Most people know about the existence of online cookies from the annoying prompts that ask you to accept them whenever you visit a new website. Have you ever wanted to know more, for example, what online cookies actually are and why they’re controversial? Here are five facts that will bring you up to speed.
1) What Cookies Are
Cookies are small text files websites send to your browser when you interact with them. Some cookies are temporary, like the contents of a shopping cart or your sorting preferences on an e-commerce store. These are deleted once each visit, known as a session, ends. Other cookies persistently store data on your device.
2) What Types of Cookies There Are
The distinction most relevant for user privacy and security is between first-party and third-party cookies. Websites need first-party cookies to work properly. Without them, you couldn’t log into your accounts or finalize shopping orders. Most first-party cookies fall under the necessary cookies you’re asked to accept to allow a site to function as expected.
Websites can also contain cookies from chatbot services, advertisers, and analytics companies. These are called third-party cookies since external sources – or third parties – provide them.
3) They Can Be a Privacy Risk
Third-party cookies can compromise one’s privacy. Ads and other third-party content contain embedded cookies that report your visit to their domains. Since scarcely any website doesn’t supplement its revenue from ads, their provider can log all the sites you visit and create a profile based on that.
These profiles help advertisers sort you into categories like “pet owner” or “college student” and display ads they think are relevant to you. However, detailed profiling can also uncover private information and potentially endanger your accounts by helping anyone with access to this information make educated guesses on passwords, answers to security questions, etc.
Some cookies track you based on your IP address, and others use your geographic location for profiling. That’s why hiding your IP address and location can reduce the effectiveness of third-party cookies.
4) Even First-Party Cookies Can Be Misused
While not malicious on their own, first-party cookies can become attack vectors for cyberattacks. For example, you could download malware from suspicious sites or phishing email attachments that infect your system and send sensitive information back to its creator. This information can include session cookies, which, if not secured, may allow an attacker to impersonate you or hijack the session.
Autofill is another security concern caused by storing personal information in a browser. While useful and convenient, it can also expose information like logins or form field details. Browser vulnerabilities may allow attackers to access stored autofill information without your knowledge.
Password managers mitigate these risks by creating and storing complex passwords in encrypted vaults rather than in a browser’s insecure storage. Their autofill function requires conscious user input, preventing accidental logins. Finally, password managers for Windows, Mac, or other operating systems keep records of known malicious websites and will prevent you from automatically entering credentials or personal information on them.
5) Third-Party Cookies Will Soon Disappear
Users’ increased privacy concerns and laws like the GDPR or CIPAA that govern how entities store and handle data are contributing to third-party cookies’ waning popularity. Most browsers let you opt out of them by default, and even Google has begun phasing them out in favor of less invasive, more transparent alternatives.
While they’re still in use, third-party cookies will hopefully soon become one less security and privacy concern to worry about.
