What are cookies used for?

Cookies are used to deliver different types of information from the user’s browser to the website he/she is visiting. That being said, there are many different reasons why a website is using cookies, such as:

Session management

A process of securely carrying your information through various sessions. For example, any website that allows you to log in may allow you to remember your information so you don’t need to enter your “username” and “password” each time you visit it.

Tracking users

Tracking all user activities and behavior on websites, search engines, or social media to compile this data and create statistics about how people use their site. The main purpose is usually to be able to target audience groups according to the collected data. Google Adsense uses tracking cookies to display relevant ads.

Different types of cookies

Several types of cookies may be created depending on their purpose and how they’ll be used.

Permanent cookies (also called persistent cookies)

In contrast to session cookies, permanent cookies are not deleted once you close your browser, but they are stored on your hard drive until the expiration date or until you delete them manually. They are used to remember, for example, login details (username and password), to avoid entering them every time you visit a particular site.

First-party cookies

The term “first party” means getting cookies directly from the website’s domain you are on. For example, once you land on the website forbes.com, this website can automatically create a cookie that is saved on your computer.

Third-party cookies

These cookies are related to external domains, as they are not issued by the website’s domain you are on. For example, if you visit the website nytimes.com, you may get a first-party cookie created by the website. However, the website may have advertisements displayed on one of the pages that issue a third-party cookie by the service serving those ads, such as Google Adsense.

Where are cookies stored?

Cookie files need to be stored somewhere to be able to remember what you did on the website or something else. As such, they’re stored directly on your hard drive by your browser. The next time you visit that website, your browser will send saved cookies to the website’s server, allowing the server to use the saved information.

What do web cookies look like?

Each cookie has its attributes, meaning the name, value, and expiration date. Internet browsers limit cookies to 4096 bytes (4KB) in size. A cookie containing your login details could look like this:

Recorded 2020-01-12
username=John
hash=4c70884bd91727c931b91616c2d2b4d8
rememberme=yes

How long do cookies last?

Session or temporary cookies are deleted automatically once you close your browser. However, other cookies have a specific time of expiry in the form of date and time along with their names and values. If the website doesn’t set the expiry date, the browser will delete the cookie once it’s closed. The average lifetime of a cookie is about 30 days, but cookies can also be set to last for over a year.

Who can access and view my cookies?

Only the domain name that saved the cookies on your hard drive can access and read them. They can’t be accessed or examined by other websites. So if you visit forbes.com, they won’t be able to access cookies set by nytimes.com

Accepting a cookie doesn’t mean your personal information is in danger or that a cookie can deliver you a virus. However, advertising and tracking networks may use cookies to track your visits across the internet. So, for example, if you searched for a new house and later entered a website with news, you may see ads for houses on this website, which might look as if they were able to obtain your personal information.

Who can access and view my cookies?

Only the domain name that saved the cookies on your hard drive can access and read them. They can’t be accessed or examined by other websites. So if you visit forbes.com, they won’t be able to access cookies set by nytimes.com

Accepting a cookie doesn’t mean your personal information is in danger or that a cookie can deliver you a virus. However, advertising and tracking networks may use cookies to track your visits across the internet. So, for example, if you searched for a new house and later entered a website with news, you may see ads for houses on this website, which might look as if they were able to obtain your personal information.

Can websites track me using cookies?

Tracking cookies are typically used for advertising and retargeting purposes, and they are usually created by related third-party services. Two types of tracking cookies that may have some adverse effects on your privacy are:

Supercookies

These cookies are tied to top-level domains such as “.org” and “.com.” While most types of cookies are associated with specific domains, such as forbes.com, supercookies have much more freedom to save and access your personal information. However, most browsers block supercookies due to potential privacy and security concerns.

Zombie cookies

These cookies are recreated using the Quantcast technology the moment after you delete them. They are much harder to find and track, and they can follow your activity across different browsers. To completely remove them from your hard drive, you need to delete the flash cookie that recreates these zombie cookies. Modern browsers have the option to delete flash/zombie cookies through privacy settings.

Are cookies safe?

Cookies are created and used via the HTTP(S) protocol. They aren’t malicious by nature and won’t invade your privacy. For example, remembering your login details is purely to easily access your account. So if you clear the cookies, you’ll be logged out of all of your accounts online and will need to re-enter your login details. Most of the browsers contain privacy settings, allowing you to review and manage cookie files.

Why do I see alerts about the use of cookies on some websites?

Currently, the European Union companies and companies that do business in Europe or have European customers must comply with two laws regulating the use of cookies:

  • The EU Cookie Directive, or the Directive on Privacy and Electronic Communications (codified in 2002), states that websites need to get the user’s permission before saving information in a cookie file and inform their users of the cookie’s usage.
  • General Data Protection Regulation (or GDPR), issued in May 2018, covers personal data regulations. Any information that can be related to a real, identifiable person is protected and can’t be used without the person’s permission (information such as the cookie identifier, IP address, and the device’s ID).

To be compliant with those regulations, website owners must display a cookie consent banner to inform their visitors about the use of cookies. It looks something like this:

This website uses cookies to ensure you get the best experience on our website.

This website uses cookies to ensure you get the best experience on our website.

Can cookies be blocked or deleted?

Most websites rely on the use of cookies to allow users to access some of the website’s essential features.  Thus, blocking or disabling cookies can limit your experience on those websites and cause a lot of annoyance, such as having to re-enter your login details each time you visit a website.

As somewhat of a compromise, modern browsers (Internet Explorer, Chrome, Firefox, Microsoft Edge, Opera, Safari) allow you to manage  cookies and set your preferred tolerance. Some of the options include:

  • To accept (enable) or always block (disable) cookies
  • To view them and selectively accept or delete them via the cookie manager
  • To delete all cookies

Most browsers are initially configured to accept cookies, so it’s up to you to change your internet browser settings. You can also choose to be notified each time a new cookie is about to be stored on your hard drive. Different websites have their cookie policies, and reading them may provide additional information and help you decide whether or not to allow cookies or block cookies on your computer.