Sep 29 12:39:47, 2022
If you log in to a site and then close the browser, most likely, you will not need to sign in to your account again when you reopen the browser. This is possible because the site stores cookies on your computer for automatic sign-in.
Cookies are also used for content and ads personalization, surveillance, information or money theft.
The third article from the cybersecurity series will tell you what cookies are and how they are used for tracking.
What Are Cookies?
They are small text files that a web server creates when you visit a site. These files are stored on your computer and sent back to the site when you revisit it. Cookies contain user activity information, browser or PC settings, etc.
Cookies collect your browsing and search history, autofill form information, and location. The amount of information collected depends on each site.
What Do Cookies Consist Of?
Cookies are bits of text code.
They look like this:
Every word corresponds to a specific attribute:
- The Name attribute indicates the name of the cookie.
- The Value attribute helps to identify the user and contains service information.
- The Expires and Max-age attributes determine the browser cookie lifetime. When this period expires, cookies are deleted.
If this attribute is zero, cookies are automatically deleted after closing the browser.
The Expires attribute is specified in the format Mon, 08-Aug-2022 13:35:22 GMT. The Max-age attribute shows the cookie's expiration time in seconds |from the moment the attribute was set up in the browser.
- The Path attribute limits the scope of cookies to a specific path on the site. If you set the root directory "/," cookies will be available for all site pages.
- The Domain attribute refers to a domain or subdomain that can view the cookies. To make cookies available to the entire site, the domain name "example.com" should be specified.
- The Secure attribute defines that cookies are sent through a secure HTTPS connection.
- The Samesite attribute controls cross-site cookies transmission. It protects against Cross-Site Request Forgery (CSRF).
Types of Cookies
Session. These browser cookies are stored only for a period when a person is visiting a site. When a person closes the browser, they are deleted.
Permanent. Permanent cookies are stored until they expire. They are sent to the site every time a person visits it. Permanent cookies are divided into:
- First-party Cookies are directly stored by the site you are visiting. They are not available to other domains. Such cookies help automatically log you in and store your shopping cart content.
- Third-party cookies are created by the sites that you are not visiting. For example, there is a Twitter sharing button on medium.com. Such sharing buttons generate cookies that are usually ad trackers. They help sites set up targeted advertising.
Secure. Secure cookies can be sent only via HTTPS protocol.
HTTPonly. They protect against cross-site information theft and are not available via API.
Zombie. They recreate themselves even after they are deleted. The copies are stored separately from other browser cookies, for example, on the Internet or in hidden folders on a PC.
Supercookies. They are the same as regular ones. Supercookies track user behavior and browsing history. The difference is that they do not use local storage but servers and other places. They can recreate user profiles even after deleting regular cookies.
Why Are Browser Cookies Used?
Remembering login information and products that a person wants to buy. Cookies improve user experience and facilitate the use of the site.
Linking a user and a website. Browser cookies correspond to the user's session and a specific account. The next time a person visits the sites, they will see personalized ads.
Tracking the sites a user visits. The information is sent to the server and then back to the site when a person revisits it.
Analyzing users' actions. Sites use Google Analytics and other legitimate web analytics tools. They collect information using cookies that are created automatically and sent to the server.
Website owners use web analytics tools to develop and improve their sites and collect information about their target audience.
Why Do Websites Warn About Cookies?
Some sites collect cookies that are necessary for their operation even without the user's consent.
Are Cookies Safe?
The browser's cookie itself is safe and cannot harm a user. It is a plain-text code that just contains information, not malware. They cannot make copies of themselves and spread to other networks to execute again.
Cookies are often used to commit fraud. Here are a few stories:
Disadvantages of Cookies
Inaccurate identification. Any person who uses multiple accounts and browsers has numerous sets of cookies. A similar applies to one account used by several people: cookies do not apply to a specific user but to the account as a whole.
Cookie stuffing. Hackers may steal and edit cookies. For instance, cookies contain information about the cost of an item, and hackers can change the amount of payment and pay less.
Cookie Theft. Cybercriminals hack a person's session and steal cookies or send them to another server to get personal information. They can use this information to log in to their social media accounts, email, or other sites. Credit or debit card details are often stolen if they are stored on the site and in cookies.
Cross-site cookies. Sites can exchange information collected from cookies with each other. In other words, they sell users' personal information.
Performance issues between a client and a server. Cookies can give incorrect information to servers. For example, a person accepts cookies in an online store, adds an item to the shopping cart, then changes their mind and clicks the back button, but the item is still in the cart. It may lead to ordering the wrong items and decreasing business trustworthiness.
Cookie lifetime. Permanent cookies have been criticized for allowing sites to monitor users' activity constantly and making a target audience portrait. Hackers can also use them for information theft.
What Happens if You Disable Cookies?
Auto-login will be unavailable. If you disable cookies, some sites will forget you, and you will not be able to log in to your accounts automatically. You will have to re-enter your login credentials after refreshing a page or navigating to another section of the site.
You will have to fill in forms on your own. When you fill in a form, your browser saves this data and shows up as suggestions later. It will not be available without cookies.
Sometimes sites that use multi-page forms may work incorrectly without cookies. So if the site reloads, you will have to fill in the information again.
Personalized ads will not work. It will be more difficult for sites to track user activity. They will not be able to check which resources you visit and will stop offering personalized ads. Most likely, the ads will not match your interests.
How to Disable Cookies?
Disabling Cookies in Google Chrome
- Go to settings. To do so, click on the three dots in the top-right corner → select settings.
- Click on Privacy & Security → click on Cookies and other site data
- Click on the appropriate option. If you want to turn off only third-party cookies, click Block third-party cookies.
Disabling Cookies in Mozilla Firefox
- Go to settings. Click on the three horizontal lines in the top right corner → select settings.
- Select the Privacy & Security panel
- Go to the Custom section. Open the list of cookies and select which ones you want to disable: third-party or all cookies.
Total cookies Protection does not isolate cookies from different open tabs under the same domain. So for example, if you have Gmail, Google Weather, and Google Shopping open, Google will know that you have three tabs open and connect their cookie trails.
You can solve this problem by installing container extensions. This way every site will have access only to its cookies even if several Google services are opened in the browser or if a site has embedded Facebook widgets. To get such extensions, go to Mozilla Add-ons and type in the search bar “container”.
Keep in mind, not all extensions are official. Read reviews and check star ratings before installing anything.
The other option is to use different accounts for sign-in.
Disabling Cookies in Opera
The steps are the same as in Google Chrome: go to settings → click on Privacy & Security → click on Cookies and other site data.