Written by: Paul DeLeeuw, Interactive Services Manager
In honor of National Cookie Day on December 4, hopefully, you have your favorite cookies nearby and you’re ready for a little light reading about that other kind of cookie: the web browser cookie!
In the U.K., they’re called web browser biscuits. Not really. But they should be, for consistency.
Undoubtedly, you’ve read the pop-ups plastered all over your favorite websites. “This website uses cookies. Read more about it in our Privacy Policy.”
So, what are cookies? And what do they have to do with privacy?
What are (and why) cookies?
Cookies are tiny files that a web browser saves on behalf of a website, so that website can “remember” something about you.
Set to the song “Remember Me” from Pixar’s Coco:
Remember Me
Once I click this small checkbox
Remember Me
In case I must log off
The next time I get to this site
I want the site to be
Logged in with my profile
So I don’t have to see
“Remember Meeeeeeeeee”
That little checkbox by the log-in button that says “Remember Me” uses a cookie to basically keep you logged in, even after you close the browser.
Why does the website need your browser to save this cookie? Aren’t servers, you know, smart?
Well, yes and no. Servers don’t have the same kind of contextual information that humans have when they speak with each other; every time you visit a website, the server generally knows nothing about you. It might know things like your IP address, but that can change, and it might know what browser you use, but that can also change, and lots of other people are using that same browser.
Source: https://xkcd.com/869/So, in order to distinguish you from literally everyone else, websites use cookies. When you give a site permission to save a cookie, you’re allowing them to write a little data on your computer in the form of a special, unique code, and then the browser sends that same data back every time you visit that site in the future. That’s what enables a site to “remember” you.
Cookies can also be used for other things. For example, if you do a search on Amazon and hit some of the filter checkboxes, the filters will get saved to a temporary cookie so that as you browse around Amazon, the site will remember your search and your filters. So, cookies are not only for eating or logging in.
Cookies all have an expiration date set as well, after which time the browser will automatically delete them. The cookie itself doesn’t really do anything on your computer except take up a miniscule amount of space. Cookies are tiny. They’re more like crumbs, really.
So, privacy?
Many sites—ours included—use a third-party service like Google Analytics to understand what pages you view and how you use our site. The services will add a pixel or a Javascript to the website that communicates with their service to provide that tracking data. And these scripts use—you guessed it—cookies to identify you from page to page.
But those cookies don’t belong to the website you’re on, they belong to the third-party service. And that means the cookie isn’t just identifying you on one website, it’s identifying you on every site that uses that service.
These third-party cookies don’t automatically know your personal information. They don’t magically know your name or email address, for example. But the more sites you visit, the bigger the profile these third parties build about you. That’s how sites like Facebook and Google can, over time, figure out what things you like and what you shop for, which allows advertisers to show you ads they think you’re more likely to click on.
Should you change something?
It really depends. Generally speaking, the cookies themselves aren’t personally identifiable. Third parties can use them to guess things like your demographics and your interests. And they can correlate them with your personal information if you log into their service specifically. But is that bad?
It’s really a question of personal comfort. Most people don’t feel there’s anything particularly interesting in their browsing habits. And many people prefer seeing the kinds of customized ads that this tracking makes possible. There aren’t really any major data breaches or concerns with this kind of tracking; if your personal information is going to be leaked, it’s going to be leaked because of a service you specifically logged into, not because of a third-party cookie.
But if you prefer not to be tracked, there are a few options. For example, if you use Apple’s Safari browser, the default option is to block third-party cookies. This prevents a shared cookie from getting used across multiple sites, which thwarts the cross-site tracking. You can also use privacy-focused browsers like Brave for similar functionality.
You can also simply clear your cookies on a semi-regular basis. This makes third parties “start from scratch,” because they no longer have the cookie they originally assigned you. However, clearing cookies does reset other things, for example, your banking site might have a cookie that helps you log in faster, and that cookie will be gone so you’ll need to enter in more data the next time you log in. You’ll also see a lot of cookie policy pop-ups again because, guess what? When you click “agree,” it saves a cookie to remember you’ve agreed. If you’re curious, here’s a good set of instructions on clearing cookies across different browsers.
Many browsers also have a private browsing mode, which essentially ignores all of your current cookies. When you open a new private browsing window, that window will only create new cookies, and once you close that window, the browser will delete all the cookies from that session and erase the history from that session as well. If you’re worried about a particular site, try using it in private browsing mode to obscure your activity from third-party tracking.
In summary
Cookies are a really useful part of the web that make it smarter. Turning them off generally makes websites less useful. But if you’re concerned about third parties building a profile on you, there’s some steps you can take:
- Turn off “cross site tracking” in your browser preferences, if available.
- Clear your cookies occasionally.
- Use private browsing mode or use an alternate browser with specific sites.
Did you make it this far? Reward yourself by enjoying a real cookie. Thanks for reading!
Many thanks to XKCD for providing the comic per Creative Commons license.