What is a Cookie?

What Are Cookies? And How Do They Work?

Cookies are created when a user’s browser loads a particular website. The website sends information to the browser which then creates a text file.

Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server.

Computer Cookies are created not just by the website the user is browsing but also by other websites that run ads, widgets, or other elements on the page being loaded.

These cookies regulate how the ads appear or how the widgets and other elements function on the page.

Standard Uses For Browser Cookies

Website servers set cookies to help authenticate the user if the user logs in to a secure area of the website. Login information is stored in a cookie so the user can enter and leave the website without having to re-enter the same authentication information over and over.

Session Cookies are also used by the server to store information about user page activities so users can easily pick up where they left off on the server’s pages. By default, web pages really don’t have any ‘memory’. Cookies tell the server what pages to show the user so the user doesn’t have to remember or start navigating the site all over again.

Cookies act as a sort of “bookmark” within the site. Similarly, cookies can store ordering information needed to make shopping carts work instead of forcing the user to remember all the items the user put in the shopping cart.

Persistent or tracking Cookies are also employed to store user preferences. Many websites allow the user to customize how information is presented through site layouts or themes. These changes make the site easier to navigate and/or lets user leave a part of the user’s “personality” at the site.

Cookie security and privacy issues

Cookies are NOT viruses. Cookies use a plain text format. They are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again.

Since they cannot perform these functions, they fall outside the standard virus definition.

Cookies CAN be used for malicious purposes though. Since they store information about a user’s browsing preferences and history, both on a specific site and browsing among several sites, cookies can be used to act as a form of spyware.

Many anti-spyware products are well aware of this problem and routinely flag cookies as candidates for deletion after standard virus and/or spyware scans. See here for some privacy issues and concerns.

The way responsible and ethical web developers deal with privacy issues caused by cookie tracking is by including clear descriptions of how cookies are deployed on their site.

These privacy policies should explain what kind of information is collected and how the information is used.

New Laws for the use of cookies and other technologies that store online user information.

On May 26th 2011, new rules governing the use of cookies by websites comes into force in Europe. And now in July 2021 South African websites are governed by POPI Act. Rather than the “Opt out” option for website visitors, websites will need to specifically gain the consent of their visitor and they must “Opt In” to be able to store cookies on their computer or other devices.

This is expected to be difficult to manage and enforcement will more than likely be done subtlely and with encouragement rather than with the threat of fines and penalties.

What does the new POPI Act Law say about Cookies and Access to Personal Information?

The new requirement is essentially that cookies can only be placed on machines where the user or subscriber has given their consent.

A person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements are met:

The requirements are that the subscriber or user of that terminal equipment–

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.

Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements are met in respect of the initial use.

Consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.

(4) Shall not apply to the technical storage of, or access to, information–

(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

If you’ve visited a new website on your phone or computer over the past 18 months or so, you’ve probably seen it: a notification informing you that the page is using cookies to track you and asking you to agree to let it happen. The site invites you to read its “cookie policy,” (which, let’s be honest, you’re not going to do), and it may tell you the tracking is to “enhance” your experience — even though it feels like it’s doing the opposite.

Cookies are small files that websites send to your device that the sites then use to monitor you and remember certain information about you — like what’s in your shopping cart on an e-commerce site, or your login information. These pop-up cookie notices all over the internet are well-meaning and supposed to promote transparency about your online privacy.

But in the end, they’re not doing much: Most of us just tediously click “yes” and move on. If you reject the cookie tracking, sometimes, the website won’t work. But most of the time, you can just keep browsing. They’re not too different from the annoying pop-up ads we all ignore when we’re online.

These cookie disclosures are also a symptom of one of the internet’s ongoing and fundamental failings when it comes to online privacy and who can access and resell users’ data, and by extension, who can use it to track them across the internet and in real life.

Why this, why now, briefly explained

To back up a little bit, cookies are pieces of information saved about you when you’re online, and they track you as you browse. So say you go to a weather website and put in your postal code to look up what’s happening in your area; the next time you visit the same site, it will remember your zip code because of cookies. There are first-party cookies that are placed by the site you visit, and then there are third-party cookies, such as those placed by advertisers to see what you’re interested in and in turn serve you ads — even when you leave the original site you visited. (This is how ads follow you around the internet.)

What are cookies in layman’s terms?

A cookie is a tiny little file that’s stored on your computer. It contains the address of the website and codes that your browser sends back to the website each time you visit a page there. Cookies don’t usually contain personal information or anything dangerous; they’re usually innocuous and useful.

What does it mean when a site uses cookies?

When you visit a website that uses cookies, a cookie file is saved to your PC, Mac, phone or tablet. It stores the website’s name, and also a unique ID that represents you as a user. That way, if you go back to that website again, the website knows you’ve already been there before.

Are cookies on a website bad?

The standalone data of a cookie is not inherently bad, nor a type of malware. It’s the concern of what a website will do with that data that can be harmful to a user’s privacy. Virtual criminals could potentially use the information from cookies to data-mine browsing history.

Should I accept cookies?

Cookies can be an optional part of your internet experience. If you so choose, you can limit what cookies end up on your computer or mobile device. If you allow cookies, it will streamline your surfing. For some users, no cookies security risk is more important than a convenient internet experience.

What happens if you don’t accept cookies?

 The potential problem with refusing to accept cookies is that some website owners may not allow you to use their websites if you don’t accept their cookies. Another downside is that without acceptance, you may not receive the full user experience on certain websites.

Can cookies track you? 

Cookies collect information – online habits, previous visits, search history, etc. – and pass them on to the servers of the cookie owners. This information is then used for targeted advertisements and personalized content. Cookies from another website that you have not visited can also track you.

What information do cookies collect?

A cookie typically contains two bits of data: a unique ID for each user, and a site name. Cookies enable websites to retrieve this information when you revisit them, so that they can remember you and your preferences and tailor page content for you based on this information.

How often should you clear cookies?

If you’re using a public computer, you should delete them and other data, such as browsing history, right after your session. If it’s your personal device, we recommend clearing all cookies at least once a month. Also, you should do this if you see a drop in browser performance or after visiting a shady website.

Why do I keep getting pop ups about cookies?

Cookie consent notices are often displayed as pop ups that can take up a lot of your screen, and you have to agree to the use of cookies to fully access the site. … The notices were created as a result of privacy laws and inform users about what type of cookies websites use and how they are used.

Can cookies track private browsing?

When you visit a website in private-browsing mode, your browser won’t store any history, cookies, form data – or anything else. … It also prevents websites from using cookies stored on your computer to track your visits. However, your browsing is not completely private and anonymous when using private-browsing mode.

Can cookies steal information?

Cookies store all sorts of information – from ad preferences of a customer to login credentials and credit card information. Cookies are used widely across the internet and it’s scary just how often they get stolen. If you’re a victim of cookie stealing or session hijacking, the repercussions of it are severe.

Can websites track your identity?

When you browse a website or access content, a category of tracking systems knows as stateful identifiers are used to track your behavior. With access to this information, your usage is tracked across multiple websites and apps. This information is then used to build a profile of you.

Can a website know your identity?

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies