Cookies, or, to give them their formal name, HTTP cookies, are text files made up of tiny bits of data, which are stored on a web browser. These tiny bits of data are used by websites to track a user’s journey, enabling them to offer features that are specific to each individual user. Because of this, cookies are at the heart of a website’s functionality.
On the one hand, cookies are integral to the way the internet works, but they’re also a cause for concern when it comes to security and privacy risks. However, by understanding how cookies work, both day-to-day users and developers can protect themselves from the negative aspects of these tiny bits of data.
With this in mind, this guide provides an in-depth overview to cookies. It has been broken down into two usable parts:
Understanding Cookies — A Layman’s Guide: all of the basics you need to know as an everyday internet user.
What Is a Cookie Made Up Of?
For each specific user, there will be bits of data that are associated with them by cookies. For example, when you go to a website, you may be identified as “User X” by a cookie that’s been delivered by the site. Therefore, if you leave the site but return to it later, the cookie you’ve been given will be used by the site to identify you as “User X” who’s been on the website before.
Different Types of Cookies
There are a number of different ways cookies can be grouped together, and below we’ll look at the four most common. This should hopefully add to your understanding of how they are used as well as how they work.
What is NOT a cookie?
It is not a virus, not a Trojan, not a worm, not spam, not spyware, nor does it open pop-up windows.
The Risks of Cookies and What You Need to Watch out For
When you’re using the web, you’ll want to know what risks are presented to you by cookies, how you can view them, and how to delete them, if necessary. To start with, we’ll look at the risks involved with cookies, which can be placed into two categories — fraud and the invasion of one’s privacy.
- Session Cookies
- Persistent Cookies
- First-Party Cookies
- Third-Party Cookies
Cookie Tossing Attack
In a cookie tossing attack, a user is provided with a cookie by a malicious site, which has been designed to look like it’s come from the targeted site’s subdomain. For example:. Therefore, when the user goes to the targeted site ( ), all of the cookies are sent, including legitimate ones and the subdomain cookie. Where the cookie that’s interpreted first is the subdomain, this data will overrule any of the legitimate data contained in the other valid cookies.
The above examples demonstrate that, in most cases of cookie fraud, the cookies are being used to perform malicious actions using the legitimate user’s identity, or to falsify a legitimate user’s identity.
Protecting Yourself Against cookie Fraud
The first important thing to note is cookies aren’t viruses, even if they’re malicious. They cannot execute actions on your computer because they’re made up of plain text, which means you aren’t protected against malicious cookies through your antivirus software. Instead, there are a couple of things you can do to prevent yourself from becoming the next cookie fraud victim:
- Make sure your browser is updated: a lot of the cookie exploits carried out are designed to make use of an outdated browser’s security holes. Today, a lot of browsers update automatically. But if you are using a browser that’s out of date, you should update it straight away.
- Avoid any sites you’re not sure about: if you ever receive a warning about a site, whether it’s from a search engine or your browser, don’t go onto the site.
Viewing and Deleting Your Browser’s Stored Cookies
The process of viewing and deleting the cookies stored by your browser is relatively easy, especially with most modern browsers. Even though this can vary with each browser, you’ll generally need to enter the privacy and security section of your browser’s settings.
Here, you should be able to locate an option which allows you to see the cookies that have been stored. As you view each of these individual cookies, you’ll be given the chance to delete any of the ones you want to permanently remove from your browser, as well as an option to delete them all if you want.
Controlling Cookies Through Browsers and Devices
Creating a Cookie Control Policy for Your Browser
It’s obvious cookies are integral to the internet, but along with their benefits there are also disadvantages. Even though they provide a website with features that are business critical, they also present users with a number of privacy and security issues.
However, it’s clear cookies aren’t going to be going anywhere soon because most websites are using them in one way or another. Therefore, educating yourself on how cookies work and how you can protect yourself from cookie fraud and invasion of your privacy, you can be better prepared to take advantage of them without putting yourself at any risk.