WOOF! Newsletter

June 08, 2022

How Much Power do "Cookies" Wield on the Web? More than You Might Think.

Website Cookies are almost as old as the Web itself. Most of us just click "Allow" and forget about them. But should we? What do they really do? Sometimes it's just a privacy requirement. Sometimes Cookies enable ads from companies you've never heard of. Sometimes it's both. Bottom Line: Cookies aren't the worst threat to online privacy out there, but you should always know what clicking "Allow" means.

We've all seen a popup like this:

 

Cookie Consent Banner

 

This is called a 'Cookie Consent Banner.'  It appears, you click Accept, and you can start reading the website.

Let's stop for a moment and ask—should you keep doing that? Do all these Cookies, piling up in the background, tracking who-knows-what, threaten your privacy?

We're taking a closer look at Cookies in this WOOF. You might be surprised at how much power Cookies exert over the Web today.


What are Cookies?

Cookies are small text files with pieces of data that websites send to your browser/device, that the site uses to identify and monitor you.

Each Cookie stores this data on your computer, along with a unique ID number the site will reference later. They ask for permission because it's your computer, not theirs. Basic privacy requirement.

(You can say no. Sometimes that's the best course action, too. We'll cover the reasons behind that later.)


Why (Almost) Every Website Asks You About Cookies

Some websites must display cookie notifications for legal purposes:

  • Websites based in the EU must follow data privacy rules.
  • US websites' Cookie policy must follow the Children’s Online Privacy Protection Act () if they address children under 13 years old.
  • Websites targeting California customers must follow the California Consumer Privacy Act ()'s Cookie regulation, if they meet certain thresholds (such as deriving at least 50% of annual revenue from selling personal information).

Otherwise, Cookie notifications aren't necessary, but are frequently used. Why? It's a way for the website to "remember" you. Your preferences, your history with that website, your choices while on it, and so on.

For instance, when you frequent an ecommerce website like Amazon, Amazon remembers your username & password so you don't have to type them in every time. That's thanks to a Cookie.

Remembering user data serves two primary purposes: Authentication, and Tracking.

  1. Authentication: Saving your login credentials (username, password) to make logging in easier next time.
  2. Tracking: Monitoring where you go & what you do on the website, for several reasons (improving the website, advertising, examining user behaviors, etc.).

Now, tracking's not all bad. For example, many websites use Cookies to identify their repeat customers & make special offers. If you use a non-standard display setting, the Cookie can remember that for you. YouTube uses Cookies to recommend more videos it thinks you'll like.

Cookies often benefit visitors. As long as they're clear on what type of Cookie they are.


The 2 Types of Cookies on the Web

Cookies generally belong in one of 2 categories:  Session, and Persistent.

  1. Session Cookies: A temporary Cookie to store simple data, like which pages you visit. Session Cookies live within your computer's RAM, and when you leave the website, they vanish.
  2. Persistent Cookies: These Cookies remain on your computer until you overwrite or delete them. Almost all of the Cookie concern comes from persistent cookies.

Persistent Cookies can have one of two sources as well:

  1. First-Party Cookies: A cookie the website itself generates. Websites use these for analytics, improving your user experience (like remembering your username), and so on.
    • Most session Cookies are first-party.
  2. Third-Party Cookies: A Cookie generated by another website than the one you visited. These usually serve as online advertising trackers. For example, Google generates Cookies for Analytics and Ads.
    • If you've ever wondered how advertisers show you ads based on websites you visited last week…this is how!


Should You Accept Cookies?

Generally, yes. Most are harmless, and don't infringe on your privacy.

That said, if a website gives you an option of "Required Cookies Only" or "Minimal Cookies," select it. This reduces the Tracking part of the Cookie (and sometimes eliminates it!).

 

Minimal Cookies Option

Example of "Required Cookies Only" from IBM.com.

 

You should NOT accept Cookies when they could pose a danger to your computer or your personal information. Look for these indicators: 

  • When your antivirus/antimalware app flags a website as unsafe
  • Websites that don't have an SSL certificate, or a broken one (you'll see a warning for 'Unencrypted Website' in your browser)
  • When a website asks you to accept third-party Cookies (odds are good they're for advertising trackers!)


What Happens if You Opt Out of Cookies

With Cookies, one question always looms...what happens if you click 'No'?

The website won't save cookies to your computer, of course. From here, it depends on what those Cookies wanted to do.

Authentication? The website won't 'remember' you next time you visit, so you'll have to enter your username & password again.

Tracking? If it's a First-Party Cookie, the website won't monitor your activity. This may mean it won't make suggestions on pages or products.

If it's a Third-Party Cookie, the website won't pass your data to the advertiser/tracker. This may reduce the number and/or relevancy of online ads you see. (Up to you whether that's a good or bad thing.)

Declining Cookies may hurt your experience of the website. Some of its components may not work correctly. If this is the case, the Cookie Consent Banner will tell you.


Concerned About Your Cookies? Delete Them!

Cookies live on your computer. Which means you can delete them whenever you want!

To delete Cookies:

  • Find the 'Privacy' section of your browser's settings. It's usually listed under Tools, or Settings.
  • The Privacy options will tell you where & how to remove Cookies. You can delete one Cookie, ten, or all of them.

After you delete Cookies, those same websites will ask you about Cookies next visit. If you've been logged out as well, the Cookies handle authentication, so you may need to accept the Cookies again.

Cookies may exert a lot of influence on our online activities, but they're always yours to control.


We want to keep our information on online privacy up to date!  If you have any information to share, please contact us at .