Cookies in a browser are something that most people are not very concerned about. Because of its very friendly name, how can someone be? But with many of the recent developments in many tech giants regarding the misuse of their users' personal data and other information and the implementation of the laws like the GDPR and ePrivacy Directive, people have started wonder what cookies are and how they can be a threat to their privacy.
To know about the security and privacy issues that can arise from cookies, let us understand what cookies are and why are they used in websites.
What are cookies?
Cookies are small text files that are used by the websites to store information. These are messages that are passed between the server and the users' web browser. Cookies generally contain some random alphanumeric characters and they store data like a unique identifier to uniquely identify the user and some other information.
The cookies can also be used to identify the unique and returning visitors to a website. When a user visits a website, the site may create a cookie that stores some data that helps the site to identify the user. If the user leaves the website and visits again, the website will be able to identify the user as a returning user with the help of the cookie.
Cookies can also help make the user experience of a website better. Cookies can be used to remember you everytime you visit a website so that you don't have to enter the website credentials again everytime you visit them. Thus they can help you access a site faster and more efficiently. With data like which pages are most engaging to users and which are the pages of the website that the users are not much engaged in and do not draw as much traffic. These data can be used to improve the websites for better user experience.
Different Types of Cookies
Cookies can be classified in several different ways. There are different types of cookies depending on the source of the cookies, depending on the duration of the cookies and depending on the purpose of the cookies.
Depending on the source of the cookies the cookies can be classified as first-party cookies and third-party cookies.
First-party cookies: The cookies that are installed by the website that the users are currently on are called the first-party cookies. For example, the cookies used by a website to determine whether a user is a logged in or not.
Third-party cookies: These are the cookies that are installed by other websites or servers that are not being viewed by the users. These are used by third-party advertisers to track the users and learn about the effectiveness of the advertisements on websites.
Depending on the duration the cookies are stored, they can be classified as session or persistent.
Session: Cookies are stored temporarily in the browser are the session cookies. These cookies usually expire when the browser is closed.
Persistent cookies: These are the cookies that stay in the users' browser for a longer period of time. Once installed, they are only removed from the browser when they reach their expiry period or when the users clear the cookies from the web browser.
Depending on the purpose of the cookies, they can be classified as necessary and non-necessary.
Necessary cookies: Cookies that are absolutely necessary for the functioning of the website.
Non-necessary: The cookies that are not absolutely necessary for the functioning of the website. Cookies that are used to track the users' behavior on a browser can be considered to be non-necessary cookies.
What do cookies do?
They are using for tracking the users' behavior on a website or a web browser. This can be used by the website or a third-party service to give the users content that is tailored for them.
Other examples of usage of cookies are e-commerce website that remembers the products that have been added to cart by the users while they keep on shopping. Even if the user leaves the website without completing the purchase, the products added to the cart will still be remembered when the user visits the website the next time.
Are cookies harmful?
Generally, cookies do not contain any malware or viruses in it that can potentially harm your computer. So there is no harm there. Also, cookies can not access any other personal information from the users' computer. Also, the cookies do not contain any executable code within itself so the only job it has is to the help the website collect information about each user visits.
However, there can be some cases in which some malware disguises as cookies in a browser. But that's an issue for some other time.
When there are security concerns about the usage of cookies, the first thing to understand is that the cookies do not look for personal data when they are installed on a browser. They do not scan for the data on the website or the users' computer for any personal information. Cookies only contain the data that the users have given voluntarily in the form of the data that are submitted through the website forms.
Also, cookies store data in such a way that they can only be read by the server that installs them. No third-parties can access the information that is stored in the cookies by the website. For the most part, cookies only need to identify the users' browser and any other personal data that are stored in the cookie are given by the users at any point of time while using the website.
Most of the security or privacy concerns regarding the cookies come from the usage of third-party cookies. When a website uses advertisements that are added using some third-party services, they can add cookies through that website. These cookies that are not added by the website itself but by another server or website are called third-party cookies.
They allow the advertising that is targeted to these users to provide ads that are more relevant to the users. They also help in limiting the number of ads that are displayed to the users and improve its effectiveness by tracking the users browsing history and remembering the pages that the users have visited. These cookies also allow the websites to determine how effective the ads are on a particular website and if they are generating the required or expected outcomes.
But these activities by the third-party cookies can be considered as an invasion of privacy of a user online. As these data track what a user does on a website and can be used by these third parties for the profiling of the users.
How Can I Check the Cookies Used by a Website?
Most of the popular web browsers provide a way to find out what cookies are used by a website from its developer tools. For example, if you want to check the cookies installed by a website from chrome, right click on the website and view the browsers developer console. From the developer console, on the Application tab, expand the cookies view where you can find the cookies that are installed by the website.
To know more about how to identify the cookies used by a website, read this article.
To Get Rid of the Cookies
Most of the modern browsers give the users an option to delete or clear cookies installed on them. In the example of Chrome, users can clear the cookies from the Clear browsing data section from the Settings of the browser.
In countries with laws like GDPR, people can be more relaxed with regards to the cookies and collecting personal data without their knowledge. With the implementation of such laws, the websites will not be able to install cookies that are not necessary for the website to function properly without the users' consent. This includes the cookies that track the users' behavior. This ensures if the cookies will be installed only if the users allows the websites to do so.