To accept or not to accept. When it comes to the “We use cookies” banner, this is the greatest dilemma many of us face.
Do cookies sound like they could be spyware? Or just something with no return path, making you hesitant to take the leap of faith and accept it?
The idea of cookies is definitely daunting, but perhaps understanding what cookies mean on a website might help quell your fears.
What Does It Mean When A Website Uses Cookies?
Think of cookies as packets of data that a web server stores whenever you visit and interact with a website. These cookies are stored on your computer by your web browser, which means they don’t get lost when you exit the website.
Http cookies are of different types, and they serve various purposes.
Is there a website you visit on a regular basis? How would you like it if it asked for your login information on every visit? It gets tedious, doesn’t it?
On another note, think of shopping websites where you can put items in your cart for checkout at a later date. Imagine if your cart lost items every time you quit the website. The cart loses all meaning. This storage of data is made possible through those cookies that seem scary at times.
Now let’s look at the types of cookies that you’re likely to find on a website.
Cookies Through History
Before Http cookies as we know them today, the term was magic cookie. A magic cookie is a packet of data that is transmitted between programs to communicate. Magic cookies were used on Unix systems.
It’s easy to understand how a magic cookie works.
Magic Cookie
A magic cookie acts as a token, a signal that can be used to interpret the validity of an action.
A program sends a magic cookie to another program. The second program, or the recipient program, does not use the data for manipulation or any other function. It uses the data as a ticket for what response it should give back.
Magic cookies were used in early computers during the 90s between communicating programs. The idea extended to Http cookies and became part of the web servers and applications.
Types of Http Cookies
1. Authentication Cookies
As is evident from their name, authentication cookies authenticate a user whenever they visit a website. Let’s go back to our login example.
The account you used to login to a particular website is saved by the authentication cookies. If you’ve noticed autofill or a selection option when you click on the text field, that’s also thanks to cookies.
But while authentication cookies are quite handy and save a lot of time and effort, they can be a hot seat for security issues.
Although it depends largely on the security of the website, it can be problematic if cookie data isn’t encrypted. Because authentication information is sensitive enough and can be used for all kinds of purposes, you should avoid accepting cookies on websites that you aren’t very sure of.
2. Tracking Cookies
The most daunting types of cookies are tracking cookies, which track the user’s browser history for marketing purposes. There have been concerns regarding these cookies, and most of the time, when you get asked about cookies, this is the type of cookie they’re talking about.
You can usually manage cookies and reject the ones that aren’t necessary.
Tracking cookies look at the browser’s history to determine the user’s areas of interest. Suggestions and ads are served on the basis of these interests.
3. Session Cookies
Session cookies aren’t stored on your computer. These are temporary and only remain in effect during a session, which means that once you quit the web browser, they’ll be gone. In some cases, session cookies have a predetermined lifetime after which they expire.
Session cookies are useful when you’re providing sensitive data that you wouldn’t want lying around for long. For example, your account information or any other information that is liable to change with time.
4. Persistent Cookies
Persistent cookies have a set amount of life, after which they expire. Their lifetime is defined by the website that creates it.
Persistent cookies can be in any form and are used for tracking, authentication, etc. A good example of persistent cookies is the cookie provided to affiliates.
Websites that are linked to an affiliate program use a cookie system for a given period of time that helps determine leads and conversions.
5. Secure Cookies
As the name suggests, these cookies are secure in that they can only be transferred over a secure HTTP connection. This means that their data is encrypted and cannot be accessed by attackers.
Secure cookies aren’t as vulnerable as other cookies, making them a good choice for sensitive data. With HTTPS on the rise, secure cookies are becoming increasingly common, reducing the risks that make cookies so scary.
6. Http-only Cookies
To make cookies more secure, http-only cookies play an important role. They don’t allow client-side APIs to access them, which reduces the risk of cross-site scripting.
While this threat is quelled, the cookie isn’t completely secure. For example, it can still be vulnerable to cross-site request forgery and tracing.
First-Party vs. Third-Party Cookies
Cookies can be classified into these categories based on their scope.
Simply put, first-party cookies are provided by the website that you’re visiting. That website may have authentication cookies, or if, for example, it’s an e-commerce site, it might have suggestions for you using tracking cookies.
Third-party cookies, on the other hand, aren’t provided by the website itself but by other websites that are linked to it in some way. You must have seen ads for other websites or apps on the website that you’re visiting.
