How Internet cookies affect digital privacy
Cookies help data collectors observe users' online behavior and remember their actions to improve user experience, but this comes at a price—privacy!
Cookies are small data files in clear text format that websites send to and store on our devices, allowing sites to identify, monitor, and remember certain information about us. Cookies are a convenient way to transport information from one session on a website to another or between sessions on associated websites without storing excessive data. From a developer’s perspective, cookies make it easy to recover user data without asking the user to log in on every visit to the website.
Cookies help data collectors observe users' online behavior and remember their actions to improve user experience, but this comes at a price—privacy!
The impact of cookies on privacy depends on the type of cookie permitted on your browser. There are three types of cookies: session, persistent, and third-party. Although uniquely structured to collect, store, and track user data, they are designed to function differently.
Session cookies are temporary cookies created to remember users’ online activities. They allow websites to remember user activities. One use case example of session cookies is with e-commerce websites, which enables them to remember the items in our carts and save items we spend time viewing. Session cookies make it easier to navigate websites and, by configuration, are not written to your hard drive but stored in your RAM and deleted automatically at the end of the session.
Persistent cookies or first-party cookies track user preferences and implement them on future website visits. This functionality requires user data to be stored on the hard disk for a long time and may or may not have an expiry date. Persistent cookies are primarily used for easy authentication (storing passwords and usernames) and tracking user behavior based on browsing history.
Third-party cookies pose the most significant risk to privacy, not necessarily because they track users’ online behavior but because they collect specific data like location, age, and search history and are passed on to third parties, usually advertisers, for marketing purposes. Hopefully, this explains all the relatable ads that appear after looking up something on your phone.
Cookies themselves are generally harmless. However, recent trends in cybersecurity recognize them as a potential attack vector because cybercriminals can use them to spread malware and manipulate users into visiting malicious websites. Ransomware can also be disguised as third-party cookies and can lead to data compromise when allowed on your browser.
You can always turn cookies off from your browser settings, but it is good practice to delete them periodically. Some good security practices to implement:
Ensure you have firewalls, anti-virus, and anti-malware applications, and keep them updated.
ensure websites are secure before inputting private information (click on the padlock icon at the address bar to view details of the website’s security as well as information on the cookies)
ensure you are browsing from a secure website that begins with “https” (this means the web connection is secured by encryption)
Regulations like the California Consumer Privacy Act and the EU’s General Data Privacy Regulation require data collectors (i.e., websites) to clearly and comprehensively disclose the purpose of the data they collect and store through cookies, giving users the option to accept or reject them. Regardless of the increasing privacy concerns that cookies raise in public policy and technology corridors, the efficiency cookies provide for users remains undebatable.
Web browsers like Mozilla and Safari have disabled third-party cookies but account for only about 20% of the web browsing market share. Google’s Chrome browser accounts for about 60% of the market share and has postponed its plan to block third-party cookies on its Chrome browser to the second half of 2024.