Let’s Talk About Cookies!
Category
Cybersecurity Fundamentals, Privacy
Risk Level
Cookies help enhance our browsing experience, but what are the risks? Learn more about how cookies work, what data they collect, and how you can protect your data from misuse.
Have you ever wondered how your recent search for a clothing item shows up on your Facebook newsfeed as an ad? Your internet browser remembers and reflects what we like, but the question remains - how does the browser store those memories? The answer is through “Cookies”. In the next few sections, we will discuss what internet cookies are, how cookies are being used to help your user experience, why you should be aware of cookies, and, most importantly, what safety measures you can take to protect yourself.
“What are cookies?”
To simplify what a cookie is in the context of technology, it’s a small text file sent to your internet browser by the website you visit for a better user experience. It is part of most websites' technology stack; we have all been using it for a while now. When a user visits a website, your internet browser such as Firefox, Chrome, or Safari begin the required process and send the request to the server that hosts the website to view the webpage. Next, the server returns the webpage with the necessary information, often including cookie information. This information exchange between the user, the website, and its server improves the user's future visits as well as the websites to deliver content, services, advertisements, recommendations, and generate statistical reports.
“How do cookies work?”
Let's get into some technical details. When you visit a website for the first time, your internet browser sends a request to the server that hosts the website. The server returns the short text file, along with other crucial information, to your internet browser. The information provided in the text file includes the cookie’s information, such as authentication information like your login info. This text file is saved on your hard drive to avoid any interruptions caused by errors, such as accidentally turning off your computer. It is called a "persistent cookie". The browser delivers the same text file on your hard drive, and additional information to the server’s side the next time you go back to the same website.
When you visit the same website again, your browser sends the request to the server along with the same cookie information. The server then identifies all of the related information and returns the 'desirable' and 'personalized' information to you. Because of the cookies, when you click the 'likes' button on your favorite YouTube videos or social media posts, you are more likely to view additional similar materials. The goal of 'cookie' technology is to improve your experience on the website.
”Sounds like cookies are a good thing. Why would I need to be worried about them?”
Even though a simple text file was saved when it was transmitted to the web server, it is no longer just a text file because it contains your online browsing activities and behavior. THis behavior, such as personal beliefs and a variety of other aspects of who we are as individuals, is transmitted for data collection on the website’s server. This process is also known as “fingerprinting.”
There's always a chance that our information will be misused. Nonetheless, a number of big internet firms, including Google, Apple, Facebook, Amazon, and others, have security measures in place to try to secure your personal information. Third-party cookies, however, might end up on obscure websites or be mis-used; despite those companies’ best efforts to keep them secure. In that case, your data is accessible to both the original website and a new (possibly unknown to you) third-party. There is no law requiring third-party advertising to adhere to the security protocols of the primary company when it comes to protecting our data. Therefore, they are free to use or store it.
“So, what can I do to protect my data?”
There are a number of best practices you can follow to limit your risk when it comes to cookies:
1. Turn “Do Not Track” on
Most popular websites prompt “Do Not Track” or “Accept All Cookies” options when visiting the website for the first time. If you select this option when you visit a website, any selection made by you on whether or not to track will be sent to the server. If you decide instead to consent to share your data with the website, the website does not have an obligation to notify how, when or what they will do with the collected data. Therefore, it is critical to understand the risk of sharing personal information on any website.
2. Manage the first-party cookies and Third-party cookies
Similar to the “Do Not Track” feature, most browsers have a setting where you can erase particular cookies on specific websites. You can also remove the cookie for a specific period, such as the past hour or day. You can also block third-party cookies with some internet browser add-ons like uBlock Origin.
3. Turn on Guest mode or Incognito mode
This feature allows users to browse websites without being associated with any previous sign-in, cookies, or site data. This feature automatically removes all sign-in, cookie, and site data after you close your internet browser.
By following these tips, you can guard against websites and third-parties misusing your data. Interested in learning more about staying safe online? Hive Systems can help! Check out our latest Hive Live episode!
Follow us - stay ahead.