Why Do Websites Use Cookies? | All About Cookies

Website cookies have become a normal, everyday part of being an Internet user. Yet understanding how they can be used is important, especially to those concerned about privacy. In this blog we will discuss what cookies are, their types, and why websites use them. 

If you’d first like to learn more about data privacy and its importance, check out the blog: What’s the Difference Between Data Privacy vs. Data Security? 

Computer Cookies Definition 

Computer cookies, also known as website cookies or HTTP cookies, are small data blocks that are stored in a user’s computer or mobile device when they visit a specific website. The cookies are placed on the used device and each website may create more than one cookie. 

Why Do Websites Use Cookies?

Personalization: A website might send a cookie to a user to analyze their activity in order to create content personalization or behavioral personalization, for example.     A website you have visited previously can show you content specifically relevant to you and give recommendations based on your interactions, such as similar products or targeted messages.   

Tracking: Cookies allow websites to track your activity on that site. This allows them to record which pages you have visited, how long you interacted with each page, or which content pieces you engage with more often. 

For example, Facebook uses cookies to track your buying habits on the site, if any, to see how relevant and effective their ads are. 

Session Management: A website can send a cookie to a user’s device whenever they log into their account. That way the website can grant specific users access to its services and remember when a user has logged in. 

Types of Internet Cookies 

First-Party Cookies

Also known as same-site cookies, these cookies are created by the online pages you visit. For example, if you visit the YouTube website, a cookie made by that page will track your activity and behavior on that site. 

This cookie would allow the site to remember your language preferences, show you relevant content, and record which pieces of content you interacted with. 

Third-Party Cookies

These are cookies sent to your browser from a website created by a third party. They often work to send you targeted ads. 

For instance, let’s say you searched for flights to New York. Later, you may see on a different web page ads for hotels or attractions in New York. This is due to third-party cookies which tracked your previous activity. 

Session Cookies

Like the name suggests, these cookies are used to store information only while you navigate a site. Once you close your session, the cookie is deleted. These cookies can be used by an Ecommerce page to store your shopping cart items, for example. 

Persistent Cookies

Also known as permanent cookies, they can stay in your device for days, months, and years. They are often used to track your online activity. Persistent cookies can also be used by sites to remember your login credentials. 

Secure Cookies

A secure cookie is a first or third-party cookie with a secure attribute, which allows the cookie to only be transmitted in a safe website, usually HTTPS sites. 

Zombie Cookies

We know zombies to be undead beings that came back from the grave. Similarly, zombie cookies come back to a user’s device even after they were deleted. 

Zombie cookies are programmed to create their own back-up version outside of your browser, so even if you delete the original, its zombie version will come back into your browser.  

This type of cookie is often used by cybercriminals. For example, a zombie cookie that respawns continuously can be used to track targeted individuals to steal their data or send it to third-parties. 

Super Cookies

Also known as Flash cookies, super cookies are text files that a web browser sends to a user’s device whenever the browser shows content supported by Adobe Flash. 

Super cookies are named so because they remain in a device even when users clear their browsers of cookies. Although Adobe discontinued their Flash software, some flash cookies still exist in the web. 

Related Blog: 5 Tips on How to Prevent Cybercrime for SMBs

What Information Do Cookies Collect? 

Depending on the website you visit, a cookie can collect a variety of information. For instance, social media websites—and many other types of webpages—can collect your credentials, what links you have clicked, which ads you interacted with, how long your page visit was, etc. 

Users begin to worry about cookies when more private information is stored, such as their hobbies and interests, their phone number or address, or their location.  

When this type of data is collected, it’s often in order to help the user or make their website experience more effective. For example, if you filled out your personal details on a page—such as an airline website—a cookie can fill in your data for you next time you wish to purchase tickets.  

Advertisers often use cookies to show relevant ads and products to the users that visit their site. If you run an Ecommerce site, for example, cookies would allow your online store to send targeted ads to users based on their behavior and previous activity. 

Is Enabling Cookies a Security Risk? 

While cookies are generally not malicious, as you can see above, they can be used to track your behavior and online use. Most websites use cookies to show you more relevant content, ads, and suggestions of new sites that could be of interest to you. 

Generally, cookies are not malicious on their own, although some cookies have been used in the past to exploit the data in browsers. The danger in cookies appears when cookies on a user’s device are used against them. 

Bad actors can hijack users’ cookies and access the information stored in them, such as browsing session data, identifying information, and account credentials. 

Cookie Consent 

Thanks to user data privacy laws like CCPA and GDPR—the former protects the privacy of consumers in California while the later of those in the EU—many websites are now displaying a cookie policy to their users. 

When you visit a website, have you noticed a pop-up asking you to verify which cookies you consent to? This is an example of a site’s privacy law policies. 

Although it may be tempting to click “Yes” and instantly agree to a website’s cookie policy, users that wish to protect their privacy can opt out of any unnecessary cookies such as cookies used for marketing, statistics, and personalization. 

Related Blog: What Does CCPA Stand For?

Goodbye to Cookies? 

In 2020, Google announced that it would stop supporting third-party cookies for its Chrome web browser. While this termination seems limited since it would only apply to Chrome, it would have a large effect because Chrome holds 63% of the browser market share globally.  

Google has postponed this change until 2024 while it plans to continue development on its alternative to cookies, Topics, an API that would allow browsers to determine a user’s interests based on their browsing behavior. Topics would have similar uses to cookies, but Google hopes it will enhance users’ privacy. 

Bottom Line 

A website will send a cookie to your device when you visit it. Although not generally malicious, cookies can be used to track your behavior on a page so that the site can later deliver more personalized content and ads to you in the future.  

Cookies have helped users enjoy a faster and more efficient online experience, yet they also have the potential to jeopardize their privacy. Whenever possible read a site’s cookie policy and make the selection that is relevant and safe for you. 

To learn more about data security and how it affects businesses and consumers, check out the blog: What’s the Difference Between Data Privacy vs. Data Security?