
What are cookies?
A computer cookie, commonly known as an HTTP cookie or web cookie, are small text files that store small pieces of information. They’re created by the websites you visit or their affiliates and are stored on your computer.
The data which cookies stores is usually some type of tracking information to help the website perform various tasks, such as manage a session ID when you sign in. Cookies are limited to 4kb in size which means they cannot store large amounts of data.
What do cookies do?
Cookies aren’t something that you can access from the drop-down menu in your browser and view them. Yet they are very important when it comes to browsing the internet and play a great role in making browsing more convenient for you.
Every time you visit a website, it sends a small piece of information to your computer to keep track of your movement on the site, your visits, and activities there. These cookies are then stored in your web browser and are later accessed when you’ll visit the website again.
For example, while selecting a language on a multi-lingual website, the website may store this information on your computer in the form of a cookie.
Next time you visit the website, it’ll automatically load the page in the language you’ve previously selected by reading the information from the cookie so you don’t have to select your preferred language again. It’s very convenient, isn’t it?
There can be thousands of cookies stored in your web browser but since they’re very small in size you shouldn’t worry about them using up too much space. Nevertheless, you may always clear all available cookies directly from the browser’s settings menu.
If you do that then keep in mind that you’ll be logged out of all websites you’ve previously logged in to and hit “remember me” checkbox.
Types of cookies
There are three different types of cookies, each has a specific purpose and usually tracks different activities.
Session cookies, also known as temporary cookies, are created for a single session and vanish once you close the browser. They are first-party cookies and all the administrative authority regarding session cookies lie with the website and the user can’t disable session cookies from his browser.
Typically, session cookies are used by government websites and online banks. They keep track of your browsing session while you actively navigate the site. Once you close the browser, the cookies will automatically expire.
This prevents any malicious users from visiting those websites later using your saved session data.
Cookies that don’t expire after you close the browser or even shut down the computer are referred to as permanent cookies, also known as persistent cookies or tracking cookies.
They have a specific expiration date set by the website and remain valid until then.
Permanent cookies are usually meant to help users by keeping track of their previous logins so that they don’t need to enter usernames and passwords every time they visit a website.
Though “keep me logged in” or “remember me” feature on websites is handy and makes things easier, it’s not exactly safe in terms of security and can be risky if people with malicious intentions somehow get access to your computer.
For security purposes, some websites offer an option to disable cookies. More often than not though this will restrict your ability to navigate the website since, as mentioned above, cookies are used to keep track of user’s session so, for example, you might not be able to access the client area.
To avoid this problem, you may still allow cookies and prevent your details from being misused by clearing your browser’s cache or cookies every now and then.
Third-party cookies are known as marketing or tracking cookies. These are the cookies embedded by third-party websites. For example, advertisements and banners shown on a website you visit are usually displayed by a third-party.
These third-parties store cookies on your computer for the purpose of being able to collect as much information about you as possible to be able to display more relevant ads. This may include your search queries, behaviors, interests and more.
That’s why sometimes when you visit a website you may see a banner or advertisement of a product you have previously looked at elsewhere. By tracking your movements with the help of cookies advertisers can get very specific when it comes to what they show you.
Though their aim is obviously to serve users with a more personalized experience, most people find these tracking cookies as an invasion of their privacy and consider it borderline illegal.
Google, Facebook, YouTube, and Twitter are some of the most common websites using third-party cookies.
Cookie hijacking and risks
Cookies themselves are harmless because they aren’t able to hold code. They can neither contain nor execute viruses or any other malicious code. But sometimes cookies can indirectly become the cause of malicious activities involving your data.
The reason behind their misuse is that they are just text files and are extremely vulnerable to cookie attacks. Other applications, spy-software and different cookies can harvest personal information like location, passwords, auto-completion details, etc from cookies on your system and use them maliciously.
“Cookie hijacking” is the term mostly used for unauthorized access to cookies.
If the hacker somehow gets their hands on the session or permanent cookies, that’s dangerous because this cookie hijacking creates a possible threat of unauthorized access to websites you’ve previously logged in to. The stolen cookies allow the hacker to get access to the user’s account without entering login details.
Cookie security is a major problem in the internet world. Security holes keep being found in different browsers which inadvertently can leak personal information to malicious users.
This can lead to all sorts of issues including credit card information theft, unauthorized access to personal email or other accounts and more.
Once your data is stolen, you can be exposed to identity fraud. Your email alone can be tied to many different websites and services which, in turn, contain your personal information as well. The possibilities are endless for how the stolen information and email accounts can be used.
Though you shouldn’t disable cookies for all websites as they may need cookies for proper functioning you may certain disable third-party cookies in your browser settings. Clear your cache on a regular basis and stay cautious while visiting unknown websites and giving your personal details there.
Cookies and the law
Fortunately, countries now are taking privacy and security breaches seriously. Existing laws have been updated to keep up with the modern digital world and the new issues we face.
In the EU the “cookie law” has been enforced across all countries for a few years now. This law requires businesses having an online presence to take consent from visitors and consumers before using cookies.
Moreover, they should also notify their consumers about how their information will be stored and for which purposes it will be used. All businesses operating in EU or catering EU citizens ought to comply with the cookie law; else they can be penalized.
Though the cookie law applies across all EU countries, it’s up to every country how they will enforce it. For example, in the UK the penalty for non-compliance can reach over half a million dollars, while other countries in the EU may have other penalties.
The law is meant for the security of users and to protect their privacy and give them control over their data.
Furthermore, they should provide users an option to opt-out of the data collection practice followed by mentioning the procedure guiding users on how to opt-out.
Russian Data Protection Act does not have specific guidelines regarding the distribution of cookies, but the law mentions explicit consent of the addressee in case of regular postal and electronic messages, so it can be presumed that cookies require the opt-in consent of the users in Russia.
Electronic Information and Transaction Law of Indonesia applies to all cookies storing personal data of the users.
Whereas the law does not apply if the cookie is created and used merely for analytical purposes and has nothing to do with the personal information of the consumers.
Just like Indonesia, data protection law in Brazil requires user’s consent when storing cookies with personal information of the users.
Despite all the privacy and security concerns, cookies are very useful and handy as they make it possible for the websites to remember us ensuring a comfortable and hassle-free browsing experience.
They certainly can pose security issues and privacy concerns if they’re being used without users’ consent and knowledge. This nuisance can be easily controlled though as modern browsers feature various settings to change the default cookie behavior.
- Updated on December 12, 2019