A cookie is a small text file with a unique identification tag stored on a user’s browser directory. Cookies contain data such as usernames, emails, passwords and preferred settings and are created during visits to websites that use cookies. The primary purpose of a cookie is to help web developers to keep and track a user’s browsing activities and then collect data the system can use to identify the user’s computer or mobile device to make browsing convenient.
Despite strong merits, cookies can be harmful to user privacy. A cookie can be hijacked by cybercriminals to spy on or track browser history data without users’ knowledge or consent.
Before accepting a cookie, users should check if it’s a first-party cookie, third-party cookie or zombie cookie. A first-party cookie is generally safer than a third-party and zombie cookie. Some platforms now block third-party cookies, with Google planning to do the same on the Chrome browser by 2023.
Table of Contents
What Is the History of Cookies?
The word “cookie” was derived from “magic cookie” by Lou Montulli, a computer programmer. In 1984, then an employee at Netscape Communication, Montulli brought the idea of using magic cookies for web communications. That year, Netscape was working on an e-commerce app for MCI. Wanting to stop keeping incomplete transaction states on MCI servers, the company asked Netscape to find a way to keep the state on each customer’s computer instead. Montulli and John Giannandrea then wrote the first Netscape cookie specification, which was featured on Mosaic Netscape, version 0.9beta. This new version was released on Oct. 13, 1994, to support cookies. The first use of cookies outside the lab was to check if Netscape’s website visitors had previously visited the website.
The general public didn’t know about cookies at the time, as cookies were accepted by default during website visits. The general public later learned about cookies on Feb. 12, 1996, when the Financial Times published an article on the subject. This prompted significant media coverage, especially on concerns of user privacy. The U.S. Federal Trade Commission held hearings in 1996 and 1997 to discuss that issue.
The first discussion for a formal cookie specification started in April 1995 on the mailing list of www-talk. The Internet Engineering Task Force also formed a special group within the organization. Brian Behlendorf and David Kristol each proposed an alternative method for introducing state in HTTP transactions, but the group, headed by Kristol and Montulli, decided to start with Netscape cookie specification. In February 1996, the special group discovered third-party cookies to be a threat to user privacy. In February the following year, the group published the specification produced as RFC 2109, which specifies that third-party cookies were either not allowed at all or at least not enabled by default.
Advertising networks were already using third-party cookies at that time, and the recommendations of RFC 2109 about third-party cookies were not obliged to by Internet Explorer and Netscape. In October 2000, RFC 2109 was superseded by RFC 2965, which included the header field “Set-Cookie2,” informally called “RFC 2965-style cookies.” The original “Set-Cookie” header field was informally known as “Netscape-style cookies.” However, Set-Cookie2 was rarely used and was deprecated in RFC 6265 in April 2011.
What Are Cookies Used For?
Cookies are used by websites to make browsing easier for users. For instance, login details are saved so users can conveniently log in without having to type in details or when users forget passwords. The general uses of cookies are detailed below.1. Session Management
Session management involves the exchange of user information between the web server and browser to allow the server to recognize the user and retrieve the user’s session from the session database so that the user session can be resumed.
The function of session management is to allow websites to recognize and remember users’ login details and recommend content based on users’ preferences. Session management has performance benefits as well.
2. Personalization
Personalization utilizes third-party cookies, which are mostly used by advertising companies or marketers. User sessions are personalized and used for customized advertising.
Personalization works by using browser history data to show a user custom ads. For instance, if a user searches “office furniture,” that data will be used to show the user ads from companies that sell office furniture. Personalization could be beneficial but poses a threat to user privacy. If the user had searched for “office furniture” without the intention of buying and then received ads for office furniture sales, the user’s experience would be impacted.
3. Tracking
Tracking involves keeping the record of a user’s online activities such as search history, clicks, shopping preferences and location.
Tracking is either used by websites to remember user’s details or activities for website analytics or optimizing the browsing experience. Third-party websites use tracking for targeted ads. Tracking has performance benefits but can be annoying when used for targeted ads.
What Are the Types of Cookies?
Generally, cookies function the same way but have different applications. Understanding the types of cookies will also help users understand the functions of those cookies. The two major types of cookies are given below.
1. Magic Cookies
Magic cookies were the old term used to describe packets of data received and sent by a program without changes. The “magic” implies unknown or unreadable data recognized only by the software and not the user. Predating the cookies in use today, magic cookies were originally used by Unix programmers. Magic cookies can either be identification tokens or passwords used to gain access to database systems.
2. HTTP Cookies
HTTP cookies are small packets of data exchanged between a server and a web browser. HTTP cookies are upgraded versions of magic cookies and are currently used to determine if later requests came from a familiar web browser. HTTP cookies are also used by web browsers to personalize, track and manage users’ sessions.
What Are the Types of HTTP Cookies?
The two types of HTTP cookies are explained below.
1. Session Cookies
Session cookies are only used during online sessions. Session cookies are saved in the Random Access Memory (RAM) and not the hard drive, which means these types of cookies are stored temporarily. Session cookies are automatically wiped at the end of every session or when the browser is closed.
Session cookies are used by websites to keep users’ information and track page-to-page movements, so users don’t have to re-enter the same information provided earlier. E-commerce sites make use of session cookies to remember the customers’ selections and add items to the shopping cart. Without session cookies, customers would click on the “checkout” button only to find the shopping cart empty.
2. Persistent Cookies
Persistent cookies are used by websites to remember the user’s preferences, settings and other data, such as bookmarks or login details. Persistent cookies are stored permanently on the hard drive of a user’s computer and remain saved even after a session expires or the web browser is closed. However, persistent cookies still have expiration dates of one to two years, after which the data is removed.
