Not good for your health and your privacy too

There are a lot of websites that uses cookies for various purposes these days. Whether you buy cookies (to eat) or anything from Amazon’s website or login to Instagram in your browser, cookies are used almost everywhere. Amazon uses them to target you with ads based on your shopping.

Social sites saves your login sessions so you don’t have to login again every time you want to add a Disqus comment to multiple websites. And bloggers and website makers use cookies to have count of unique users visiting their websites. And that’s why, they are useful and sweet in many ways.

What exactly is a internet cookie?

Cookie, in the internet world, is a small data file that are stored in your browser cache, that can do useful things mentioned above. Modern browser cookies do the work of identifying your computer but they serve the additional purpose of tracking your activity.

For example, when you visit a website, like Amazon, the site will store a cookie on your computer that contains a unique ID. Amazon uses this ID to track your session where it knows what items you looked at. And then it suggests other items in their ads, based on this information.

How are they useful?

Cookies are also used to keep track of your login so that you don’t have to input the same password many times again and again. They can also remember the layout or appearance of a page previously. For example, dark theme in YouTube.

They can also help how many unique visitors visit a particular website where each user is assigned a unique ID within a cookie. This is important for web masters who need analytics data for development.

They can also remember arbitrary pieces of information that the user enters previously into form fields such as names and credit card numbers.

There are one important type of cookies called as authentication cookies to know whether a user has logged in or not and the account they are logged in with. As the login information is sensitive, the data needs to be encrypted and website needs to be secure.

Types

There are three important types based on their lifespan and source.

• Session cookies - These are the one that remain in main memory. As main memory is volatile and stores data temporarily, these disappear once they complete their work. The browser deletes them when you close it. They don’t have an expiration date assigned to them, which is how the browser knows to treat them as session cookies.
• Persistent cookies - Unlike session cookies, these are assigned a time period according to the creator. This means, in that lifespan, the information in the cookie will be transmitted to the server every time the user visits the website the cookie belongs to, or visits a resource on other site belonging to the website (advertisements).

For a reason, persistent cookies are also called as tracking cookies as they can be used to know browsing habits over a time period. There are also good uses such as keeping users logged in their social media accounts to avoid login again and again.

• Third party cookies - They belong to a different domain which is not visited by user. They appear in websites that feature content from another websites, like banner ads. This is how advertisers can track you across websites.

Privacy concerns

Since cookies communicate with their servers each time you visit a cookie enabled site, they can be used to track you across multiple sites which is intrusive and creepy. Also information in the them can be compromised. Your passwords may not be stored in cookies, but the identifier can be used to essentially steal a logged in session.

And the attacker can access your bank account, medical records or any other sensitive information without even knowing your password.

Also browsers stores them in ‘plain text’ format without any encryption. Also Google’s Project Zero researcher Jann Horn described that cookies can be read be intermediaries, like your ISP/Wi-Fi hotspot providers.

How to stay safe

There are many options to stay safe on the internet. You can block third party cookies so that other websites cannot track you on a website.

Also you can use inPrivate/incognito mode in your browser when you are using public Wi-fi. This can prevent websites from tracking you in future based on your activities in inPrivate/incognito mode.

One more good step is to keep your device storage encrypted so that no attacker can compromise your privacy by accessing cookies.

In Windows 10, you can do this by enabling Device Encryption in Settings > Update and security. Learn more about keeping Windows 10 safe here.

Lastly, you have to be careful about the websites you visit and trust. Don’t visit malicious websites and that will help a lot. Although, it’s difficult to trust someone in the internet world these days.