Website Cookies — A Guide on User Privacy
Website cookies, also called HTTP cookies, are text files stored on a browser that contains small bits of data. Websites use them to keep track of users and enable user-specific features. In simple words, they let websites remember you, your website logins, and more.
They are necessary for core website functions like shopping carts. And sometimes, they are controversial, like Google and Facebook ads.
Cookies are related functioning of a website, privacy concerns, and security risks. That’s why you should have a good understanding of them.
I’ll talk about different aspects of cookies, cookie fraud, and invasion of privacy.
Let’s get started.
Basics of Website Cookies
Everyone should know about cookies, whether you are an average internet surfer or a web developer.
An American company named Netscape invented cookies in 1995. They brought a solution to the persistence problem in HTTP sessions. But they became famous with a Financial Times article that discussed their dangers.
Fun fact: As the developers were Americans, they named them cookies. If they were British, we would have “biscuits” now instead of cookies.
Now let’s talk about what a cookie is made up of. At its core, the cookie is a collection of bits of data associated with a specific user. Let’s say you visit the website ABC.com. The website will assign you a cookie which means it will identify you as “User A.” Now, if you close the tab and come back later, the website will use the cookie it assigned you previously to identify you.
In the minimal form, it has two bits: an identifier for a unique user and some information about this user. But not all cookies are that simple. Some of them contain information for the browser about future actions.
There are some complex cookies like the authentication cookie. If you log in to a website, this cookie stores your details. So when you interact with that site, it will let the browser know that this particular user is logged in.
Different Types of Cookies
These types of cookies are temporary. They are deleted from your history when you close the browser. They have a lower security risk.
They have more security risk than Session Cookies because they stay on your browser for a longer period. They can track your browsing activity on different sites.
They are created by a site other than the one you’re visiting. They are mostly used in advertising.
Although it’s complex, you should know about cookie fraud. Most of the time, it will be a harmful website attacking another website or a normal user’s activity being tagged with a false session ID for game tracking systems.
Here are 2 common types of cookie fraud:
Cross-Site Scripting (XSS)
After visiting a website, a user receives this cookie that contains a script payload that targets another website. However, this cookie looks as if it came from the website that’s being targeted. Attackers can use it to get past certain access controls like the same-origin policy.
Attackers can take over valid user sessions using this fraud. It involves a malicious cookie that contains the session ID of the cookie’s issuer. So when the user logs in to the targeted domain, the cookie issuer is logged in instead of the user.
Protecting Yourself Against Cookie Fraud
Cookies can be harmful, but they are not viruses. They won’t be able to run a .exe file on your machine because they contain text. That means your antivirus software won’t help against cookies.
However, I recommend using the following things to avoid cookie fraud.
- You should be using an updating version of your browser. Older versions of a browser can have security issues against which cookies can be used. Top browsers update automatically, but you still want to make sure it is up to date.
You want to click on a website, but you are not sure about it. Then, don’t click on it. Don’t visit websites that search engines and browsers warn you against.
Invasion of Privacy
Invasion of privacy is a bigger risk than cookie fraud. People point fingers at websites like Google about user privacy.
Think about it. Many websites on the internet have some kind of Google resource such as Google Maps, Adsense. It means they are constantly adding information to their servers about the visitors. Some people regard the use of data by Google as creepy.
Besides Google, Facebook also “serves” users with targeted ads by mining more and more data. If you use the internet and let browsers accept cookies, your moves are tracked.
Protecting Your Online Privacy
Dealing with cookies is not that simple. However, you can use the following things to limit your privacy invasion.
- Work on your browser’s privacy and security settings. Find these options in your browser’s menu and change the cookie policies accordingly. You can put restrictions on websites, but don’t make it too hard to access certain features on different websites.
Use “Incognito” or “Private” browsing mode. This way you can use the internet without cookies. Modern browsers use no existing persistent cookies. And even if any cookie is created, it gets deleted when you close the browser. If you choose this method, you won’t be able to use features like “Saved Passwords,” “Favorites,” and “Recommended For You.”
Final Words on Website Cookies
Understanding website cookies is important. They let you know how your information is stored in sites, and how you can have more control of your privacy online.
What is your take on user privacy? Do you think that Google and Facebook are invading our privacy to show targeted ads?
Do let me know in the comments below.