Cookies!

Cookies!

Everyone loves cookies, right?

They're sweet, come in all kinds of amazing flavors, and when they are fresh out of the oven, taste like pure heaven. Fresh-baked cookies can melt all our stress away. But consuming too many cookies is bad for our health.

Well, cookies from the Web are kind of the same way.

They can be good or bad, depending on the situation. Good in the sense that when we are shopping online, they keep track of what's in our cart so that we have a pleasant experience, just like a warm delicious sugar cookie! Bad in the sense that they can track what we do online, invading our privacy, which just leaves an awful taste in our mouth, like burnt peanut butter.

It's just a small text file.

All a cookie is, is a small text file that downloads to your computer when you visit certain web sites. They fall into two categories, non-persistent (session) and persistent (permanent), which I explain in the paragraphs below. (There are also many subcategories.) Each web browser you use has its own cookie repository, sort of like a "cookie jar." The site that places the cookie on your computer is supposed to be the only site that can read the cookie, but there are ways around that (see the video below). Contrary to some popular beliefs, cookies do not install software on your computer or contain images.

Non-persistent cookies don't stick to the pan, because they're stored in RAM.

Non-persistent or session cookies exist during an authenticated "session" and then delete after you log out. These are the cookies Amazon uses to maintain your shopping cart and what your bank uses to allow you to conduct banking activities online. Again, they are only present during an authenticated session, which means that they generate when you login and delete when you logout. They are stored in RAM, not on your hard drive.

Persistent cookies are stored on the hard drive.

Persistent or permanent cookies do exactly what their name says: They hang around and "persist" on your computer's hard drive. In some cases, this can be very convenient. For example, a persistent cookie is what allows Amazon to recognize you and greet you by name when you revisit their site. However, this is also the type of cookie that advertisers deposit on your computer, opening the door to invading your privacy by tracking what you do on the Web and selling your information, which can result in creepy ads, junk mail, and unwanted telemarketing calls.

Is one better than the other?

While non-persistent (session) cookies seem to be the blue-ribbon winner at the state fair, and persistent (permanent) cookies a whole box of stale wafers, keep in mind that they both have their pros and cons. For session cookies, if an authenticated session is not secure, then an attacker can hijack your session, using information from the cookie. For permanent cookies, even though they are responsible for a lot of annoying ads, some are needed to allow web sites to provide the correct experience for the user, such as when a user needs to read a site in a different language. Another thing that can happen is that a cookie can contain sensitive information (such as your username and password) that the web site providing the cookie (for example, your bank) did not encrypt. In this case, an attacker can find it and use it to do some very bad things.

To learn more about tracking cookies, check out this video by Simply Explained - Savjee:

Another way to think about persistent cookies is like this:

You are at your town's monthly outdoor market searching for a really good red velvet cookie.

Your shopping bag is transparent.

The first booth you visit is Olga's Organic Bakery. She sells cookies made with almond flour and stevia. You fool yourself into thinking you can go low carb, so you decide to buy a box and put it into your bag.

Then you visit Sally's Sugar Shack, who makes decadent cookies with real butter and white sugar. All your low-carb ideas go out the window, but only a little bit, as you ask for a sample and move on.

So, you're just a-nibblin' and a-walkin', making your way over to Regina's Royal Biscuit and Tea booth.

Regina, astute business woman that she is, sees in your hand, a half-eaten red velvet cookie, and in your bag, a whole box! And she even knows where you got them from!

Well, it just so happens that Ms. Regina has her own red velvet cookies, which she rather obnoxiously places prominently on the table, directly in front of you, as she attempts to make a sale.

Well, this is how persistent cookies work. They allow companies to see your browsing activity and shopping preferences, which they then use to try to sell products to you through ads, sometimes rather aggressively.

To take it a step further, if you want to see what information a web server can collect about you, then visit MyBrowserInfo.com. The site will immediately show you some salient details, so be sure to click See Detailed Location and Browser Information, and then let us know what you think!

If you would like to know more about cookies …

Or need an assessment of your online security and browser settings, then contact us today!