So, you accepted all cookies to access a particular website. Let me guess, you didn’t read a single line before doing it, right? You just clicked the “Accept all cookies” button to access the content you needed. But after doing it, a sort of alarm started ringing in your head. You pushed the ‘red button’, you know it, but you don’t know yet the consequences this can have.
Cookies are not new in the Internet panorama, but every day websites push you to accept them strongly. And it can be annoying! They have to ask for your consent and you have the right to reject them, that’s true. But sometimes you visit websites to get urgent information or to make an urgent decision and as soon as you load the site, there’s this pop-up notice about cookies stopping your access until you accept all cookies or decline them.
Common sense dictates to read the whole document before accepting anything. These are not times to neglect the danger and the high number of cyber crimes that hit companies and regular users daily. Understanding what cookies are, their purposes, and how to protect yourself from criminal attempts will be very helpful for you to get exactly what are you accepting or denying.
What are cookies?
Cookies are little files containing information produced by a web server and sent to the web browser of your device. This means that every time you visit a website, it generates these files (text). More than one cookie can be set on the user’s device during an Internet session. Commonly, each cookie contains two data fields, a site name, and a unique ID for every user. This information is encrypted. It’s important to know that cookies are only files containing data. They are not programs. This means, they send the information they contain but they can’t access the rest of the information you have on your device.
Cookies used on the Internet are known also as HTTP cookies. The reason is simple; they are sent through the popular HTTP protocol.
What are cookies for?
Cookies are a very useful tool for web developers to offer to users a personalized, faster, and better user experience. They are mostly used to collect and store data about your visit to a specific website and your preferences. This data is stored on the web browser of your devices so when you request to visit the website again, the cookies (information) allow the website to remember your logins, shopping cart, language, currency, the specific buttons you clicked during the previous session, the pages you visited, the data you entered in forms fields (name, last name, address, card numbers to pay, passwords), etc. So, you don’t have to invest extra time defining these preferences every time you access the same website.
The main purpose of cookies is to remember your interests in order to make the website more useful and efficient for you. Cookies are an efficient tool not to have massive amounts of users’ data stored on a server. Besides, if you get what you need faster, you’ll have a better experience on the website, and hopefully this’ll entice you back. And that’s exactly what website owners want, to not lose customers but instead keep them happy with their products or services and to sell them more.
The time for cookies to store the users’ information is defined by the cookie developers. Cookies’ lifespan can be limited, for instance, only as long as the user’s session lasts, but they can last more, days, weeks, or years. These last are called persistent cookies.
We’ve explained the main objective cookies have – but different cookies can have different purposes. In general, they should be safe. The problem is, like with all technology, who’s behind its use? Cookies can also collect private information and track you through the Internet without your consent if they are programmed for such a task and it’s there that the risk comes. Criminals can be behind cookies to spy on you and to get your data. Criminals can also access legitimate cookies for evil purposes. Consequences can be just as scary as you can imagine.
How do cookies work?
Generally speaking, when you visit a website for the first time, information about your preferences is collected during the time you spend on it. Your device will download cookies directly from the website’s server. The cookie contains information about your preferences. Later, if you revisit the same website, your device (browser) will check if there’s a cookie linked with that specific site. If it finds such a cookie, it will send it back to the website which will identify you and remember the data related to your previous visit (username, e-mail address, password, preferred language, currency to pay, products you checked, etc.). All this communication takes place through the HTTP protocol.
Cookies provide the memory of previous events (states) into the otherwise stateless HTTP transactions. For example, you login into an e-shop, then you search for computers, you choose one and then you are sent to the page where you can pay. Without the proper cookie, your identity should be authenticated after every action you tried, especially to reach the last one (payment).
Types of cookies
We mentioned that cookies can have different purposes and therefore, there are different types of cookies.
These are the most common type of cookies. Such a cookie helps a website to identify and remember a device while visiting its different pages. Rephrasing, the cookie links specific website activity to its corresponding user. For instance, through one of these cookies, websites identify you and recall your login information. Usually, the cookie and the transfer of the information it contains finish when the user’s session ends. They are considered the safest type of cookies.
These are the type of cookies used to remember users’ information to show them relevant content. One of the most popular uses of these cookies is to display specific preferences users have shown during previous visits to the site.
Using these cookies, websites can personalize your experience by defining the colors of the pages, language, currency, name or nickname, etc. you prefer.