Why Cookies Can Be Dangerous
Cookies can be hijacked by cybercriminals for privacy invasion. Hijacking cookies will give cybercriminals access to track users’ browsing history, login credentials and preferences, which can be used for blackmail or theft. For instance, a user’s bank login details can be hijacked and used by cybercriminals to steal the user’s funds.
What Is a First-Party Cookie?
A first-party cookie is directly from a website and is generally safer as long as the website is reputable and has not been compromised. First-party cookies are used by websites to remember user details and preferences such as passwords and preferred language. A first-party cookie also helps websites to understand users’ online behavior.
A good example is Amazon. When customers sign in to their Amazon accounts, a data file for the Amazon domain is saved on customers’ browsers. That file is an example of a first-party cookie, which allows customers to remain signed in and store items in carts until checkout.
What Is a Third-Party Cookie?
A third-party cookie is mainly used by third-party websites. A third-party cookie is not as safe as a first-party cookie because the cookie is not created by the website a user browses through. For instance, if a user visits a website with five ads, five cookies will be created on the user’s system, even without clicking on the ads.
A third-party cookie is used by ad networks or analytics companies to track users’ browsing activities across all other websites displaying those companies’ ads. The information collected is then used to display targeted ads to users.
What Is a Zombie Cookie?
A zombie cookie is an HTTP cookie that resurfaces after being deleted. A zombie cookie is stored outside a web browser’s cookie storage location. When a zombie cookie gets deleted, the cookie places a stored replica in the web browser’s storage, making this type of cookie very difficult to remove.
A zombie cookie is also used by advertisers to retrieve unique user IDs, even after deletion, to continue tracking user browsing history for marketing or advertising activities.
Is Allowing Cookies Good?
Yes, allowing cookies is a good practice. The purpose of cookies on computers and mobile devices is to benefit users. Cookies are very useful as these small packets of data help websites provide visitors with a convenient online experience by remembering login details, language, theme or currency preferences, keeping shopping cart items, and the like.
Are computer cookies bad? Cookies are safe and can’t infect computers or mobile devices with viruses or malware. The only danger of cookies on computers or mobile devices is what hackers can do with user personal information if hijacked.
How to Allow Cookies?
The steps to allow cookies on various operating systems and web browsers are given below.
On iPhone Safari:
- Open settings on the iPhone home screen.
- Scroll down and click on “Safari.”
- Scroll down to “Privacy and security.”
- Disable “Block all cookies.”
On Chrome (Android):
- Open the Chrome app.
- Click the menu icon on the top-right corner.
- Select “Settings.”
- Click “Site settings.”
- Select “Cookies.”
- Toggle the switch next to “Cookies” on.
On Mac Safari:
- Open the Safari app.
- Click “Safari” in the menu bar.
- Select “Preferences” from the drop-down menu.
- Locate and click on the “Privacy” tab.
- Uncheck the box next to “Block all cookies” to enable cookies on the computer.
On Chrome (Mac and Windows):
- Open Chrome on the computer.
- Click on the menu icon (three vertical dots) in the top-right corner of the app.
- Scroll down and click “Settings” from the drop-down menu.
- Click “Privacy and security” on the left-side menu.
- Select “Cookies and other site data” on the main menu.
- Click the button next to “Allow all cookies.”
On Mozilla Firefox (Mac and Windows):
- Open the Firefox app.
- Click the menu icon (the three horizontal lines) in the upper-right corner.
- Select “Preferences” for Mac and “Settings” for Windows from the drop-down menu.
- In the left sidebar, tap “Privacy and security.”
- Click “Custom.”
- Uncheck the box next to “Cookies.”
How to Remove Cookies?
The different methods to remove cookies are given below.
On iPhone Safari:
- Open settings on the iPhone home screen.
- Scroll down and click on “Safari.”
- Scroll down to “Privacy and security.”
- Enable “Block all cookies.”
- Also, enable “Prevent cross-site tracking” to block third-party cookies.
On Chrome (Android):
- Open the Chrome app.
- Click the menu icon on the top-right corner.
- Select “Settings.”
- Click “Site settings.”
- Select “Cookies.”
- Toggle the switch next to “Cookies” off.
On Mac Safari:
- Open the Safari app.
- Click “Safari” in the menu bar.
- Select “Preferences” from the drop-down menu.
- Locate and click on the “Privacy” tab.
- Check the box next to “Block all cookies” to delete cookies on the computer.
- Check the box next to “Prevent cross-site tracking.”
On Chrome (Mac and Windows):
- Open Chrome on the computer.
- Click on the menu icon (the three vertical dots) in the top-right corner of the app.
- Scroll down and click “Settings” from the drop-down menu.
- Click “Privacy and security” on the left-side menu.
- Tap “cookies and other site data” on the main menu.
- Select either “Block all cookies” or “Block third-party cookies” to remove cookies from the computer.
On Mozilla Firefox (Mac and Windows):
- Open the Firefox app.
- Click the menu icon (the three horizontal lines) in the upper-right corner.
- Select “Preferences” for Mac and “Settings” for Windows from the drop-down menu.
- In the left sidebar, tap “Privacy and security.”
- Click “Custom.”
- Check the box next to “Cookies” to clear cookies on the computer.
What Is the Difference Between a Cookie and a Cache?
A cookie is a small text file with a unique ID tag stored on a user’s browser directory and contains data like usernames, email addresses, passwords and preferred settings. On the other hand, a cache is a fast data storage layer that stores data subsets, mostly transient, so that future demands for such data are delivered faster than accessing the primary storage location of the data.
The difference between a cookie and a cache is that a cookie’s data is stored both on the server and web browser, while cache data is stored on the browser only. Another difference is that a cache expires manually while a cookie expires automatically.
A cache also consumes more space than a cookie. A cache stores data such as images, CCC, Javascript and Html pages, while a cookie stores browser history and user data.