Cookies, Privacy, and Cyber Security
By
Rithesh Raghavan

Pronounce the word “cookies” and some people will think a treat is coming. From a computer perspective, however, these are not the items on a dessert menu, and though they may not be physical items,  they do perform significant jobs of facilitating anyone who is browsing on the internet and they might cause problems if they aren’t managed properly.

A computer cookie is defined as a small text file that is kept on the computer browser. Formally, a computer cookie is sometimes referred to as a browser (internet/web) cookie or an HTTP cookie. Regardless of its name, a cookie is a piece of information that enables the website to keep information and details like user preferences, to identify them when they re-visit. In layperson’s thinking, a cookie can be thought of as a “memory” that enables the website to identify the user and respond accordingly. When a computer user visits a particular website, a cookie is sent by the website to their computer which upon receipt, the computer keeps this cookie in a specified location of the browser. Its significance is to assist the browser to track and record browser activities. Many users prefer storing their login details on frequently used websites, or to keep track of their browsing and downloading activities. Despite their tracking and storage capability, these same cookies can be used by fraudsters and cyber-attackers to locate users, track their activities on the web, and commit cyber-crimes like sending malicious ads.

Web users perceive that their actions online are constantly monitored for varied reasons. For instance, ads of products we have searched online in the past might show up on our browsers and we may get surprised how the internet came to know about it. Some people will even claim that the things we speak will be run adverts on the internet someday. But the truth is that the majority of internet users do not pay attention to the instructions issued in the “small boxes” every time they encounter them. The small boxes have information explaining how users’ data is gathered and handled via cookies, to caution them from mishandling very crucial information.

Why Are Computer Cookies Becoming A Privacy Issue?

Whereas computer cookies are inherently harmless and cannot dig personal information or disclose one’s data on a computer by themselves, they only store information in a couple of ways. The information isn’t created by the cookies but users by submitting their details in web sites in form of order forms, registration sites, payment sites, and various internet pages. The information is thereafter encoded and secured from attacks using protection capabilities such as secure sockets layers (SSL). Nevertheless, in other times, cookies have faced major criticism as they are regarded as a major concern to user’s privacy. This is due to their tracking behavior and keeping browsing history.

It is crucial to always consider the types and purpose of cookies of interest. Web cookies are used to perform a variety of functions like providing continuity to the previous web page, assist in remembering the login details like the user ID and password, and providing preferences and content relevant to user’s interests or browsing needs. Consequently, to perform each of the specified functions, a particular type of cookie is used. In terms of the retention period, there are two main types of cookies: session and persistent cookies. The former type is kept in temporary file memory and is not remembered after closing the browser. The persistent types of cookies are stored in the device’s browser until deletion or expiry. Session cookies are the types of cookies that will offer an instant benefit before closing a session. For instance, cookies that store user’s information when browsing on an online banking website. On the other hand, persistent cookies provide tailored information and collect statistical information about browsing activity. Other types of cookies include strictly necessary cookies, registration cookies, third-party cookies, and anonymous analytic cookies.

Strict necessary cookies anonymously remember the user’s activity and function in a way to connect the user(s) to their session should they need to revisit and gain absolute control of the website. Anonymous analytics cookies are cookies generated by a third-party by applying web analytic software when an internet user visits a particular website. From the analytics, the website administrators can determine whether it is the first time the user is visiting the website. Also, the admins will determine whether the user’s browser contains these types of cookies, and should they miss, the administrators will offer new ones. These types of cookies enable the website admins to keep track of the number of visitors to their website and the frequency of activity. Registration cookies are generated by website administrators to identify connected users. The cookies identify the accounts signed to their website to determine the features their users are allowed to access. Anonymous analytics and registration cookies are used for statistical purposes. Third-party cookies are generated and placed on the user’s device by various web subjects depending on the websites they visit. Third-party cookies are the main cause of concern about the privacy of users. The majority of advertisements and ads available online are offered via these types of cookies. Third-party cookies are found on enormous internet sites and platforms and are regarded as abhorrent considering that they cause privacy breaches and are subjects to cyber-security threats by causing behavior profiling depending upon the browsing history of the user.

Third-party cookies allow advertising companies and data analytics firms to track the browsing information of users on the internet on all sites containing their ads. For instance, an apparel advertiser can find that the user was searching for their product at a particular store before the (users) they followed particular footwear. Other third-party cookies may contain zombie content or be zombies themselves. These sorts of cookies are installed in the computer browser and they will reappear even after the user deletes them and they are hard to remove.

Cookies and Cyber-Security

Since the EU’s General Data Protection Regulation (GDPR) law was introduced, web sites are required to install disclaimer notices for internet users when they are visiting these sites for the very first time. The regulation is meant to allow web users to decide the kind of information they would like the website to keep for them. It curtails undesirable behaviors and malicious websites from mishandling users’ data. Websites operating in Europe, the United Kingdom included, are required to keep a note of the sort of cookies they are placing on consumers’ disposal. For instance, websites are required by the law to inform users, before allowing them to read their content, that they are using tracking cookies. In non-EU countries, however, websites are not forced to inform their users if they’re to place tracking cookies on their devices. This is the reason why when visiting websites whose servers are based in the US, often a disclaimer appears informing the user that they cannot offer the webpage due to EU laws.

Tracking cookies, which are perceived as being invasive allows companies that use them to locate and determine the information of the device used to access the websites, search queries entered, purchase history, and so on. In other cases, the users may not even know this information was gathered. Then the question is, can tracking cookies inflict damages on your computer? No. can they infringe user’s privacy in ways that are considered unethical? Yes.

How To Prevent Tracking Cookies

Internet users can prevent tracking cookies before they can even show up, facilitated by the “Do Not Track” capability. This functionality is also supported by major browsers through privacy settings. Computer users can delete/clear cookies in their browser history. For instance, on Google Chrome, users can go to “Settings”, then click on the “Advanced” and then under the “Privacy and Security” category enable “Send a Do Not Track” request with your browsing traffic” option. Alternatively, in the address bar, a user can type “chrome://settings/”, find “Advanced” and then select “Clear Browsing Data.” Internet users can install ad-blockers and/or anti-tracking extensions on their computers. This is regarded as a secure method of hiding their browsing activities. In other cases, advertisers and web sites provide this “Do Not Track” capability. For instance, Twitter is one such platform that allows users to prevent tracking cooking by navigating through the “Personalization and Data” setting where several tracking-based preferences are provided. If the user thinks that the websites tracking their data does not infringe their privacy, they can let it go, and ignore them.

Conclusion

Information in computer cookies does not change, hence cookies themselves are not considered harmful. Cookies cannot infect computer systems with malware. Nevertheless, cyber-attackers can hijack the information, track the user’s browsing history in these cookies and commit malicious activities. Consequently, web cookies are risk carriers but can be reduced and negated by performing simple online activities. First, internet users must be careful anytime they are sharing their private information as cookies can transmit it. When using public computers, they should avoid sending sensitive information. Secondly, users should disable cookies on their browsers as this will limit the information they share. Thirdly, users can use browser add-ons to block any third-party and make sure that their browsing behaviors are kept private. Fourth, it is easy for our computers protected from any kind of attack by using reputable anti malware software. Lastly, if the user is not sure of the legitimacy of websites requesting them to accept cookies, they must leave them.


 

Rithesh Raghavan is the Co-Founder and Director at Acodez