What are Computer Cookies?
You know that computer cookies have something to do with online privacy. You just don’t really know what that something is.
- What are computer cookies?
- What do they do?
- And what types of internet cookies do you need to know about?
In this article, we dig into the mystery of these little files so you know what you’re getting into if you let computer cookies overrun your device.
Summary: Computer cookies get installed onto your device whenever you visit a website. They are small text files that contain data, such as passwords. That data can improve your browsing experience by speeding up website access. However, cookies also present a privacy risk because they can identity you and help advertisers track you across the web.
The Types of Computer Cookies
There are seven types of cookies, each of which serves a different purpose. Understanding what those purposes are will help you decide whether you want to accept a website’s cookies or not.
Type No. 1 – First-Party Cookies
These are also referred to as persistent cookies, permanent cookies, or stored cookies. First-party cookies get stored on your computer until you decide to delete them. Think of them as a website’s memories of your visit. They help the website to remember any important settings you have, such as passwords and usernames.
You need first-party cookies if you want web pages to remember your user preferences. If you’ve made changes to a site’s language, theme, or settings, those are all stored in these types of cookies. The settings stay in place until you delete the cookie or if it expires.
Speaking of expiration, most first-party cookies last for a year or two.
Your browser will eventually delete these cookies once they expire. However, you can prevent this by visiting the website the cookie came from again. If you want a website to remember your login details, you shouldn’t let these cookies expire.
But there’s a big problem with first-party cookies – they allow companies to track your browsing activity.
This tracking activity is limited to the website the cookie came from. But with persistent cookies installed, companies can see what you’re doing on their websites. This allows them to serve ads or content that they think you want to see.
Type No. 2 – Session Cookies
As the name implies, session cookies track your website usage as you’re using the site. They last for as long as you’re on the website and keep track of changes you make as you browse.
For example, let’s say you’re using an online shopping website. You’re browsing around and picking out items to add to your shopping cart. When you’re done, you head to the cart, get rid of any items you don’t want, and then make your purchase.
So far everything is standard.
That’s how practically any online shopping experience works.
But the experience only works like that because of session cookies. Without session cookies, websites can’t keep track of a user’s shopping cart. The website simply wouldn’t remember the changes you’ve made. So, you’d have to memorize every item you want to buy before adding them all in bulk.
So, you can think of session cookies as a website’s short-term memory. When a user visits, the site creates this type of cookie to basically tell itself, “Here is a new person so let’s remember what they’re doing.” As a result, the website doesn’t treat you like a new visitor every time you click on a link.
The good thing about session cookies is that they collect no information about the user’s computer. They exist for session management only. As soon as you leave the website, the session cookie disappears and the website forgets all about what you were doing on it.
These cookies also contain no personally identifiable information. That means a website can’t use a session cookie to adjust your experience the next time you visit. All of that information is gone.
Type No. 3 – Third-Party Cookies
You’ve probably heard a lot of bad things about computer cookies. That’s why you’re reading this article. You want to know why so many people make such a huge fuss about how cookies can track user behavior.
Most of that fuss comes from third-party cookies.
The big problem with third-party cookies is that they don’t match the domain of the website you’re visiting.
What does that mean?
If you visit Amazon, you expect any cookies that track your browsing habits to come from Amazon itself. And in the case of first-party and session cookies, that’s the case. But third-party cookies don’t come from the website you’re using. They originate from different domains.
Why is that a problem?
Third-party cookies don’t offer any tangible benefits to the browsing experience. Their sole purpose is to track you. The data stored in these cookies get used by the third party so it can learn as much as it can about who you are and what you do on the internet.
Third-party cookies contain information about your browsing history, spending habits, and even personal information about you as a person. They’re typically used by advertisers to create a profile of you, which allows them to serve up targeted ads for stuff they think you may be interested in. The issue is that you might not want some company that you don’t know and haven’t interacted with to know so much about what you’re doing on the web.
The good news is that most modern web browsers provide ways of blocking third-party cookies. You can usually head into the privacy and security settings of your browser to tell it that you don’t want any of these cookies tracking you and what you’re doing.
