Why do we need cookies and how they’ve turned into a spying machine?
Cookies are small text files that websites use to remember information about user visits.
For the average user, cookies are not harmful. For example, if you accidentally close the tab with an online store's website, the products added to the cart will still be saved. In addition, each time you visit a particular resource, you do not need to enter a username and password – the browser loads them independently. This prevents the server from overloading and increases website opening speed.
The range of information that cookies store is quite broad. Various services remember almost every user action. These are some examples of what cookies, in particular, can remember:
when and from what device the user visited the website;
user preferences in language or font size;
user's IP address and location;
the version of the operating system and browser. Naturally, with such an amount of data, cookies have become a handy tool for analytics and marketing.
How do cookies work? When the server requests the website and tries to open it, the browser receives data from it. The data contain information about the user as it is generated and stored on the device. Then, when you visit the website, the data is sent along with the request.
At first glance, cookies look harmless for an average user. To some extent, this is true. Cookies cannot contain malware or spread viruses to the user’s device. However, there is more to it than that.
To understand why cookies can be harmful let’s look at major variations of cookies. In the cyber world cookies come in two types: session and persistent.
Session cookies are used only while the user is navigating a website. The cookies are deleted as soon as the browser is closed.
Persistent cookies remain on a computer indefinitely or are deleted after expiration. Besides, they can be deleted by the user.
There are also first-party and third-party cookies.
Submit your email and get a free demo.
A first-party cookie is created and stored by the website you visit directly. It allows site owners to collect customer analytics data, remember language settings, and carry out other valuable functions that help provide a good user experience.
Third-party cookies are created and placed by third parties other than the website you visit directly. Every time the user visits a website, a third-party cookie monitors user data, collects it, and then sends it back to a third party. Some common uses include cross-site tracking, retargeting and ad-serving.
Importantly, cookies themselves are not 'executive' files. Once on a computer or smartphone, they will not delete your photos. Crudely speaking, most cookies are text data containing information about what socks you like best. Cookies are not legally referred to as personal data, as it is impossible to personify someone by using them. On the other hand, hackers, having gained access to your cookies, can impersonate you.
Undoubtedly, the user can totally disable cookies in the browser. However, with cookies disabled, you cannot use websites comfortably. Therefore, it is much more reasonable to systematically clean cookies manually.
That is how cookies can help to track the user. However, the user may not notice it. That is why it is crucial to understand how they function and what the consequences of clicking the «accept all cookies» button may be.
Subscribe to our newsletter to receive a quick overview of the latest news on human risk and the ever-changing landscape of phishing threats.