Most of us love a baked tasty cookie treat especially chocolate chip or macadamia and white chocolate. But the computer type cookies are quite different indeed. Popularly known as just “cookies” but also referred to as:

  • browser cookies
  • Internet cookies
  • HTTP cookies
  • web cookies
  • computer cookies
  • or digital cookies

What are cookies?

Cookies are bites of information that a website can save in your browser. We’ve all seen the message, “we use cookies” when we’re browsing websites. This is where websites ask your browser to save cookies whenever the browser asks it for a page, picture, download, or any other bite (piece) of information. If accepted, these cookies are stored on the web browser of your device, until the cookie expires. The browser will keep it and send it back to the website whenever it requests anything else.

“Stateless” is the way web browsers and websites talk to each other. In other words, each message is totally independent and secluded from all the other messages. To clarify, it’s like talking to someone who has forgotten who you are after every conversation. It’s like talking to someone with severe alzheimer’s, after every sentence, they instantly forget who you are.

But cookies provide a link between messages, it’s one of its most common uses. So, a website can remember who you are. It can tell that a message came from the same person.

To do this:

Firstly, a website sends a web browser a cookie with a unique ID the first time they communicate. Secondly, the web browser repeats the unique ID back to the website every time it sends a message.

Therefore, cookies allow sentences to link into conversations – it’s the language of the web.

The functionality of cookies allows us to be able to

  • log in to any websites,
  • keep wish lists,
  • see recommendations
  • use web-based video or instant messaging,
  • or do most of the other things we rely on websites

Certainly, websites can read their own cookies, but can’t read cookies saved by other websites.

However, third-party cookies are an issue. It has led to most of the problems we have come to associate with cookies, infiltrated via a loophole.

Tracking with third-party cookies

Most people realise that cookies are used by advertising companies such as Google and Facebook advertisers. They track users as they browse the internet, as they go from site to site, the profiles on them are built up. In other words, advertisers know what they are looking for or what sites they’ve visited, then they show them target advertising, specific for them.

Facebook and Google rely on third-party cookies to track somebody across multiple sites like this.

Website can only read cookies that it has created however individual web pages can come together from different components such as images and invisible bits of code. These components are hosted by multiple websites.

If you browse a website that includes a component pulled from another website (a third-party), that third-party website can send and receive cookies along with the component. And then if you browse a different website that includes the same third-party component, the third-party can read its cookies on both sites.

In other words, this is how Facebook and Google track their users across the web. Facebook uses their Like buttons whereas Google uses advertising code – called third party cookies. So, they can tell when you visit a site that includes one of their components because they can read their own cookies.

Importantly, if you block or delete those cookies the tracking stops.

Session cookies, persistent cookies, and “super cookies”

Like the delicious cookie treat, digital cookies have different flavours such as:

Session cookies: are cookies that expire whenever you close your browser

If a website uses session cookies for logins, then as soon as you close your browser you will be logged out. When you visit next, you’ll have to log in again. Online banking uses this type if session cookie to tell the website that you have logged in successfully.

Persistent cookies: aren’t deleted when you close your browser

In other words, Persistent cookies last until you delete them, or until they expire. These can prove useful for remembering your username. When you visited a website, you’ve logged out of it can pre-fill your username.

Persistent cookies can last forever well at least until 2038 on 32-bit systems. But surely, you’ll be using a different device by then.

Super-cookies: are technologies that act like cookies but are can’t be blocked or deleted like regular cookies

These are the type some unethical third-party advertisers use because they can’t be blocked or deleted. So they are persistent using things like ETags or browser fingerprints

So, are cookies bad?

No Cookies are important for the operation of the web. And used for many, helpful things.

However, cookies are used for as third-party tracking for those adverts that continually follow us around the web.

Most importantly, cookies can be controlled because all browsers let you delete cookies. There are several browser add-ons available that successfully block cookies or control the cookies you will or won’t say Ok to.

Meanwhile in reply to the increased concern over cross site tracking by third parties some browsers automatically block third-party cookies by default such as Firefox, Safari, and Brave. And google are working on tracking technology for the privacy-conscious called FLoC, and has plans to block third-party cookies in 2023.

Cookie consent

Websites that fall into the European Union (EU) district must ask for your consent before they can set cookies. These are the cookie popups we see as we browse websites. It has led to web users seeing an abundance of cookie popups. Leading to “cookie fatigue“, and that privacy has not been improved, some argue.

If you decline to accept cookies from site to site, you’ll see consequences vary. The site may work perfectly to the site not working at all.

Will a VPN stop tracking cookies?

No. A Virtual Private Network (VPN) protects internet traffic and keeps your identity private online. It guards your privacy by masking your IP address and your location. It bypasses your traffic through an encrypted tunnel that no one can see into including rogue WiFi hotspots, hackers, governments, or ISPs that want to sell advertisers information about your browsing habits.

A VPN would have to look at your web traffic as it passed through its servers to block or rewrite cookies. In other words, it’s impossible for most web traffic as VPNs can’t read encrypted communication, like HTTPS.

And if it were possible, it would most likely cause malfunctions on some websites. But people who use VPNs would more than likely prefer their VPN provider stay out of their traffic, anyway, being privacy-lovers.

I must admit all this talk of cookies is making me hungry.

How can we make your business better with IT?