Most of us have heard of cookies in relation to the internet, but we’re not quite sure what they do, or whether they are helpful or harmful. HTTP cookies, also known as web cookies or browser cookies, are small pieces of data that websites store on your computer. They are text files designed to retain information about your internet usage in order to speed up future browsing. In the early days of the internet, before we knew much about privacy risks, cookies seemed harmless, but they can be misused to track internet users and collect their personal data.
That being said, cookies are still an integral part of the modern internet and many websites wouldn’t function without them. Some cookies, called authentication cookies, communicate with sites that require you to sign in (online bank accounts, shopping sites, social media accounts etc.) to let the page know whether or not you are currently logged in. This prevents the website site from sharing personal information if you haven’t entered your password. Authentication cookies are an important component of online security and privacy.
Session cookies are another common type of cookie which help the internet function more smoothly and are generally harmless to the user. Also called in-memory or transient cookies, session cookies function while a website is open. They store information you’ve entered and help pages to load more smoothly, but they are automatically deleted once you shut the browser window. Session cookies can also be made more secure by being encrypted (called secure cookies) so that they only load over an HTTPS connection and are less liable to attack.
Third-Party and Tracking Cookies
Third-party cookies are cookies that don’t have the same domain as the site you are visiting. They are commonly used to track your browsing habits so marketing companies can develop a profile and target you with more relevant ads. These types of cookies aren’t deleted when you close the page, so they are also called tracking cookies or persistent cookies. While targeted advertising isn’t necessarily bad, there’s always a risk anytime companies collect and store your personal information. In the wrong hands, this data can be used to damage your reputation or assist hackers who want to access your accounts. The EU now requires companies to obtain specific consent before installing these types of cookies. Most browsers will also allow you to block third party cookies, and ad-blockers can help to further limit your exposure.
Cookies themselves won’t infect your computer with a virus, but they are a privacy concern and in some cases they can be manipulated by hackers to steal information or commit other crimes. These are some of the most dangerous types of cookies that have been known to cause problems.
- Flash Cookies – Adobe’s Flash technology leaves behind a ‘Flash cookie’, a data file created on your computer that, according to Adobe, helps to ‘enhance your web-browsing experience’. Flash is an older technology that’s still supported, but it is considered to be a privacy risk and most websites don’t use it any more. Modern browsers have Flash turned off by default or will ask your permission before using it and Adobe has promised to phase out the technology completely by 2020, so Flash cookies are less of a problem that they used to be.
- Permacookies – This marketing mistake is a good example of how cookies can be misused. In 2014, two US companies, AT&T and Verizon, implemented ‘The Relevant Advertising Program’ which marked customers’ internet requests with a Unique Identifier Header (UIDH) or permacookie that allowed the company to spy on them and collect personal information for the purposes of advertising. Even worse, it allowed hackers who knew about permacookies to track people using AT&T or Verizon cell phones. AT&T stopped the program, but Verizon attempted an opt-out fix and was eventually fined USD $1.35 million by the FCC.
- Zombie Cookies – These are cookies that continue to come back after you’ve deleted them. The re-creation command is stored elsewhere on your computer, often in association with a flash cookie.
Clearing your computer’s browsing history regularly will help to delete cookies. You can also clear cookies from your browser and adjust your settings to limit third-party cookies or reject cookies altogether. If you’re not sure how to find these controls, these are the basic steps for four common browsers.
- Google Chrome – Settings-Advanced Settings-Privacy-Content Settings
- Internet Explorer 8, 9 and 10 – Internet Options-Privacy Tab
- Mozilla Firefox – Options-Privacy Tab
- Safari – Preferences-Privacy Tab-then Details to see stored cookies
Deleting Flash cookies is more challenging. In the latest versions of Windows, Flash cookies are stored in the ‘User’ file on the C drive under ‘INet Cookies’. To see this folder you will need to open Windows Explorer and uncheck ‘Do no show hidden folders and files’. You can also go to the Adobe Flash Player’s ‘Global Storage Settings’ to manage your settings so third party Flash cookies won’t be stored on your computer. However, if you’re using the most up-to-date version of your browser, it’s likely this isn’t necessary, as it will already warn you when Flash is being used.
Download our Online Privacy Guide here