An Internet Cookie Checklist – (Who, What, When, Why and How)
What are Internet cookies, what to think about them? Are they useful, harmless, dangerous?
Usually we have to give up one thing to gain another. Cookies are essential to our modern online experience with targeted advertising on websites and predictive search text that seems to read our minds. Cookies help us gain a personalized online experience, but what do we lose? Are we manipulated by our own data?
Who invented the first Internet cookie?
Lou Montulli created the first cookie in 1994. It was tasked with helping a website remember the contents of a user’s shopping cart when they did not want to purchase the items in the same browsing session. He called his invention of the “magic cookie”. The public was not made aware of the existence of cookies until two years later, in 1996.
Image source: world.espacenet.com
What are Internet cookies?
Cookies are files that to have created when you visit a website. The website create and place a cookie on your website browser so that he can recognize you in the future. The cookie is encoded with a unique identifier and includes data about you or your browsing session.
What is inside an Internet cookie?
It depends. This may include your name or address, the pages you visited, the contents of your shopping cart, or information about the pages of the site you visited.
There are different cookies that look for different information. Cookies help websites perform some of the functions we expect from our online experience, such as authenticating a user, remembering a username or credit card number. The information stored in cookies can help third parties take advantage of user preferences.
What are the different types of Internet cookies?
Just like there are dozens of flavors at the bakery, there areThere are also different types of Internet cookies.
First-party cookies have the same domain as the website you are on. These cookies cannot follow you over several sites and are intended to improve your user experience for the site youre on. These cookies are divided into two flavors, session cookies and persistent cookies.
These cookies expire when you close a browsing session. Session cookies are the reason that when you hit the back button, your computer always remembers the article you were reading on a specific web page.
The cookies that remain are called persistent cookies. These cookies are the reason why you do not have to remember your username and password when you return to certain websites or reset the language to default on a website each time you visit it. These cooKies have an expiration set when they are created. Legally it should be deleted after 12 months, but in practice it can be set hundreds of years into the future, unless a user clears their cache before.
Third party tracking cookies
These cookies are the subject of much debate. They create a profile on the user based on their interests, search history, purchasing choices, and browsing behaviors – and reapply that data to the ad. These cookies allow businesses and advertisers to use cross-site tracking to track and research a user’s behavior and retarget it with adware on different sites.
These cookies are responsible for why you see that pair of shoes you thought you were buying appear on ads everywhere you go.
Note: Google announced in January 2020 its intention to phase out all third-party cookies. We talk more about this in our When section: When does Google end support for third-party cookies in Chrome.
A technology called Quantcast brings cookies back from the dead after they are deleted. These cookies are diHard to find and usually located outside of the browser storage where your other cookies are stored. This allows cookies to track the user on all computer browsers. Although created to prevent online gamers from cheating, it has had the uninThe ripple effect of allowing bad actors to install malware on users’ devices, not to mention that it is almost impossible to kill.
When does Google end support for third-party cookies in Chrome?
Google announced in January 2020 their plan to phase out all third-party cookies used on chrome browsers by the end of 2023. With Tor and Brave browsers, Firefox stopped allowing third-party cookie tracking two years ago and Safari stopped 1.5 years ago.
Cookies are not the only tracking technology, so while prohibiting third-party cookies is useful, there are workarounds that are already in use on browsers that already prohibit third-party cookies. A few are Ultrasonic tags, Silverlight Isolated Storage, IndexedDB, pixel tags and HTML5 Local Storage.
When are the laws on cookies Wrong thing?
- A cookies policy
- Create an explicit consent banner
When you does not allow cookies, what will happen?
More the website could still allows in, even if you may not have access to all of the site’s features. You can sometimes be blocked from accessing the site If you not give consent. This is called a cookie wall and is in place for websites which are not designed to operate without cookies.
Where can I find the consent banner for a website using cookies?
The banner usually appears immediately on a web page as a fixed footer called a browserwrap, or as a popup. It can provide options to personalize your experience, a statement with an accept button, or an option to exit.
Here are some examples of consent banners that offer different options.
Image source: Google Image Search
Why is it called a cookie?
There are two theories as to why Lou Montulli called his invention a cookie.
- It’s like a fortune cookie, which has a message inside that says something about the user.
- Inspired by Grimm’s Hansel and Gretel, the cookie represents the trail of gingerbread crumbs that Hansel left that created a path from outside the forest to him. Cookies (crumbs) lead you to the user.
HOW? ‘OR’ WHAT
How do I delete my cookies?
Each browser has small differences in how to delete cookies. Sometimes they are stored in a .txt file, other times in a .sqlite file. We have included the guide for each browser:
How Can cybercriminals use your cookies?
Hackers can steal your cookies, determine your browsing history, and use a hacking method called Cross-site scripting (XSS) to break into your accounts. We take a closer look at the theft of cookies in our Fake WordPrssAPI Stealing Cookies and Hacking Sessions blog post.
Another risk is that cookies can lead an attacker to gain unauthorized access to a website’s backdoor. We discuss mitigation strategies in our article on evaluate cookies to hide backdoors.