What are Browser Cookies? (For Dummies)
In a dystopian world, a browser cookie would be something tasty that your browser would shoot out of the computer so that you could enjoy eating them up while you read us. Unfortunately, we don’t live in such a world and in a computing context, the term cookie doesn’t refer to the real ones.
Instead, cookies are actually small files stored in your browser cache that can do a number of useful things but have also been scrutinized for potentially compromising user privacy. So how exactly do these things work and why the heck are they even called cookies?
The name actually comes from “Magic Cookie”, (that was not magical) which was an early term for a small piece of data passed between computers usually for identification purposes. Modern browser cookies also identify your computer but they serve the additional purpose of tracking your activity which actually isn’t always as nefarious as it sounds.
The way it works is that when you visit a cookie-enabled site for the first time let’s say Amazon, the site will put a cookie on your computer that contains a unique ID. Amazon uses this ID to keep track of your session so that the site knows which shopping card is yours and what you’ve looked at so it can suggest stuff like the sauce to you if you were browsing for burger buns.
Session management with cookies has many more applications though than just virtual shopping carts. The identifier in a cookie can allow a server to keep track of your logins so you don’t have to keep punching in your password every time you visit a site and it can remember how you’ve customized the layout or appearance of a page previously. Cookies also allow sites to figure out how many unique visitors they get since each unique visitor has their own ID contained within a cookie which is important for webmasters who need analytics data for business development.
One of the most common ways that your browser can compromise your privacy is by allowing third-party cookies that are sent from sites other than the one that you’re visiting. For instance banner ads are often hosted on a different domain than the one that you’re actually browsing and can plant cookies on your computer that track you across multiple sites which many people find intrusive and downright creepy.
But even worse is the potential for cookie theft which is exactly what it sounds like. Usually, super sensitive things like website passwords aren’t stored in cookies but the identifiers in the cookie can be used to essentially steal a logged-in session meaning that an attacker could access your shopping cart, bank account, or even medical records without even knowing your password and browsers usually just store your cookies in plain text without any encryption making them a vulnerable target. Though using websites that transmit cookie data over a secure connection can help somewhat.
What measures can you take?
- Most browsers will allow you to disable third-party cookies with a simple option so you’ll only get cookies directly from the site that you’re visiting and if you want to take it a step further you can disable cookies entirely if you don’t mind missing out on the features that they offer.
- If you’ve got cookies on or even just in general be careful about what you click on and what sites you’re browsing. If you’re only navigating to trusted sites that are going to not spy on you then no one will be spying on you. Although it’s not always easy to tell who to trust these days.
- Finally keeping the hard drive on your computer encrypted is actually a pretty key one because if someone walks off with your entire computer and all the cookies on it, then it’s an easy way to have the bad guys putting their hands in your cookie jar.
Thanks for reading. You can suggest some improvements in the comments.
