Cookies: Coffee Rewards Cards of the Internet
I recently watched a 7 minute video for my backend web development class on sessions and cookies. Curious about the coffee cards title? Watch the video here:
Prior to this, my knowledge of cookies was rudimentary; I knew that they were data stored in my local machine, and used mainly to identify me against sessions whenever I visited the site that cookie came from. This video opened up to me that cookies aren’t simply just storage, but have become one of the most used and essential web development technologies used today. That, and I now have a new way to tell my colleagues about cookies.
How The Cookie Crumbled
Although still widely used in the modern internet, the concept of cookies date back to 1994, named and developed by Lou Montulli II, a computer scientist who is now the CTO of JetInsight. Montulli, who worked for Netscape Communications Corporation, coined the term “cookies” or “HTTP Cookies” based on the term “magic cookies.” Magic cookies are packets of data, or tokens, that are passed between programs, often like a ticket read by the sender once the magic cookie is sent back.
Montulli, along with machine learning computer scientist John Giannandrea (now at Apple as a senior executive leading machine learning and AI), drafted the specifications and classifications of the first ever cookies in June 1994. A year later, Montulli applied for a patent. Fast forward to October of 1995, the cookie was officially a technology in Internet Explorer version 2 release.
Although already in the hands of the public, cookies weren’t well known yet when it came out in the public release of Internet Explorer version 2. In fact, it took another year for the cookie to really be in the eyes of the people. In 1996, the Financial Times wrote an article titled “This Bug in Your PC is a Smart Cookie,” then the following day, the Mercury Times published an article “Web ‘cookies’ may be spying on you.” The release of the cookie, quiet at first, was an “internet privacy talk” storm.
“Do cookies track my data? Does it know what sites I go to? Will my wife know?”
- (fictional) people who learned about cookies from 1996–2018
Now, you probably see cookie warnings and agreement terms on websites everywhere. It’s covered in basically every privacy policy to date. Are cookies really that invasive? How do they even work?
If You Give a Mouse/Keyboard a Cookie…
Cookies come from the web server, and passed on to the browser. Consider the coffee rewards card analogy from earlier. At a busy coffee shop, if a customer doesn’t sign up for a rewards card, they will always be treated as a first-time customer. First-time customers may always be asked the same question:
“Would you like to sign up for a rewards card?”
Until they have a rewards card, they will always be asked that question. When the customer, after the n-th first-visit, finally signs up, the coffee shop now has in their system the profile of the customer. The rewards card indicates they’ve been there before, and also your unique identifier for their “coffee customer database.” From there, they have your recent purchases, how many visits you need left to get a free drink, etc.
Let’s see how this works with a website.
The same customer opens their laptop in the cafe to buy coffee beans from an international marketplace website. Upon opening the site for the first time, the site saves a cookie file to the customer’s computer, showing that they have already visited said site. A prompt asks the customer what language they would like to view the site in, and their response is also saved to the cookie. When the customer opens the website again in the future, the website doesn’t need to prompt the language because the cookie file already mentions which language they chose in the first place.
How Smart Cookies Use Cookies
Cookies in today’s internet are not very different than how they were used 5–10 years ago. Their initial and main purpose is to store information meant to identify and make sessions with whoever visits a site. Cookies are very baseline, making them easy to customize, easy to make use of, and in many different ways.
One common way is to track which parts of the site have users clicked and visited, allowing companies to better understand their customers, the customers’ direction flow through the site, and what customers come to their site for.
(Un)Fortune Cookies
The argument that cookies are privacy and content invaders are justified by a pesky creation called a third party cookie. Normal cookies are given to you by the sites you visit, like if you visited Apple.com.
The cookies from Apple.com are considered first party cookies. But let’s say there is an advertisement on the site from a totally different domain, like ads.annoyingads.com. That advertisement can give you their own cookie, that can log which site you saw the ad, in this example: Apple.com. But if you visit another site, like Android.com, which contains an advertisement of the same domain, the advertisement domain can now know that you visited both Apple.com and Android.com.
This information could be useful if you like tailored advertisements, but most times, it does reek of privacy concerns. Advertisement domains can track which sites you visit, based on the sites their ads are in, and knowing that that’s logged somewhere on the internet is already a worry for many.
However, modern browsers, give the option to block third-party cookies, and as the student writer of this article, I urge you to please do so.
Block third-party cookies. Unless you really like tailored advertisements. Then more cookies for you.
All Our Words Are But Crumbs
Cookies, will probably stay in web development for a very long time, as long as the stateless HTTP protocol is still used (if you don’t know what that means, make sure you watch the video). As long as you stay within the first party cookie regions, you’re pretty safe knowing that the cookies you have in your computer are there to help optimize your website surfing experience. Next time you close a first-visit dialog, know that a cookie was just stored in your computer so that you don’t have to click it away a second time. Even sometimes simply visiting a website stores a cookie. Read more about cookies here.
I do have to ask, why isn’t the singular of cookies, cooky?