Type No. 4 – Flash Cookies
Flash cookies are one of the most common types of supercookies.
Unfortunately, a supercookie is not the delectable treat you probably wish it was. Instead, they’re specific types of cookies that are much harder to track down and get rid of than regular cookies. That means you can’t always go into your internet options to get rid of them.
With Flash cookies, website operators use the Flash plug-in to hide the cookies the site installs from your browser’s cookie management tools. That’s why they’re so hard to find. Your browser doesn’t even know they’ve been installed!
And that’s not the only problem.
These cookies are available to all of the browsers you have installed on your computer. For example, let’s say you use Google Chrome to download games but you use Microsoft Edge for anything that involves using your credit card.
You’d expect your cookies to reflect that activity.
The cookies on Chrome relate to downloading and the Microsoft Edge cookies contain more personal information. So, a site you’ve bought something from on Edge can’t access your credit card details if you access it on Chrome.
This is also why your login details don’t carry over from browser to browser. If you have an account with a website that you always access using Chrome, Edge won’t know your details for it. That’s why you get a login prompt if you try to access the same site on Edge.
Flash cookies ignore all of that.
If you visit a website that uses these cookies on Chrome, the data in that cookie gets shared across all of your browsers. Worse yet, Flash cookies can hold a ton of data. They may be up to 100 kilobytes in size, which is huge for a basic text file.
These cookies are also problematic because they’re not stored on your device. You can’t even stop them using ad blockers.
Type No. 5 – Zombie Cookies
Sticking with the theme of supercookies, we have zombie cookies.
If you’re getting images of a cookie rising from the dead to keep coming for you, then you’re not far wrong. A zombie cookie is so persistent that it literally recreates itself if you find a way to delete it.
How can that happen?
Zombie cookies aren’t solely stored by your web browser. Rather, the version in your browser is just one copy of the cookie. A backup of that cookie exists outside your browser’s normal storage folder. This backup is usually held in HTML 5 Web Storage or as a Flash Local Shared Object.
So, you delete the cookie from your browser and it comes back.
You delete it again and it comes back again.
Sadly, not even a head shot is enough to put this dangerous cookie down.
Type No. 6 – Secure Cookies
If there are any good types of tracking cookies, secure cookies are probably it.
These files can only be transmitted via an encrypted connection. In other words, the data inside the cookie gets jumbled up by the website. That means anybody who gains access to the cookie can’t see what it contains unless they have the key needed to decrypt it.
These cookies need to have a “Secure” attribute. As long as that attribute is made active, the cookie will never be sent to your computer over an unencrypted channel. As such, this is the type of cookie you want websites to be using when they’re collecting and storing your personal data.
Generally speaking, you can tell if a website uses secure cookies by checking the URL in your browser. If you see HTTPS at the start of the web address, the site’s cookies are encrypted and less likely to be stolen by somebody who has bad intentions for your data.
The good news is that the majority of websites use this type of cookie today. This graph from Google shows us that 95% of sites send cookies via an encrypted connection, meaning that most of the web cookies stored on a user’s web browser are protected.
However, secure cookies are not perfect.
Even with the “Secure” attribute, web developers shouldn’t rely on secure cookies to protect a user’s financial or login information. The attribute only protects the cookie’s confidentiality. A hacker can still overwrite a secure cookie if they can access it using an insecure connection. Be wary of websites that have both HTTP and HTTPS pages because this creates a gap that a hacker might be able to exploit.
Type No. 7 – HTTP Cookies
Though HTTP cookies are pretty closely related to secure cookies, they’re different things. HTTP cookies are small pieces of data sent to your web browser by a server. Your browser will usually store that cookie and send it back to the server if it makes the same request again.
They’re mostly used to tell if two different requests come from the same browser. For example, let’s say you tell a website to keep you logged in for a few days. That site is probably going to send an HTTP cookie to your browser with that information so you don’t have to log into the site again the next time you visit.
A secure cookie can be HTTP-only. But not all secure cookies are HTTP cookies.
Generally speaking, a secure cookie comes with an HTTP cookie to reduce the possibility of a cross-site scripting (XSS) attack occurring.
