All you need to know about cookies

Before you get excited, I would like to add a disclaimer: I’m not about to discuss chocolate cookies, nor will I give you steps to bake them (although I would if I knew how to bake properly😅). What I mean by cookies in this context is “Internet cookies”.
While trying to access a website, have you ever noticed the annoying popup that asks you to accept or reject cookies? Yeah, that’s what I’m talking about. Or do you ever wonder how you keep seeing ads that align with your recent web searches? Another example of the use of cookies is in our social media applications. Many people wonder how the algorithm of Instagram or TikTok, for instance, always pushes relatable content to their feeds.

The answer to these questions? Yeah, you guessed right - COOKIES.

What is a cookie?

An internet cookie, also known as an HTTP cookie, is a small piece of data (typically stored as text files) on a website stored on a user’s computer while interacting with websites over the HyperText Transfer Protocol (HTTP). Specific cookies track user browsing activity and help improve the user experience.

Cookies are useful in:

• saving user login information to remember them on subsequent visits.

• identifying the user and what they are doing.

• remembering user preferences, such as language, theme mode, font size, and so on.

• improving user experience, for example, cookies on most e-commerce sites store information about your cart so the users don’t have to enter it on every page they visit.

• helping to gather statistics and analytical data about visitors, page views, duration sessions, and so on.

How do cookies work?

Scenario 1: Accepting all cookies

When you visit a website for the first time, your browser requests access to the site’s server. By accepting cookies, the server generates a unique ID and sends it alongside other data (like preferences or session information). Your browser then stores the cookies locally on your device. These cookies allow the website to track your session and remember your preferences for your next visit.

The next time you visit the same website, your browser automatically sends those stored cookies to the website’s server. Based on the ID generated, the website can provide personalized content, remember your settings, or continue your session (e.g. keeping you logged in).

Scenario 2: Rejecting all cookies

If you reject cookies, the website cannot store the unique ID generated on your device, so when you visit the website as a subsequent user, the website will treat you like a new user if no other tracking technology is being used on such a website. This means the website may not remember a returning user and you would have to re-enter your data.

History of Cookies

Internet cookies were first created by Lou Montulli in 1994, a programmer at Netscape Communication. His intention was to address the problem of the statelessness of the web browser. This meant that websites could not remember any information about users as they navigated between pages. Inspired by magic cookies, which were being used at the time to store and exchange small pieces of data between programs, Montulli created cookies as a means for websites to store small bits of data about the users’ web browsers. The initial purpose was to help e-commerce websites remember items in a shopping cart between visits or across different pages on the website. Since then, cookies have evolved greatly, and are now being used for functionalities like authentication, personalization, targeted advertising, and so much more.

Regulation of cookies

Despite their widespread use and benefits, concerns about cookies and privacy have grown over the years. In 2002, the European Union introduced the E-Privacy Directive, commonly known as the "cookie law." This legislation required websites to obtain user consent before storing cookies on their devices.

This directive marked the beginning of the now-familiar cookie consent pop-ups that are present on most websites, ensuring users are informed and can control the data being stored on their devices. Since then, the regulation of cookies has only strengthened, with privacy laws like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), to mention a few, further reinforcing user rights and data transparency.

Types of cookies

Although most discussions about cookies tend to focus on just four common types, there are actually ten different types. In this article, we'll go beyond the basics and explore all ten, giving you a comprehensive understanding of the full range of cookies used online.

1. Session Cookies These are temporary cookies that last for only a session. They are used to manage user sessions and are deleted once the browser is closed.

2. Persistent Cookies
   These cookies remain on the user’s device till they are deleted manually. They are useful in remembering user preferences, keeping them logged in, or continuing user sessions for returning users.

3. First-Party Cookies

   These are cookies set by the website you are directly visiting. Commonly used for functionalities like language preferences, and user analytics to enhance user experience.

4. Third-Party Cookies

   These are cookies tracked by websites other than the one you are currently visiting. They monitor user activities across multiple websites for targeted advertising. While they do not contribute to the user experience, they allow advertisers to push relevant and personalized ads based on the users’ behavior.

5. Secure Cookies

   Secure cookies ensure that data within cookies can only be sent through secure HTTP requests, encrypting sensitive data like login details securely.

6. HttpOnly Cookies

   HttpOnly cookies cannot be accessed directly by JavaSript This is crucial in preventing cross-site scripting attacks (XSS), where malicious scripts try to extract cookie data.

7. Zombie Cookies

   These cookies automatically regenerate after being deleted. They are used for tracking purposes.

8. SameSite Cookies

   These cookies add a layer of security against cross-site request forgery attacks by controlling whether they can be sent with cross-site requests, thereby restricting how cookies are sent with requests from other sites.

9. Supercookies

   Cookies stored at the network level by Internet service providers (ISPs), which are more persistent than regular cookies. These cookies are used to track users across different websites without their explicit consent. These cookies store data in multiple places, making them difficult to delete.

