Cookies aren’t as evil as most stories — and some security tools — might have you believe.
A cookie is nothing more than some information a website saves on your computer. The next time you visit that site, your browser then sends it back to that same website.
Seriously. That’s it. That’s all. That’s a cookie.
It’s what some sites use cookies for that has some people concerned, and why you might care about things like deleting cookies.
Cookies work by letting websites save data on your computer that is then sent back to them the next time you visit. In most browsers, CTRL+SHIFT+DEL opens a dialog allowing you to clear cookies and more. Browsers also have several cookie-related settings (best found by using search within the settings pages). While cookies can be used to track you, it’s generally not something to be concerned about.
Cookies
It really is that simple: a cookie is nothing more than some data a website can store on your computer.
What that data contains is entirely up to the website.
Most importantly, the data is shared only with that website.
It works like this:
- You visit some website, say reallybigbookstore.com.
- Your browser requests a page from reallybigbookstore.com.
- Reallybigbookstore.com responds with the page to be displayed and some extra data. That data, a cookie, could be anything. I’ll use “customer=12345” as my example.
- Your browser stores two pieces of information: “reallybigbookstore.com” and “customer=12345”, and displays the page.
- You browse around, you leave, you do other things.
- Sometime later, you return to the site, this time to a page you bookmarked: “reallybigbookstore.com/tech_books.html”.
- Your browser contacts the reallybigbookstore.com server, requesting “tech_books.html”. It also sends the cookie with that request. In my example, that means “customer=12345” is sent from your browser to the reallybigbookstore.com server.
- The server does whatever the server does with the cookie — in my example, it might acknowledge that you’re the same customer as before — and delivers the page to the browser to be displayed.
One important thing here is that only cookies sent to you by reallybigbookstore.com will be sent to reallybigbookstore.com. This prevents one site from seeing the data that might be kept by another.
Example: preventing endless logins
Cookies can be used for many things, like welcoming a returning customer, but the simplest case is just remembering who you are from page to page.
For your sake.
Every page you visit on the internet is, in a way, completely stand-alone. When you log in to a site like Amazon or Outlook.com, there’s no inherent mechanism to pass along to the next page you visit on the same site that you are in fact logged in.
Without some method of remembering who you are, you’d need to log in over and over for each different page on the site you wanted to see. You’d be faced with a never-ending series of login screens between content pages.
As you can see in the example, simply storing a bit of data identifying you as a user is one way sites can keep track and not force you to log in to every page. For security purposes, the data stored is rarely as obvious as “user=12345”, but contains enough information for the server to know who you are, the fact that you’ve logged in, and that you’re authorized to see the next page.
Much has been made about tracking cookies, but there’s nothing at all technically different between cookies “tracking” you and cookies keeping you from having to log in over and over again.
Here’s the scenario:
- You visit some website, say reallybigbookstore.com.
- The site contains advertisements provided by a large advertising network. I’ll use “doubleclick.net” for my example.
- The advertisements shown on reallybigbookstore.com come from the doubleclick.net servers.
- The doubleclick.net server can leave cookies on your machine just like any other website.
So far, you’ve visited a single site, and the advertising network it uses has been allowed to leave a cookie on your machine. Maybe that cookie contains “aduser=12345”, though again, it’s rarely that simple.
Now you keep on browsing:
- You visit some other website, say somerandomservice.com.
- Somerandomservice.com also uses doubleclick.net to display ads.
- Once again, the advertisements shown on somerandomservice.com come from doubleclick.net servers.
- The last time you were shown an ad by doubleclick.net it left a cookie, and that cookie is now included when the ad it fetched.
The advertising network now has the data to know your computer visited both reallybigbookstore.com and somerandomservice.com, and, as long as the pages you saw had ads, how often you visit each, and what pages you visited while you were there.
Multiply that by all the sites you visit and all the different advertising networks, and you can imagine a lot of back-end data analysis that discovers really interesting patterns of people visiting different sites around the internet.
As I said above, the doubleclick.net cookies were sent back to the server they came from — the doubleclick.net server — even though the page you requested was from somerandomservice.com.
Many browsers make a distinction between cookies for the sites you actually requested (somerandomservice.com), and the sites subsequently referenced as part of displaying the page (doubleclick.net). The latter are called “third-party cookies.”
You are the first party, the site you’re visiting is the second party, and all the other sites used as part of displaying a page from that site are third parties.
Most browsers allow you to turn off third-party cookies, meaning the cookies created by third-party requests such as advertising networks are simply not created at all, or are never sent.
To delete cookies in the Microsoft Edge browser, type CTRL+SHIFT+DEL. This will bring up the “Clear browsing data” dialog box.
As you can see,” Cookies and other site data” is one of the items you can delete.
To view the browser settings relating to cookies, search settings for “cookies”.
As you can see above, among several other settings, there’s an option to disable third-party cookies. This is currently turned off, allowing third-party cookies.
To delete cookies in FireFox, type CTRL+SHIFT+DEL. This will bring up the “Clear Recent History” dialog.
As with Edge, you can select not only what to delete, including cookies, but also a specific timeframe.
To view the browser options for cookies, click the hamburger menu in the upper right of the Firefox window, click on Settings, and then click on Privacy & Security in the left-hand pane. Scroll down to find “Cookies and Site Data”.
You can also search Firefox’s settings for “cookies” to expose a few more options.
To delete cookies in Google Chrome, type CTRL+SHIFT+DEL. This will bring up the “Clear browsing data” dialog box.
As you can see, much like Edge and Firefox, one of the many items you can choose to delete is the collection of cookies, and you can specify a timeframe. You can also click on the Advanced tab to expose a few more things you can clear.
To view the browser settings relating to cookies, search settings for “cookies”.
OMG! They’re tracking me!
No, they’re not.
Well, they are, but … no, they’re not.
Here’s my position: they don’t care about you specifically. No one cares what Leo Notenboom does. You and I just aren’t that important or interesting to track as individuals.
What’s much more interesting is aggregate data: the data saying things like 75% percent of the reallybigbookstore.com visitors also visit somerandomservice.com. Or data showing people visiting this page frequently are likely to respond to these advertisements.
This type of tracking can also be used to perhaps prevent people whose online behavior appears to be similar to that of men from being shown advertisements designed for women.
You get the idea. They don’t track at the individual level, but they use the data en masse to do things like provide more highly targeted and interesting ads or perform market research.
That’s not to say that cookies can’t be misused; they can.
It’s just that it’s typically a lot more work than it’s worth.
Unfortunately, some anti-spyware tools flag tracking cookies — often any tracking cookie — as a form of malware. I simply and emphatically disagree. Flagging tracking cookies in that manner causes unwarranted confusion and concern, and certainly doesn’t make you any safer.
What should your settings be?
In my opinion, the default settings across all browsers are just fine.
I know some people feel differently. If that’s you, you might want to spend a little time diving into your browser’s cookie settings.
If you found this article helpful, I’m sure you’ll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I’ll see you there soon,
Slow Computer?
Speed up with my FREE special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.
No strings. No email. Here’s the direct download. (Just right-click and “Save As…”.)
This post was written by Leo Notenboom and was first posted to AskLeo.com
Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.