HomeBlogWhat Are Internet Cookies, and Are They a Security Risk?

What Are Internet Cookies, and Are They a Security Risk?

December-14th-2021

Summary: In tech speak, cookies aren’t a delicious treat — they’re pieces of data that are stored by your browser to make your online experience easier. But they’re not new, so why Is seemingly every site asking about them? And are they a security risk? Find out the answers to all that and more.

If you exist on the internet these days, you’ve had to click “Accept” or “Reject” all cookies on a web page that you navigate to. Historically, sites just automatically accepted for you. Now, they’re looking for explicit permission from visitors to use cookies — but most people click “accept,” especially since not all sites work without them.

Cookies in the tech world are an essential part of web browsing. They allow you to have more personalized and convenient website experiences by remembering you — your login, shopping cart, link clicks, and more. That technological memory makes your life easier, but it can also make the lives of hackers easier, too.

The good news is, most cookies are perfectly safe — even tasty! But, because some cookies can track you without consent, or be used to spy on you by a criminal, it’s important to know how they work. We’ll explain what exactly an internet cookie is and how you can stay safer online.

What are Cookies?

Cookies are text files that contain small pieces of data (your username and password, for example). They are used to identify your device when you use a network. There are a few different types of cookies — like session and persistent — but they’re ultimately a way to identify your device (and you) and use the data they collect to create a better web experience.

A graphic that says: Cookies are used for: session management, personalization, and tracking

That cookied data is created by the server when you connect and labeled with an ID that’s unique to you. That way, the next time you come back to log in or shop, the server remembers important information about you and can make your browsing experience easier and more tailored to your interests. Think of cookies as Cheers of the internet — they know your name and greet you with a warm welcome.

What Kinds of Cookies Exist?

There are two types of cookies: single-session cookies and persistent cookies (also called multi-session cookies).

Single-session cookies are used to:

  • Help with website navigation
  • Temporarily record information that gets erased when the browser is closed
  • Provide the smoothest navigation experience possible (that’s why they’re automatically enabled)

Persistent cookies:

  • Remain on your computer and record information every time you visit the site
  • Are stored on your device’s hard drive until you manually delete them. Some cookies will expire, but that can be years after they were created
  • Provide analysis of site use and to maintain access quality (think things like your theme settings, bookmarks, and language preferences)

Single- and multi-session cookies work together to make your internet experience as seamless as possible. After all, it’d be annoying to have to manually select the same settings every single time you return to a site.

Where are Cookies Stored?

The cookies that are created are stored locally in your browser (y’know, instead of locally on your kitchen counter in a cookie jar). If you return to that site later, your browser shows the saved data to the web server as a cookie. What it’s actually doing is recalling data from your previous sessions (like anything you may have left in a cart while online shopping) and restoring that information. Handy if you order the same thing every week for lunch, right?

What are Internet Cookies Used For?

Cookies are primarily used for three things.

  • Session management: includes things like keeping you logged in to accounts and remembering your preferences
  • Personalization: the main way you experience this is custom advertising. If you view certain items or areas of a website, cookies use that data to build targeted ads for products you’re more likely to buy
  • Tracking: shopping sites use cookies to track the items you previously viewed, which allows them to suggest other items you might like, and store items in your shopping cart while you keep browsing

Clearly, when cookies work correctly, they make our online lives easier and more tailored to our taste. But what happens if they don’t work correctly? Can bad cookies burn the consumer?

Are Cookies a Security Risk?

Cookies themselves aren’t harmful — but cybercriminals can hijack the cookies and track the browsing histories of individuals.

There are three groups that can install cookies on your computer.

First-party cookies are created by the site you’re using. As long as you’re sticking to reputable websites, these cookies are typically safer because they’re direct.

Third-party cookies are more complicated. These are baked by websites that you’re not currently using — linked ads on the page are a big third-party cookie culprit. If you’re scrolling a website with five ads, you could walk away with five unwanted cookies, even if you didn’t engage with the ads.

Then, when you go to a new website, an advertiser or analytics company can track your browsing history on any other site with their ad. (And think about how many of the same ads you see across the web on a daily basis.)

Finally, we have zombie cookies. These come from a third-party and are permanently installed on your device… even if you opt not to install cookies, or if you delete cookies. These are also called “flash cookies” and are difficult to remove. They can be used by analytics companies to track unique browsing histories or to ban specific users. To get rid of these, you’ll have to find out which third-party cookie is installing them. It typically requires running cleaning software… which, ironically, uses cookies.

Should You Remove Cookies?

Even if you don’t have “bad” cookies on your device, it’s still a good idea to periodically remove them to minimize your risks of privacy breaches. You can do a quick search to find the instructions specific to your device or browser.

Generally speaking, you’ll want to go to the privacy section under your settings. From there, you can manage or remove cookies. Keep in mind that if you remove all cookies, you may have to log back in or select your initial settings again. It’s a good idea to manage (or remove) cookies on a regular basis as part of your digital hygiene.

Want to be as secure as possible moving forward? Opt for a virtual private network, or VPN. VPNs access a separate server, essentially creating a secure tunnel between your device and the web. This keeps you safer from security breaches by hackers and makes it tough for companies to gather data on your browsing and purchasing behaviors. Wondering if a VPN is right for you? We highly recommend them, and we’ve got the answers to all of your VPN questions.

Cookies are one way that our online lives are made easier and more personalized. They’re not inherently risky, but if your data is breached, it can give hackers a wide window into your browsing history and habits. Along with other security measures like creating a strong password and securing your home WiFi network, removing cookies is one way to stay safer online.

Oh, and choosing an internet provider who offers fiber internet speeds up to 1 Gig with no data caps and no speed throttling? Well, that’s just a no-brainer.

Erin Ellison

Erin Ellison

Tess Hansen is a freelance copywriter based in Brooklyn. She graduated from the University of Washington with a BA in English Language and Literature. She writes about all things digital for EarthLink, including how to make your life easier (and safer) through tech.

See all posts from Erin Ellison.