10. Flash cookies (LSOs-Local Shared Objects)

    Flash cookies can store data outside their standard cookie storage. They can also hold more data

Demystifying myths about cookies

1. Myth: Cookies are Virus or Malware

Reality: Cookies are just small text files stored in your browser, and cannot execute any code or even carry viruses or malware. They are not programs but simple data that websites use to store information.

2. Myth: Cookies can steal your personal information

Reality: Since cookies only store information entered by a user on a website, they do not have the ability to access personal files or data on the user’s computer. However, cookies can be used to track browsing habits, which may raise privacy concerns, especially with third-party cookies.

3. Myth: Deleting cookies makes you anonymous online

Reality: Even though deleting cookies can reset some tracking mechanisms, it doesn’t make you fully anonymous. Other tracking technologies, such as device fingerprinting, can still identify you

4. Myth: Cookies Slow Down Your Computer

Reality: Cookies are usually as small in size as a few kilobytes, so they have little or no impact on the performance of your computer. Even if you have thousands of cookies, they take up very little storage space and do not affect your system’s speed or performance.

5. Myth: Accepting Cookies Puts You at Risk

Reality: Cookies themselves are not harmful and therefore do not put you at risk, however, accepting cookies from untrusted third-party sources might expose you to more targeted advertising and tracking, which can lead to privacy concerns rather than direct security risks.

6. Myth: Cookies Are Always Used to Track You

Reality: Not all cookies are used for tracking. Many cookies are essential for the basic functionality of websites, like maintaining your login status or saving shopping cart items. Tracking cookies are a subset of cookies that are usually from third parties (like advertisers) rather than the website you are visiting.

7. Myth: Cookies Last Forever

Reality: Cookies have expiration dates. Some cookies (session cookies) are deleted as soon as you close your browser, while others (persistent cookies) have a set expiration time, such as days, months, or years. Cookies can also be manually deleted at any time through your browser settings.

8. Myth: Cookies Only Work in Your Web Browser

Reality: While cookies are primarily used by web browsers, similar tracking technologies can be found in other applications, such as mobile apps, which use local storage or other means to store and retrieve data.

9. Myth: Websites Can See All Your Cookies

Reality: Websites can only access cookies that they’ve created. A website cannot access cookies set by another site, thanks to the same-origin policy, which restricts cross-site cookie access for security reasons.

10. Myth: Disabling Cookies Will Keep You from Being Tracked

Reality: Disabling cookies can limit some tracking, but many websites use other tracking techniques like pixel tracking, device fingerprinting, and local storage to continue monitoring your online activities.

Can cookies be dangerous?: Risks associated with cookies

Even though cookies are instrumental in creating a personalized web experience for users and are not inherently dangerous by themselves, understanding their risks can help them make informed decisions about their online privacy and security. Here are some potential dangers related to cookies:

1. Tracking and profiling may cause privacy concerns

Third-party cookies, commonly used for advertising, can track users across multiple sites, building detailed profiles based on browsing habits, which can lead to targeted advertising that some users may find invasive.

2. Data Leakage through Cross-Site Scripting (XSS)

A website vulnerable to XSS attacks can be exploited by attackers to read cookies, potentially gaining access to sensitive information, such as session tokens or personal data.

3. Session hijacking, which can lead to cookie theft

An attacker could impersonate a user by stealing their session cookie, allowing them unauthorized access to accounts if cookies containing session identifiers are intercepted (e.g., through unsecured networks).

4. Supercookies and zombie cookies may lead to persistent tracking

Supercookies are stored at a network level and can be more difficult to delete, allowing for continued tracking even after users attempt to clear their cookies. Zombie cookies can automatically regenerate after being deleted, which may be a potential privacy risk.

5. Misleading User Consent

Many websites implement cookie consent pop-ups that may be misleading or confusing, leading users to unknowingly accept tracking cookies without fully understanding the implications.

Mitigating Risks associated with cookies

To mitigate the potential dangers associated with cookies, you can take the following actions:

• Adjust browser settings to limit or block third-party cookies, manage cookie permissions, and periodically clear cookies.

• When developing websites, implement secure flags like ‘httpOnly’ to enhance the security of cookies.

• Use a Virtual Private Network (VPN). A VPN can provide an additional layer of security by encrypting internet traffic, making it harder for attackers to intercept cookies.

• Regularly review privacy settings and be aware of how websites use cookies and track user behavior.

• Online cookie checkers also offer an efficient solution, providing detailed scans and categorizing cookies by their purpose.

In conclusion, while cookies offer a myriad of possibilities for enhancing user experiences and personalization, it's important to stay informed and mindful of their impact on privacy. With the right awareness and control, we can harness the benefits of cookies without compromising our online security.

Thank you for reading! If you found this article helpful and informative, please subscribe and give it a like; it helps support the content and keep you updated with future posts.