With an XSS attack, a hacker injects a bad piece of code into an otherwise trustworthy website. With normal cookies, your web browser won’t be able to tell that this is a bad piece of code. So, the nasty code can access any data your browser has, including the cookies you collect from different websites.
That’s bad news because it can lead to the hacker getting your personal information.
The use of HTTP cookies can prevent this as they can’t be accessed by the scripting programming languages hackers use to make XSS attacks.
Deleting Cookies From Your Device
You can delete most of the cookies saved on your device using a few simple steps. Unfortunately, Flash and zombie cookies are more problematic. Still, this quick guide helps you get rid of the majority of cookies you may not want to have stored on your system.
Deleting Cookies From a Windows PC
You have the option of using almost any browser when using a Windows PC. With that in mind, we’ll offer up some quick steps to get rid of cookies for the three main browsers:
- Google Chrome
- Microsoft Edge
- Mozilla Firefox
Open Chrome and click the menu button. This is the button with three vertical dots.
Click “More Tools” and select “Clear Browsing Data.”
On the window that pops up, use the drop-down box in the “Time Range” option to select the range you want to clear.
Check the “Cookies and other site data” box.
Click the “Clear Data” button.
Open Edge and click the menu button, which is represented by three horizontal dots.
Select “Settings” and click the “Choose What To Clear” button underneath “Clear Browsing Data.”
Check the “Cookies and Saved Website Data” option.
Click the “Clear” button.
Open the Firefox browser and select the menu button, which is three horizontal stripes.
Choose “Settings” followed by “Privacy & Security.”
Scroll down to “Cookies and Site Data” and click the “Clear Data” button.
Check the “Cookies and Site Data” checkbox.
Click “Clear” followed by “Clear Now” on the confirmation box that pops up.
Deleting Cookies From an Apple Device
The steps for clearing cookies on Apple devices are the same whether you’re using an iPhone, iPad, or iPod Touch:
Go to “Settings” and select “Safari.”
Tap “Advanced” followed by “Website Data.”
Select “Remove All Website Data.”
You might also notice that Apple devices allow you to block all cookies. You’ll see the option for this when you navigate to the “Safari” section in “Settings.” While this seems like an attractive option, it’s best not to use it. Blocking all cookies means that a lot of websites won’t work the way they’re supposed to.
For example, you might find that your login details don’t work for some websites. Plus, some websites may block access while giving you a message that computer cookies are required.
Know Your Cookies
Just like regular cookies come in all sorts of flavors, browser cookies have different types too. Knowing what those types are means you can take the necessary steps to protect yourself from invasions of privacy.
But perhaps the most important takeaway from this article is that not all cookies are bad. Some are vital for using the internet with modern browsers. Others help with tracking shopping carts and other dynamic data that is needed for your web sessions.
The ones to worry about are third-party cookies, which give your data to other websites, and zombie cookies. These types of cookies represent the most obvious threats to your security. By clearing your cookies regularly, in addition to avoiding sites that don’t use the HTTPS protocol, you should be able to protect yourself from the cookies that cause issues with your privacy.
Beyond that, try not to think about cookies as the big boogeymen that many make them out to be. Some of them are bad and should be stopped in their tracks. But cookies remain a vital part of the modern web experience. Without them, you’ll find it a lot harder to surf the web.
Frequently Asked Questions
Are computer cookies bad?
Yes and no. Cookies themselves aren’t dangerous to your computer. But they track your browsing history, which creates a privacy concern. Thankfully, cyberattacks using cookies are rare.
Should I delete cookies?
There are several good reasons to delete computer cookies. They slow your computer down, can have an expiration date, and may come from an unencrypted website.
What happens when you accept cookies?
Accepting cookies gives web users a better browsing experience in terms of speed and convenience. They let websites keep track of you so the site loads faster and serves more personalized content.
Author: Tibor Moes
Founder & Chief Editor at SoftwareLab
Tibor is a Dutch engineer and entrepreneur. He has tested security software since 2014.
This website is hosted on a Digital Ocean server via Cloudways and is built with DIVI on WordPress.
Don't take chances online. Protect yourself today:
Protect your Devices
Protect your Privacy
Or directly visit the #1: