Cookies. We are all privy to the deliciousness and baked goodness that is globally known as a cookie. Cookies can come in several flavors; say from chocolate chip to macadamia nut. Hold on, what does desert have to do with IT? Interestingly, cookies are a very important concept to understand when thinking about IT and cybersecurity. This is because cookies reveal a lot about you from your web browser and your cookie knowledge can determine how anonymous you are online (how private you are.) Not only are cookies important for privacy and anonymity, but ultimately this concerns your safety as an internet user. 

What Are Cookies?

Cookies in the IT world are an absolutely necessary part of interacting with the internet. They are actually small files, or pieces of data, that are an integral part of every web browser’s interaction with the rest of the network. Why that particular name though? Why is e-mail that is unnecessary called spam (and all the other food references?). Well, because it is easy to memorize and describes the functions as simply as possible. A cookie crumbles, and can leave a trail of cookie crumbs, right? In the same way, a cookie is about a tiny bit of information or data that is communicated from the browser to the rest of the network. Other information suggests that the source of the term actually came from ‘fortune cookies/magic cookies’ e.g. a piece of data with a message within (which would be the correct technical description.) Cookies are found in every OS (Operating System) out there, which means macOS, Windows, and Linux as the three main ones everyone uses. Before today’s modern ‘HTTP’ cookie, ‘magic cookies’ existed that were simply pieces of information sent back and forth that allowed a user to login into a database or internal network. Today, cookies are specifically used between the web browser and the rest of the internet. Cookies store information such as credentials, tracking information, personalized information (shopping online for example), and other information about the user session. A web server reads cookies thereby identifying you each time you log on to a website, in order to ‘recall’ data from previous user sessions making the interaction more efficient. A more visual metaphor would be the following; think of a cookie like a parking ticket for your car. A parking ticket identifies you and your car in the shopping mall’s database, as well as giving you the ability to leave and return with that same ticket. Cookies are stored on your devices to allow web servers to free up space on theirs, while also saving them data storage and money on web server maintenance.    

Why You Need to Be Careful With Cookies

Cookies are a necessary part of web browsing, but there are several negative consequences if the user does not apply proper web browsing best practices nowadays. In fact, most people know that ‘clearing’ web browser data on exit (which is a function of many privacy-focused browsers nowadays) is good for your internet privacy. This is because cookies leave a trail of ‘crumbs’ that can be used to identify you, target you with ads, and potentially lure a cybercriminal to you eventually. Although cookies on their own cannot become malicious files (they are not classified as malware) a cybercriminal can effectively hijack cookies and exploit them to breach your browsing in an unauthorized manner. 

There are several types of cookies, each with its definition;

  • First-party cookies
  • Third-party cookies
  • Miscellaneous cookies

First of all, first-party cookies are those that are instantly created by the webserver (web page) that you are accessing (often called strictly necessary cookies.) Secondly, third-party cookies are those that are created by another party other than the web page that is directly accessed. Finally, miscellaneous cookies are those that can be permanently stuck on the user’s computer or device which are often a nuisance just like third-party cookies are.

The Risks Associated With Third-Party Cookies And Web Browsing Best Practices

Third-party cookies and miscellaneous cookies are where you need to be careful. This is because these types of cookies are used by analytics data gathering companies and advertisers to track user habits and behaviors across the web. They can also track your browsing history if not cleared and communicate that personal information with websites without your knowledge or consent. Furthermore, a trail of unchecked cookies around the web can lure in cybercriminal sharks or fraudsters to you. Cookies are an optional part of web browsing in that if you are happy to log in each time you browse, have the browser forget your activities and preferences (if this is not an inconvenience for you) then you can decide to block almost all cookies or clear them every time you exit your browser. Do not fear, as there are solutions for these potential issues in the section below;

  • Clear your cookies and browsing data once you are done with your browsing session, typically found in your browser privacy settings
  • Block third-party cookies permanently
  • Use a privacy-oriented browser in anonymous mode like the Brave browser
  • Use a premium Virtual Private Network software that will offload cookies to an external server instead of your local device
  • Use a premium anti-malware program that will scan for unnecessary files offline as well as in real-time while browsing and if necessary remove them for you
  • Opt-out of internet tracking companies manually by searching for the opt-out feature online

Cookies can become a double-edged sword. They are convenient for storing your preferences and aiding in personalization (remembering items in your shopping cart or log-in details) but can be potentially dangerous as well. Research shows that many websites store user browsing cookies (data) for several days, some indefinitely. To protect your privacy, anonymity, and cybersecurity (internet security) the best strategy is to stick to the tips above as well as remember the following; never share data online if not necessary, make sure that the site you are visiting has a valid SSL certificate and finally use complex unique passwords across all of your online accounts. Oh and of course, remember to brush away those cookie crumbs from time to time.