The Cookies you get asked to accept on your devices, rather than the indulgent, chewy, sweet variety, are essential to functioning websites. But in the wrong hands, they can open up a vulnerability to your privacy and online security.
Wed 29 June 2022
As a necessary part of web browsing, Cookies help web developers create a more personal, convenient and engaging website experience.
Cookies do this by enabling websites to remember you, your website logins and your shopping carts, for example.
But they can also be a treasure trove of private info for scammers and criminals to spy on. Cookies can track your web journey, keep a record of where you link to, what you clicked on, even how long you looked at a particular ad. Worse, legitimate Cookies can sometimes be spied upon if a criminal gets access so it's best to understand what they are and how they can be deleted.
The good news is that even a basic understanding of Cookies can help you keep unwanted eyes off your web activity.
What are Cookies?
Cookies are small bits of text held in the code of a website that are downloaded to your browser as you surf the web. Their purpose is to carry bits of useful information about your interaction with a particular website.
A Cookie might be designed to hold on to your name for example, or to see what interests you online.
Cookies are used to tell the server that a user has returned to a particular website, creating a crumb of data labelled with an ID unique to you and your computer.
When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you. This can be really helpful, for example when filling in forms, Cookies can help populate the information quickly.
Cookies generally do not contain any information that would identify a person. Usually, they contain a string of text or ‘unique identifier’. This acts like a label. When a website sees the Cookie, it knows the browser is one it has seen before.
If you use a different computer, open a new web browser or delete your Cookies, the website will treat you as if you have arrived for the first time (and a new cookie will be set).
Each search query and website visit is independent at its core; the data in Cookies speeds the process, personalising your web surfing experience to your past preferences. If you've ever reviewed your browser's privacy settings, you might have been surprised to see how many web Cookies have been downloaded without your knowledge.
A lot is happening of which you're unaware. The average user never thinks to consider the many behind-the-scene applications designed to simplify his or her web experience.
What are Cookies used for?
Cookies can be used for a variety of reasons including for example:
- To help remember your preferences on a website.
- To understand how you and other users are using the site (i.e. to tell what the most popular news story of the day is; to record how you responded to a new design or version of the site)
- For logging in to a service or to make sure you're logged in securely (these Cookies may contain information such as your email address and your name – the information you gave when you signed up. The website you signed up to is the only site that can access this information.)
Advertising Cookies are the worst!
The Cookies that appear to cause the most controversy, however, are for managing the advertising you see on a website.
Have you ever searched for something online, only to find that you are inundated by ads about that very thing across your social media accounts? That’s Cookies in action, remembering what you looked at and then enabling advertisers to serve up ads because the Cookie has told them you might be interested.
A Cookie can record when and where you saw an ad, where in the world you might have been when it happened and whether you clicked on it.
If websites choose to pool some of the information this type of cookie collects as part of an ad network, the systems used by advertising delivery companies can create "segments" of browsers that display similar behaviours.
They will use this to try to conclude what the people behind the browsers might be interested in: ‘football lovers’ ‘adrenaline enthusiasts’ or ‘adventure holiday takers’, for example. Cookies that do this are known as third-party advertising Cookies.
Over time they learn which types of ads are most effective to these groups and can sell this service to advertisers.
So, should I accept Cookies?
Always remember that Cookies can be an optional part of your web experience.
How do I get rid of pop-up Cookies?
Remember, if you feel vulnerable you can always get rid of Cookies. To get rid of Cookies when using a Chrome browser for example, simply:
- On your computer, open Chrome
- At the top right, click More Settings
- Under ‘Privacy and security’ click Cookies and other site data
- Select an option: Allow all Cookies. Block all Cookies (not recommended). Block third party Cookies in Incognito. Block third-party Cookies.
Can Cookies steal passwords?
Cookies do not directly display passwords; instead, they contain a hash that stores your password. When a password has been hashed, it has been scrambled so only the website it came from can read it. The website uses a unique encryption algorithm to encode and decode the hash.
What happens if you block all Cookies?
Here are some examples of what happens if you block all Cookies:
- You may not be able to automatically sign in to a site because your saved username and password are deleted.
- Some web pages or features won't function.
- You may see a message on websites asking you to enable Cookies for it to load.
Can someone hack you through Cookies?
You could become a victim of ‘cookie stealing’ or ‘session hijacking’. This is when a hacker gains access to a browser and mimics users to be able to steal Cookies from that browser.
The top 5 Cookie myths!
- Myth #1: All Cookies are malicious. False.
- Myth #2: Cookies spy on everything you do online. False.
- Myth #3: Cookies are linked to individuals. False.
- Myth #4: Deleting Cookies makes your computer faster. False.
- Myth #5: Blocking Cookies reduces pop-ups. False.
How can I be safe with Cookies? How can I remove Cookies?
Since the data in Cookies doesn't change, Cookies themselves aren't harmful.
So, if you so choose, you can limit what Cookies end up on your computer or mobile device.
They can't infect computers with viruses or other malware. But, some cyber attacks can hijack Cookies and enable access to your browsing sessions.
The danger lies in Cookies’ ability to track individuals' browsing histories.
Removing Cookies can help you mitigate your risks of privacy breaches. It can also reset your browser tracking and personalisation.
But before removing them do remember if you allow Cookies, it will streamline your surfing.
However, for some users, no Cookies security risk is more important than a convenient web experience. Removing normal Cookies is easy, but it could make certain websites harder to navigate.
Without Cookies, internet users may have to re-enter their data for each visit. Different browsers store Cookies in different places, but usually, you can:
- Find the Settings, Privacy section — sometimes listed under Tools, Internet Options, or Advanced
- Follow the prompts on the available options to manage or remove Cookies. To remove tracking cookie infestations and more malicious types, you'll want to enlist the help of some Internet security software
Although much of the public concern around Cookies would suggest otherwise, they can be controlled if you know-how:
You can set your browser to delete Cookies every time you finish browsing.
If you don't delete Cookies, you can set "opt-out" Cookies on your browser. Each type of tracker will usually have an opt-out. In the Safari app on your Mac for example, choose Safari > Preferences, click Privacy, then do any of the following:
- Prevent trackers from using Cookies and website data to track you: Select “Prevent cross-site tracking.” ...
- Always block Cookies: Select “Block all Cookies.” ...
- Always allow Cookies: Deselect “Block all Cookies.”
To manage Cookies on Safari, go to Safari > Preferences > Privacy, and then click the "Manage Website Data…" button. This displays a list of all websites that have stored Cookies on your computer that can be used to track your browsing. It also shows you any other data that a website stores (such as cached files). You can go through them one by one and delete as desired. It's not a bad idea to just do a Remove All on Cookies every few months, just to clear things out.
What happens if I delete all my Cookies?
When you delete Cookies from your computer, you erase information saved in your browser, including your account passwords, website preferences, and settings. Deleting your Cookies can be helpful if you share your computer or device with other people and don't want them to see your browsing history.
What is the benefit of deleting Cookies?
When you use a browser, like Chrome, it saves some information from websites in its cache and Cookies. Clearing them fixes certain problems, like loading or formatting issues on sites.
Most of the time, Cookies are no big deal. There are a few occasions, though, where you should decline Cookies. Don't worry - if you find yourself in a situation where you need to decline or simply want to decline for whatever reason, most websites will work just fine without collecting your information.