They are a necessity if you want to interact with a site, sometimes they make the interaction easier, and in some cases, they are watching you. What can you do about them and is that really that bad? In this article.
The Origin and Big Brothers
In June 1994, Lou Montulli invented cookies as a means to store the data on a user’s device when he visits a site. It allows the site to remember if the user already visited the site and what the user did. Therefore it became possible to implement some new features. For example “shopping carts” would have been impossible to use if not for the cookies. Login and password storage, remembering the search requests are common features nowadays.
When this technology became known to the public, in 1996, it already invoked a lot of media attention, especially regarding the concerns about users’ privacy. It’s not a big surprise. Third-party cookies, for example, are designed to relegate the data about user behavior to other companies. Facebook, or Google, or whatever marketing agency would want to benefit from this data.
Of course, gathering the data from just a single site brings little value, but if their tracking code snippets are installed on every third site on the web, you are on the radar whenever you visit one. Some have even more ways to keep an eye on you.
Google’s algorithm, for example, sees what video you see on Youtube, can analyze your search requests, the time you spend on the web, the time you spend playing games from Google Apps, your schedule, which sites you visit, the place you visit it from, your behavior patterns, and, under some circumstances, even your movements.
What even makes them want to have that data? As creepy as it may seem, their main concern is earning money. They adjust the ads they are showing you so that you purchase the goods.
If it seems like not that bad of an idea, there was a case, when the first “person” to know about the girl’s pregnancy, was a retail company’s marketing algorithm. Imagine, what can such a giant as Google can do with all the data it stores!
Why do sites share the data on their visitors? Well, there are two main causes. First, they can opt to sell it. Simple as that, however, to make a profit of it they need a big visitor count and a lot of carefully analyzed data. The second case is if they use some services. Services, such as Google Analytics, provide sites with means to store and analyze the site visits data, but at the same time, they get the same data too.
Of course, such power needs to be tamed and controlled. GDPR and CCPA are regulations of the European Union and the USA respectively. They proscript the sites to briefly notify new visitors on what cookies are, how they use them, and the option to turn off all of them except for essentials. So far less than 15% of the websites follow even minimum requirements.
How to Find Out if Cookies are Used and How to Manage Them
Most browsers provide a way to check what cookies the site uses.
To confirm which cookies the site uses, first go to the website page via the Private window. Then enter Chrome DevTool (hotkey F12) and click on the Application tab. In this tab, you can find the list of every cookie the site stores. You can also google search their names to find out what they do.
To confirm which cookies the site uses, first go to the website page via the Private window. Then enter Storage Inspector (hotkey F12) and click on the Storage tab. In this tab, you can find the list of every cookie the site stores. You can also google search their names to find out what they do.
A similar function can be found in a number of other browsers, for example, Safari.
The other way, a more informative one, is to use browser extensions. Such add-ons as Ghostery can disable most of the site trackers, and even make comprehensive reports about the site tracking technologies used.
Browsers also provide a way to delete cookies it uses. However, unless their usage is blocked, you will acquire them again by visiting the site you previously used.
Most browsers store cookies as separate files that can be found on the computer. For example path to Google Chrome cookies looks like this: “C:\\Users\\user_name\\AppData\\Local\\Google\\Chrome\\User Data\\Profile 1”. Although you need to replace the “user_name”.
Mozilla Firefox is an exception, as all the cookies it uses are stored as one file.
Fingerprinting and Other Perils
Cookies can be used in other ways to harm your security. Zombie cookies are extremely persistent types of third-party cookies that can bypass cookies’ restrictions and are extremely hard to delete, as they reappear if you are to do so. Hence the name. They are mostly used by analytical companies to store your browser history. But they also can be used by individual sites as a measure to ban specific users from entering.
Another, not intended danger is an old, but rapidly developing method of hacking, called “cookie hijack”. Basically, the goal of the hacker is to gain a copy of your cookies. The methods can vary, from simple phishing to computer worm viruses. But if the hijack is successful, the hacker can impersonate the victim and, for example, gain complete access to their bank account.
Some sites are implementing preventive measures, but an increase of successful cookie hijacks in recent years proves that this method is still popular.
However, cookies are not the only way analytical companies watch you. Fingerprinting is a much younger method to track users across the web. It originates from the year 2012 and is primarily used by data brokers. Unlike cookies, the data they gather does not come from files stored on your computer, but rather from the way you interact with the site.
For example, that kind of technology can find out what monitor you are using, what is your browser, what type of audio system you use, what is your IP address, what is your geolocation, and many more. All you have to do is visit the site with the tracker installed and the more you interact with it, the more data they gather. They build the user profile in their database and keep a record of their activity. And by using a user profile database they can track them across all the sites the tracker is installed to.
Data brokers sell the information about users to all who might take interest in it. Mostly it is marketing companies and the info is used to adjust the ads that are shown to you. But in fact, anyone can buy information about a person’s activity on the web. And unlike cookies, they do not ask for your consent to start running.
Apologists claim that many sites use this feature to fight cybercriminals, like pirates or credit card frauds. The Tor browser, accompanied by VPN can be a solution to that problem, as its main focus is anonymous usage of the internet and personal info security. The recent update of Mozilla Firefox also provides counter-fingerprinting measures but to a far lesser extent.
In the Aftermath
Cookies are a necessity, they allow websites to run smoothly, provide convenient features, and some sites can not be accessed without them. But at the same time, they can be used to gather information about you. Most of the time it is just to show you personalized ads.
The survey conducted in 2020 shows that for 90% of internet users, the matter of privacy is extremely important when surfing the web. However, that number decreases every year. And the final paradigm of “how private the Internet is” is yet to be decided.