We’re all familiar with the cookie banners that immediately pop up every time we visit a website. It’s almost become second nature to click ‘accept’ and quickly move on to whatever else we’ve visited the site to do. But what exactly are cookies, and how are they used by companies online?
Cookies are simple text files that a website can store on your browser. The main purpose of a cookie is to identify users, save site login details or create customised web pages tailored to the individual’s preferences.
Most websites will install cookies as a way of developing a profile for a person. The cookies will keep track of each time a user visits a site, what they’re searching for, what they’re buying and generally provide a detailed picture of their online activity on the site.
Cookies are used to improve the user experience and create a more tailored and relevant browsing session. However, many people are sceptical of how this information is used and how vulnerable it is to being hacked.
Unfortunately, these fears are not unfounded. In February 2015, Yahoo suffered a major data breach that compromised the data of over 32 million users. Hackers managed to break into its systems and steal the code relating to Yahoo’s use of cookies. This code enabled the hackers to forge cookies for all 32 million accounts without having to use a password.
Yahoo confirmed the stolen user account information included names, email addresses, dates of birth, telephone numbers, hashed passwords and in some cases, encrypted or unencrypted security questions and answers. Everything attackers need to commit identity fraud or sell on to make a profit.
Since the attack, there have been major changes in privacy laws surrounding the use of cookies, and under the GDPR, all companies within the EU are now legally bound to inform us that their site uses cookies and we must provide our consent for this data to be used.
Types of cookies
Websites will often use different types of cookies to keep track of different types of activity. Below are three of the most commonly used cookies:
Session Cookie
Session cookies are only stored for the duration of a web browsing session and are deleted as soon as the visit is complete. These cookies are stored in your browser’s temporary memory folder and do not collect personal data. They are most commonly used in online shopping sites where information is passed from one page to another.
Stored Cookie
Stored cookies work by tracking your online preferences. They will collect identifying information, such as your username and password and store these details so they are automatically filled out the next time you visit the site. The aim is to improve the user experience and after a certain amount of time, the cookies will expire.
Third-Party Cookies
A third-party cookie, also commonly known as a tracking cookie, collects data based on your online behaviour. When you visit a website, third party cookies will collect different types of data that are passed on or sold to advertisers by the website that created these cookies.
This is the reason why some ads will follow your around the internet. You may have searched for a specific product on one site, yet ads will pop up on different websites for the same product or brand. Third party cookies can be disabled in your browser settings to prevent third party advertisers gaining access to your search history and browsing habits.
Are cookies safe?
Cookies are simply text files that are stored on your computer containing data that helps a website identify your device. Because these files are plain-text files, they cannot transfer viruses or malware to your computer.
However, some cookies do pose a security risk and are worth keeping an eye on. For instance, ‘Super cookies’ are designed to be permanently stored on a user’s device and cannot be deleted in the same way as regular cookies. Some third-party cookies, otherwise known as ‘Zombie Cookies’ can also pose a problem as they are difficult to detect and recreate as soon as they are deleted.
Why you should delete cookies on your browser
There are a number of reasons you should consider deleting cookies on your browser:
- They pose a security threat – As previous cyber attacks have demonstrated, hackers can potentially hijack cookies, gaining access to browser sessions and then steal personal data.
- They can slow your browser down – When you first visit a website, the pages you visit will get saved onto your hard-drive. On subsequent visits, instead of re-downloading the pages, it will load a lot faster. However, over time you may accumulate a lot of cookies and this will in turn slow your system down.
- They store your personal information – Cookies remember the sites you visit and the purchases you make. Websites can then track you and follow you round the web to develop a more detailed profile of your online habits or to target you with further ads.
- You use a public or shared computer – You may need to use a public computer to check an email or to shop online but unless you are deleting your cookies after every session, the next person who logs on could potentially see your entire history. Or worse still, log in to your online banking or shopping accounts masquerading as you.
How to delete cookies on your browser
Most browsers make it relatively straightforward to view and delete cookies. The process will vary from browser to browser but generally, you should go to browser settings and look for the privacy or security section. The next step is to view the cookies stored by the browsers and then choose which cookies you want to delete. It’s as simple as that.
There’s no doubt the cookies have transformed how we surf the web, and for the most part, they make the browsing experience a more efficient and personalised experience. Nonetheless, it’s important to understand the risks and assess whether you should be deleting your cookies on a more regular basis.
MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our products directly address the specific challenges that arise from cyber threats and corporate governance by making it easier for users to engage in Cyber Security and compliance. Get in touch for further information on how we can help transform Cyber Security training within your organisation.
