What are “Cookies” and How Do I Avoid Them

Whether you call them “HTTP cookies”, “web cookies”, “browser cookies” or just plain “cookies”, it all amounts to the same thing:  Cookies are the tools used by websites to identify what actions were performed by a particular browser.  What this means is that whenever a person uses his or her computer to log-in to a website, read news articles, click the “Like” button on Facebook, or to browse an internet shopping site, pieces of the user’s information are left with these sites for an unlimited amount of time.  Any site visited will be remembered by the browser and traced back to that particular user making subsequent log-ins quicker and easier.  It is possible to delete these cookies from your computer, but that doesn’t always guarantee your internet safety.

Lawmakers in both the United States and Europe were moved to take action against the use of cookies when significant privacy concerns arose.  These concerns centered around “tracking cookies” and “third-party tracking cookies”.  Even though cookies do not carry viruses and cannot install malware on a computer, they can store the browsing histories of individuals for a very long time.  Privacy advocates find this unacceptable.

There are different types of cookies, each with a specific function.  Some of these are:

Authentication Cookies – These are considered as the most important type of cookie.  These are the cookies used by servers to recognize if a user is logged on or not.  They also can distinguish which account the computer is logged into.  With this tool, the website knows if it is safe to send out personal information or not.  If the cookie does not recognize the user, a “You need to log in” message appears.  The authentication cookies are only as safe as the website being logged into and the user’s browser.  If website and/or browser security is not at a high level, the user’s data could be intercepted by hackers.

Session Cookies – These cookies only last as long as the user is on a particular website.  Typically, the cookies are deleted by the browser once the session is ended.

Persistent Cookies – These cookies are also known as “tracking cookies” because they remain on the computer and are sent back to the server each time a user visits the site.  These cookies record essential information, including how the user first found the website.  This cookie remains on the computer and is there for all visits to that site.

Secure Cookies – These cookies are only used when visiting sites by way of HTTPS (Hypertext Transfer Protocol Secure).  This guarantees the user that the information is always encrypted when sending out information.  These secure cookies make digital “eavesdropping” almost impossible.

HTTP-Only Cookies – These cookies are only used when the user is sending HTTP or HTTPS information.  They do not allow access by APIs (Application Programming Interface), including JavaScript.  It doesn’t fully eliminate the possibility of data theft, but it does lessen the chance of this.

Third-Party Cookies – When a user signs into a site targeted by an ad, then later, signs into another site which has the same targeted ad, the cookies for both visits are tracked by the advertiser.  The advertiser can then use these cookies to build a more detailed profile for that particular user.

Zombie Cookies – Users can delete unwanted cookies, however, a Zombie Cookie can recreate itself after it is deleted.  It does this by storing its content in other locations, then “resurrecting” itself from the backup storage areas once the deletion is discovered.

The uses of cookies are varied.  They can be used to manage sessions.  For instance, each time a person shops on line, there is a “Shopping Cart” feature.  When you move the item you wish to purchase into the virtual shopping cart, you can then continue shopping, or proceed to the checkout.   As you purchase each item, it is stored in your shopping cart, to be retrieved when you are finished shopping.

To further manage your session, the cookies stored with each item in your shopping cart will enable the site to “guess” what other items you may also be interested in purchasing.   Once you are done shopping, the cookies stored will allow the site to remember what items you purchased and will use that list to “suggest” items the next time you visit that site.

Cookies are also used to store personal information on websites visited repeatedly.  Once you register with a site, your username and possibly your password are stored on that computer.  The next time you want to sign into the site, all you have to do is call up the site and there will be no need to re-enter your information.  The only thing you need to do is click the “Log On” button.

Another way cookies are used to personalize sessions is by allowing each user to set their preferences as to how the page looks.  Gmail allows each user to set a “theme” for their inbox.  Since many Gmail accounts can be set to one computer, each account can set its own theme preference.  Each time an account is opened, the selected theme will be displayed.

A function that has raised a lot of privacy concerns involves tracking cookies.  These cookies actually track a user’s on line activities.    With these cookies in place, it is possible to tell exactly what sites a user has visited, how many times the site was visited and how long each visit lasted.  With this information, data mining companies are able to target specific ads to certain users.

When a person uses his or her computer on a public network, like the “free” Wi-Fi offered in many areas, the connection is not encrypted.  This gives cyber-criminals the opportunity to intercept the connections and read any information being sent out by other users.  This includes the information contained in HTTP cookies.  Once this information is stored, it gives the cyber-crook the ability to pose as the “victim” in order to perform tasks such as transferring money out of that person’s accounts.

Cookies are always with us, and they can become dangerous as shown by the above example.  It’s impossible for a website to know for sure who is entering their domain.  The site must assume that if the correct information is being entered, the person entering it is the authorized user.

One of the ways to better protect your information, especially when using public hotspots, is by using a proxy server.  A proxy server protects you in a couple of different ways.  When you use a proxy server, your actual IP address is hidden.  The most important way a proxy server protects you is that every time you sign onto your computer, the information you send out is encrypted.  If anyone can break into your line of communication, the information retrieved is unreadable.  In other words, your personal information is safe.

Be Sociable, Share!

•