Cookies aren’t all that bad
Internet cookies have gained notoriety as trackers, being compared to spies observing your every move on the web. While the primary purpose of cookies is to make browsing more convenient, certain variations of them gather data we would rather keep secret, thus resulting in this unfavorable outlook. But before going into specifics, let’s look at a cookie’s intent and functionality in general.
Reducing the load on web servers was one of the key concerns that led to the creation of the cookie. An online shopping site needed a solution to the content of their customers’ virtual carts taking up a large amount of storage on their servers. The cookie — essentially a text file — was designed to store this content on the customers’ computers instead. This would also solve issues like accidentally closing the browser window, as the cart data would still be on the user’s machine.
Cookies are commonly called HTTP cookies owing to them being used with the HTTP protocol which is stateless. Being stateless means that it does not retain information about the user during multiple requests. A user on a website that requires him to log in would find this extremely cumbersome, as the website would require him to provide credentials for each and every request. That would be for every new page they visit. Thanks to cookies, we never go through such a process. What happens, in reality, is that once a user signs in, the server sends a cookie with the session id. As long as this file is stored on his computer, he can navigate the website with no trouble.
Session cookies is one adaptation of cookies. These are stored in the browser's process and are never written to the hard disk. You can view them in the performance tab in the browser’s developer tools.
Once it is opened you will see one or more cookies stored as name-value pairs. They may look meaningless at first glance, and this is because they were made to be understood by the web server, and the value is encrypted to ensure security. If you happen to delete the authentication cookie, the session will end and you will find yourself logged out of your account.
All cookies have an expiration date. If it is set to session, that means it is a session cookie. These would be deleted once the session ends. The web server would send instructions to the browser for deletion in this case. Some cookies take longer to expire. This attribute allows users to access accounts without signing in every time they do. These are persistent cookies, and they can be found on your hard disk as well.
A cookie’s functionality can be extended to deliver personalized content to a user. This is where the trouble begins. Once again taking a shopping website as an example, tracker cookies can follow a shopper’s clicks on the site and record them in the cookie text file, to create a profile of them. This in turn can be used to suggest similar products. It is this feature that can be exploited and used in the form of advertising, analytics, and social cookies, to name a few.
As shown in the image above, the only cookies are those stored by Medium.com, as I checked while on the said page. When I move on to a different domain, i.e. away from Medium.com, these cookies would not be readable. You can visit a different page and see this for yourself. If, however, there were more names mentioned under “Cookies”, that would imply that they were third-party cookies, most commonly put there by means of ads on the page, even if the user never clicked on them. These too would be able to keep an eye on the user’s movements on the page. Furthermore, there is no guarantee that the tracking will reside once you move onto a different website.
Zombie cookies are a very tiresome adaptation of such tracker cookies. While still originating from a third party, these are permanently installed on a computer, making it extremely difficult to remove them. They are named as such because of their ability to reappear after deletion.
Cookies that are stored on the computer can be located as follows.
For Windows users
On a device running on Windows, Chrome cookies can be found in-
C:\Users\User_name\AppData\Local\Google\Chrome\User Data\Default
Here, replace User_name with the name of your Windows account. After navigation, you will find the cookie file named “cookies”.
For the Firefox cookies go to-
C:\Users\User_name\AppData\Roaming\Mozilla\Firefox\Profiles
There will be a folder with a name composed of a string of characters, and ending with default-release. Here the file of concern is called “cookies.sqlite”.
For Mac users
Mac users have a little bit more work to do when finding their Chrome cookies. Open Finder and select Go, then Go to Folder. Type ~/Library/ in the search bar and select the first result which will be Library. Follow the file path-
Application Support/Google/Chrome/Default/ .
The file name will be “Cookies”.
For both Windows and Mac users, the cookies are not human-readable. They can be managed only by using the browser interface. On Linux, however, they can be read by using SQL commands.
For Linux users
Open a terminal and install SQLite3 package.
sudo apt-get install sqlite3
Navigate to your Firefox profile.
cd /home/user/.mozilla/firefox/profile
user and profile should be replaced with your username and Firefox profile respectively. The cookie file will be called “cookies.sqlite”. To open the contents, go to your profile directory and run-
sqlite3 cookies.sqlite
Next, we need to use SQL to view the contents. Run the command-
sqlite> SELECT * FROM moz_cookies
Feel free to use database commands to filter, sort, group, and view the cookie file contents to your liking.
Now that you can get a look at what cookies are on your computer, you can delete them if they look sketchy. That is an entire process altogether and will have to be covered in a separate article.
It must be apparent to you by now that cookies have many different faces, intents, and purposes. Furthermore, cookies can be repurposed in the case of hijacking where a third party gains access to initially harmless cookies that can then be used to spy on the user’s movements on the web and gather sensitive data. So as you see, it’s never just black and white. There is still much left to learn on this topic so don’t hold back from exploring the many different facets of cookies.
References
https://www.digitalcitizen.life/cookies-location-windows-10/
