Why Are We So Afraid of Cookies?

What are Cookies and why are we, the Internet Surfers, scared of them?

What are cookies?

Cookies are known by a lot of names — website cookies, browser cookies, or internet cookies. We’ll refer to them as just cookies in this article. Be sure not to get them confused with the delicious baked ones (which are more fun to talk about, honestly). Unlike the tasty ones, internet cookies are just encrypted text files sent by the browser and stored on the user’s computer. They contain data such as information you have shared on a particular website, the buttons you may have clicked, and also about your general visit to the website.

Cookies allow a website to distinguish you from others in the sea of surfers. Cookies are mostly used for advertising. Based on the websites you’ve visited previously it shows ads that you would be most likely be interested in. Someone who has visited a clothing website such as ASOS will be able to see more and similar products by them or by similar websites.

Types of Cookies

Just like there are types of baked cookies like chocolate chip, peanut butter (god knows who eats that!), and so on, there are several types of internet cookies as well.

Session Cookies

They are also known as transient cookies and non-persistent cookies. These cookies are stored in temporary memory and aren’t retained after the browser is closed. They act as bookmarks for the website. This means that these cookies tell the server which pages are needed to be shown to the user so that they don’t have to start navigating from the start again.

Persistent Cookies

Also known as permanent cookies, these cookies are the opposite of session cookies in some senses. Persistent cookies have a certain lifespan and expiry date. This means that for the entirety of its life, the cookie will store and transmit the information to the server. The lifespan of these cookies is dependent on the creators. They are also called tracking cookies as they can store geographical location, IP addresses among other things.

Secure Cookies

A secure cookie is a cookie that can only be transmitted over a secure connection i.e. HTTPS. This is made so that theft of cookies can be prevented, however, I wouldn’t say it isn’t possible to steal information from these cookies. A network attacker can overwrite the “secure” cookies from an insecure channel, disrupting its integrity. Therefore, it is said to never store confidential information on cookies as the “Secure” flag doesn’t provide any real protection.

Third-Party Cookies

All cookies have an owner, this owner has all the rights to the cookies. The owner is the domain specified in the cookie. When a cookie has a different domain from the one shown in the address bar, this is called a third-party cookie. It’s a bit difficult to understand from the definition itself so let’s see an example.

Suppose you visit “abcdef.com’’ and the cookie placed on your hard-drive has the domain “abcdef.com”, then it is a first-party cookie. However, if the domain on the cookie is anything apart from “abcdef.com” such as “xyz.com” then it is a third-party cookie.

Supercookie

According to Wikipedia

A supercookie is a cookie with an origin of a top-level domain (such as “.com”) or a public suffix (such as “.co.uk”). Ordinary cookies, by contrast, have an origin of a specific domain name, such as “example.com”.

A supercookie isn’t a traditional cookie. This is because it can’t be deleted and removed from your browser history as most cookies can. These are usually inserted by your Internet Service Provider. They can be used to impersonate a legitimate user and other things as well.

Zombie Cookies

These cookies are created as soon as they’re removed. This happens because they are stored in the backups other than the browser’s cookie storage. This is also the reason why they’re difficult to manage and detect. They can be used even if the browser hasn’t allowed all traditional cookies to be received.

The Fear of cookies

Most of the fear we have about cookies is due to exaggeration that we might have seen in some articles or some ads by security products. Exaggeration like cookies slow your internet connection and can be considered as viruses as well. This is not true, however, there are ways in which cookies can be manipulated to be used in unfavorable ways. Let us discuss some of the main threats that cookies pose (or used to pose).

Persistent cookies, more specifically third-party persistent cookies, are used to track some information. This information can range from a product you saw on an e-commerce website to your geographical location, device information, and your search queries. All of this can be collected without your consent and can be used in any way the domain wants.

Supercookies are another type that was used specifically to collect data about the users. As explained before these cookies are inserted by the ISP and the information is stored with them. This means that any breach to the storage of the ISP can result in massive identification theft. In addition to this possibility of a breach, this information can be sold to third-parties as well.

Should we still be scared of them?

You shouldn’t be scared of cookies anymore. The Cookie Law has been put in place and prevents the cookies from being used in harmful ways to a great extent. This law ensures that all sites ask for permission before actually allowing cookies to be formed during the visit. Also, it has reduced the tracking aspect of cookies that can be used.

Any website found not following the cookie law is going to be fined by the regulators. In the EU it would be the European Data Protection Supervisor (EDPS) and in the US, it would be the Federal Communication’s Commission (FCC).

Along with all of that, you can destroy any cookies that have been allowed or formed, if you so choose.

What are the benefits of cookies?

Cookies are very light in size and very easy to implement as well. They are stored on the user’s computer and hence this doesn’t put any load on the server. They help you in going back to a page more quickly. One of their main benefits is that they can be persistent, this means that the user’s information can be stored in the cookie. Because of this, we don’t have to login again and again. This also helps in filling up information in a form. Due to their ability to track, cookies can be used to personalize certain websites for you. This makes the general browsing of the Interwebs easier.

So much talk about cookies has made me hungry, I’m going to go eat some now!

Thank You for Reading!

Found this post useful? Kindly hit the 👏 button below to show how much you liked this post!

Inheaden is a young IT and software startup based in Darmstadt, Germany. As an “Idea and Tech Factory”, we have set out to be a driving force of innovation, digitization, and automation with a focus on the areas of services, products, and research. Under the Inheaden brand, we work on individual “high performance” software solutions that bring a change. Modern designs, innovative technology approaches, and IT security for our partners and customers are important components of our work profile.