Like we mentioned before, these ads are served based on user interests after tracking the browser’s history. Third-party cookies play a crucial role in marketing through ads.
Uses of Cookies
Cookies help out a lot. When it comes to session management, there’s a lot of data that can be reused again to make the process more efficient and convenient. Cookies help do just that.
1. Session Management
From our previous examples, shopping carts and login information sum up sessions very well.
We can delve into that a little further to explain how cookies really work.
Let’s take the shopping example first. Cookies were originally developed to manage shopping websites, which makes this the best example in this case.
Whenever you add an object to the cart, it doesn’t get added to a cookie. On modern websites, whatever you put in the cart gets saved in the database on the web server. Databases allow retrieval and storage of large amounts of data much better than imagining a cookie saves all the information.
For instance, if a cookie were to hold onto that much information, eventually it would become oversized and may actually slow down the browser instead of saving time.
Instead, what the cookie stores is the address of your particular cart. In other words, it acts as a token or a ticket that links you to the particular space in the server’s database where your cart resides.
This makes cookies compact and very efficient.
2. Authentication
As with the previous example, we can now look at login authentication.
In this case, cookies don’t store data such as usernames and passwords. If that were so, authentication cookies would be a hotbed for hackers, and virtually no website would be secure.
Instead, when a user logs in successfully, the cookie is assigned as a token that signals that this particular user has been authenticated. This way, you won’t have to enter your credentials to log in again.
In some other cases, cookies do, in fact, store usernames and passwords. Of course, the practice is never encouraged. Because cookies aren’t generally encrypted, they carry data in plain text, which can be vulnerable.
3. Personalisation
Personalisation has been a rising trend in the web industry, and to make things simpler, cookies play their role here too.
Personalisation aims to provide users with the best experience that is tailored especially for them. Personalisation is different from tracking in that, unlike tracking, personalisation keeps the user’s choices in memory instead of rummaging through their history.
For example, when you visit a website that has both light and dark modes, you might switch it to dark mode. The next time you visit that website, it will render the dark mode version. That’s because cookies remembered your preference.
Similarly, you can choose a number of options on search engines, such as the number of results displayed, appearance, etc.
Once you set up your preferences, the website will follow your preferences on the same device. If you access it from another device, it will have its default view. This is because cookies aren’t in action yet on your new device.
4. Tracking
We’ve already delved into tracking cookies, but let’s take a closer look at how they really work.
When you visit a website for the first time, a cookie is sent to the browser by the server. As long as that cookie isn’t removed, every time you visit that website, the cookie will be sent along with the request to the server.
The server reads the request as well as the cookie and sends back the web page that was stored for the particular user (in case some action was taken on it or preferences were assigned). Not only that, whichever page you visit on that website from then on will also get tracked.
The amount of time you spend on what page and the pattern you take to reach a particular page—in other words, the path you take—get tracked as well.
Sounds too close to be comfortable, doesn’t it?
And why are you being tracked exactly?
Well, tracking cookies are set up in hopes of reading your mind and what you like. If a judgement can be made of your likes, the data will be sold to the highest-bidding corporation.
These corporations, serving in various areas, put ads on websites that are relevant to users. So gauging websites for prospects is beneficial to them. A tech company wouldn’t want their ads on a food website.
Cookies help provide precise data that can be analysed further and turned into useful information for corporations and marketers.
Should you Enable Cookies on a Website?
Yes, and no.
You should allow cookies on a website if...
You visit that website on a regular basis and need to log in.
The website is secure.
It’s a shopping website that you buy things from.
You want to keep your progress saved on the website.
You shouldn’t allow cookies on a website if...
You don’t intend to visit that website for a prospectively long time.
You are providing sensitive information that you won’t need to enter again.
You aren’t sure about the security.
The website has a history of cyber breaches.
Conclusion
Cookies are a great help if you want to save work and not waste time logging in and redoing the same thing again.
In most cases, especially with cookies becoming much more secure, it seems helpful to accept cookies. You always have the option to manage tracking or reject it entirely if you are concerned about your privacy.
That said, it never hurts to minimise cookies by refusing cookies on websites that aren’t going to stay on your radar for long.
Be careful around websites that aren’t secure. If you must provide some information on these websites, don’t store cookies.