These cookies are designed to collect useful data for website owners and developers to understand better how users interact with their website or platform. Based on this information, they can improve their systems, making them more efficient, friendly, etc.
These cookies are useful to manage the security of the users’ sessions. They are produced when you log into an account through your browser. Your account data gets associated with a cookie for ensuring your identity (authentication) and the delivery of sensitive information to the right user session.
Marketing or tracking cookies
These cookies track users’ browsing activity and store information related to the websites they visit, their habits (how long you spend on the Internet, on specific sites, at what time, when, etc.), interests, preferences, and purchases. Based on this information, marketers can target markets and build profiles of users to offer relevant ads. They can also analyze and monitor the results of their campaigns and communication far more effectively and accurately.
Marketing specialists and big ventures have abused these cookies’ use, but they are not the only ones. Different websites install a big number of cookies on the users’ browsers to collect their information and sell it to different companies.
Social networking cookies
These cookies connect a website to a third-party social media platform. They store the users’ data once they signed into their account on a social network from the website they are visiting. You will have for sure seen that different online shops give you the choice to sign in with a social network account. When you do this, you can share with others what you like or purchase and that means a lot for these websites, free promotion and access to more (and potential) users’ information.
They are also known as ever cookies or super cookies. These cookies produce different versions of themselves, a sort of backups, so even if you delete them, they come back to life within your browser. The lack of ethics is not rare, therefore the use of this type of cookie is still popular.
A third-party cookie is a cookie that does not belong to the website you loaded through your browser. They are commonly used to track users’ activity on the Internet. Not only within a website, but also other sites they visit during a session.
Based on the different purposes, cookies are frequently divided into essential and non-essential cookies. Essential cookies are the ones considered necessary for the website to perform properly. For instance, authentication cookies are essential for a website or platform to guarantee security. Non-essential cookies are not strictly necessary for the website or platform to perform. That’s why you can reject them all. Frequently, these cookies can be very invasive and a risk to your privacy and sensitive information. Just think about third-party tracking cookies or Marketing cookies.
I have accepted all cookies, am I in trouble?
Cookies don’t infect devices with malware but remember they do store your private and personal information.
If the criminals appear on the scene, you can be in trouble. They can hijack the cookies to access the user’s browsing sessions. For instance, if you sign into a website through a public Internet connection, cookie theft can happen because the session cookies are not encrypted. A cybercriminal can get the data stored in the cookie and access your account. Depending on the type of account they access (e-mail is the most common), based on the sensitive information you have there can affect how much trouble you may be in.
It’s not only criminals using the information stored in the cookies. If you accept the cookies, you allow brands, Marketing companies, and whoever wants to sell something to you to track your activity through the cookies installed in your browser. This information is gold for them to build a customer or user profile. Through time, they can know how regularly you buy things online, what you’ve been searching for, how much you spend online… etc. Preferences, habits, and a socioeconomic profile can be built and the more information they can access, the more complete the profile will be. As a result, you can be the target of a lot of ads offering products or services. Some users can feel harassed, while others consider this useful.
How to protect my privacy (cookie information)?
You can protect the information that gets stored on cookies (files) through safe actions like:
• Always prefer safe, private Internet connections over public Wi-Fi.
• If you have to connect your device to a public Internet spot, don’t send sensitive information. To use public, unprotected Wi-Fi for banking, shopping, and even accessing social network accounts can mean a big security risk.
• Use Virtual Private Network (VPN). It’s a safe practice we all should consider. Nothing is too much when it’s about protecting sensitive information.
• Avoid sharing private information (passwords, bank card details, etc.) through public computers. If you don’t have a choice, be sure you log out correctly and delete the cookies of the public device you used.
• Log out properly of your different accounts once you don’t use them.
• Use the browser in privacy mode. The browser won’t store your browsing history, cookies, and temporary files.
• Install a browser add-on to define your cookie preferences. There are many free extensions you can use to disable third-party tracking and block ads.
• Set up security software to protect your devices from Internet threats.
Now more than ever, information is gold! To know more about you (user), your habits and preferences can mean money for all types and sizes of companies and criminals. Cookies are useful for developers and should not harm you, but it’s better to not run the risk. Now you know more about cookies and what they mean, this is your first step towards protecting yourself.
There’s a lot more to learn about cookies, and we’d be happy to tell you all about them, so if you’re interested, just let us know!