Published at: Feb 21, 2022
Most concerns I've ever heard about cookies were in regards to "being tracked by cookies", and in all my research this is still the number one concern people have regarding cookies. However it seems cookies get a bit of a bad rap these days, largely by not being understood properly.
There are two things to remember about cookies, both of which might lessen unreasonable fears about being tracked by cookies:
Cookies don't magically just steal your information and destroy your privacy or anything like that - if a website creates a cookie to store some kind of personal information of yours, it's probably going to be information that you have already provided to the website at some point; that is to say - your name, your site preferences, items in your shopping card, and so on.
Or, the other main thing that cookies can store is a "token" that proves you are logged into the site. That token/cookie is almost like a Membership Card or Name Tag - it identifies you on that website and saves you having to keep logging in over and over again; but there's nothing special about it - it's just a random bit of data that a website temporarily uses to identify your requests to their site.
A web browser will prevent one website accessing the cookies on your computer that another website created. If one website could access cookies on your computer from a different website, it would be a catastrophic security disaster - a malicious website could steal the cookies on your computer for a different website and then impersonate you on it.
But fortunately web browsers are very careful about preventing this from happening, so that a website that creates a cookie on your computer is the only one that's allowed to read that same cookie.
So access to a cookie is limited to the site that created the cookie, and that keeps everyone safer.
These two points - that cookies only contain information from yourself or the website you are visiting, and those cookies can only be read by the website who created them - both go to show that First-Party cookies are actually pretty safe and aren't too much of a problem. In fact, you'll find that a lot of websites won't work properly with Cookies disabled.
When you're visiting a website, and that website creates a cookie on your computer or phone, it's known as a "First-Person cookie". They are called this because you have a "first person" relationship with that website - you are dealing directly with them.
Third-Party cookies are cookies which are created by one website while you are actually visiting a different website. This usually happens because the website you actually want to visit - perhaps an online shop, news site, or video website - that website has embedded a widget from a different website - perhaps a Social Media "Like!" button, Instagram post embed, or some kind of advertising banner, or something like that. And it's that widget which sets cookies that can track you.
The way that it works is the Third-Party site - which provides the Social Media button, or the Advertising banner - is embedded into lots of different websites, so even if you're not accessing the Social Media Site or the Advertising Site directly, because they have their code embedded in many different websites, the advertising company is able to track your behaviour around the internet, across completely different unrelated websites, and it's this scenario that risks your privacy.
Some advertising networks will set a cookie when you view one of their advertisements on a website. When you go to a completely different website but view another advertisement from the same advertising network, they will be able to read that cookie and realise that the same person has just viewed both of the websites. Using this technique they can build a profile of you and all the websites that you like to visit, as well as how long you stay on them, what times you visit and so on.
The easiest way to prevent Third-Party cookies from risking your privacy is to simply tell your web browser to refuse them. follow the guide to enabling cookies to allow normal cookies and refuse third-party cookies. It's a good way of becoming a bit more private online.
What is JavaScript and what does it do?
Turn on/activate JavaScript.
What happens if you don't have JavaScript?
What are some of the concerns with JavaScript and security?
Does my browser already have JavaScript or do I have to install it?
Does JavaScript go out of date?
What is the percentage of websites that use JavaScript?
What are the reasons someone would disable JavaScript in their browser?
What restrictions are there that keep me safe?