What is a cookie?
HTTP cookies (referred to here as just “cookies”) are text files generated by a webserver when you visit a website. They’re stored on your device or browser and are then usually used every time you visit a website, to give you a much more personalised experience on that website.
Cookies do this by storing relevant browsing information about your visit to a particular website. This information can be used by the website during that same visit. Some cookies stay on your device for longer – the website can access this information after your visit or when you next visit, to see how you interacted with the website previously. In either case, cookies can allow a website to keep you signed in, remember your preferences, show content relevant to your current location, and much more.
Cookies have become a vital part of the modern internet. They can make it much quicker and easier to use a website – for example, if you allow cookies that remember your login details, you won’t have to re-enter them every time you visit a website. With them, the overall experience is made smoother and much more convenient.
But it’s not all good. There are plenty of valid concerns surrounding cookies. At Hyperoptic, we believe you should be informed of these risks. We’ll help you understand cookies and make informed decisions about whether or not to allow them from the websites you visit.
What do cookies do?
Cookies do a number of different things, but all of it happens behind the scenes. If websites didn’t use them, you would find your website experience much less streamlined and less personal. For example, a website needing you to log-in wouldn’t be able to remember your details for next time (so you’d have to enter them every visit), and a shopping website would be unable to keep track of things like the items left in your basket.
Cookies have an important role and can be used for:
Session management allows websites to recognise specific users. When you log in to your account on the website, the web server sends a cookie to your browser, telling it to load your content rather than someone else’s. If a website welcomes you by name, it is using these cookies.
This also works when you open a separate tab for a page connected to the same website. When the browser requests the new page, a cookie is sent along with the request, telling the website that it is still you browsing.
Cookies can allow websites to remember your preferences. This lets them customise your experience with targeted content and adverts. Every time you visit the website, or parts of the website, the cookies being used can build up data unique to you. The website then uses this information to show adverts and content that will be more relevant to you (and therefore more likely to be clicked on by you).
Cookies can be used to track your previous searches and/or activity on the website. Not only does this allow the site to remember your saved baskets, it also lets the website recommend related products.
Tracking cookies can help linked third party websites run targeted adverts. If you had a type of clothing, like a jumper, in your basket on a shopping website, a linked third-party website may show you adverts for similar jumpers.
Tracking cookies can also be used for website analytics – by tracking how visitors use a website, the website owner can use this data to improve how the website works and the user experience. Google Analytics (GA) cookies are some of the most widely used analytics cookies set by websites.
However, there is a grey area when it comes to tracking cookies – some websites monitor how a visitor uses that website anonymously and without linking to the visitor’s identity; while others use tracking cookies in a way that links the visitor’s website use to their personal data (such as their email address, name, physical address or phone number).
There is further information below to help you decide which cookies you want to allow and how to refuse or block tracking cookies.
Types of website cookies – “session” and “persistent” cookies
Cookies normally either expire at the end of a browser session (“session cookies”) or can be stored for longer “persistent cookies”).
Session cookies track your session on the website – they last for the duration of your visit to a website and are deleted at the end of your web browser session (usually when you exit your browser). They allow the website to remember information you input as you navigate through it. They don’t retain any information on your device or send any information from your device. For example, they can be used to help the ‘back’ button work correctly, so that you can move back and forth between steps along the website path without losing your information.
Persistent cookies are stored on your device until they reach their defined expiry date. This can be seconds or minutes (meaning that they can last for less time than a session cookie), or days or years (which means that they last for longer than session cookies). Once their expiry date is met, they are automatically deleted. Where they last for longer than a particular website visit, they can allow the website to recognise you on your return (meaning you don’t have to remember your password every time you visit), remember your preferences and enable the website to tailor itself to you.
Tracking cookies can be persistent and can be used to track your activity across different websites. They can build up a profile of your browsing behaviour so that you can be shown adverts specifically targeted at you, based on your previous online activity and searches.
Types of website cookies – “first-party” and “third-party” cookies
Whether a cookie is “first-party” or “third-party” depends on which website has set the cookie.
First-party cookies are directly created and placed on your device by the website you are visiting (this is the URL displayed in your browser’s address bar).
Third-party cookies are generated and placed on your device by a website that you’re not currently visiting. This can happen when a website incorporates third-party content from other websites (such as images, social media plugins or advertising) and third-party cookies are linked to that third-party content.
Using third-party tracking cookies can enable advertisers to track your browsing across different websites which contain adverts linked to that advertiser. This usually happens when websites share the same advertising network. These third-party adverts can generate their own cookies, even if you do not click on them. This is why, on a seemingly unrelated website, you might see adverts for a product you previously saw on another website you visited. There are also cookies known as “zombie cookies” which are a type of third-party cookie that are able to create backup versions of themselves, persisting even after being deleted (this means they can still be active without your knowledge). Like other third-party cookies, zombie cookies can be used to track your browsing activity.
How do I control what cookies are set?
Some cookies are essential for a website to work effectively (“Essential Cookies”); others are optional (“Non-Essential Cookies”).
The UK data protection laws allow websites to set Essential Cookies without obtaining user consent as the website won’t function effectively without them. However, you should always be given the option, when you first visit a website and within the cookie settings for that website, to decline Non-Essential Cookies. Some websites go further than this and give you the option to refuse all cookies in their cookie controls.
Additionally, it is possible to customise the cookies that are set on your device by adjusting your browser settings . These controls can include the ability to block all cookies, block third party cookies, clear cookies when you close your browser window and state specific websites that can or cannot set cookies.
Note that if you block all cookies you may find that some websites that you visit do not function properly due to you having disabled Essential Cookies as well as Non-Essential Cookies.
Are cookies safe?
Cookies themselves are not harmful – the data they contain does not change, and they cannot infect your device with a virus or other malware.
However, they can be used to track your browsing sessions and some cyberattacks use hijacked cookies.
Third-party cookies can be seen as intrusive and, in particular, zombie cookies which can track your browsing, often without your knowledge, and the data they find can be used in potentially harmful ways.
In addition, hackers can target cookies and, if successful, may be able to access information stored on them. With this they can launch targeted attacks against you. Session cookies are often targeted, because hijacking your session ID can allow a hacker to access your account on a website (this can include banking and other financial websites) as the server is fooled into thinking that the hacker’s connection is the same your original, authenticated session. Hackers can obtain session ID’s through phishing emails, using malware and monitoring traffic on public wifi networks.
There are a number of ways you can protect yourself against hackers:
- Delete your cookie history
- Avoid accessing unsecured wifi networks
- Use a robust antivirus program
- Click only on trusted links/visit trusted websites
- Use a VPN to hide your IP address
You may be concerned about cookies impacting your privacy. If you’re receiving targeted adverts, it means an advertiser may have access to your browsing data and/or may otherwise be tracking you through cookies. You can limit this tracking by adjusting the cookie settings on your browser and/or in relation to any specific website you visit.
As already mentioned above, cookies are subject to UK data protection laws, which do not allow websites to store Non-Essential Cookies on your device without your consent. This means you should always be given the option to refuse Non-Essential Cookies (and some websites will give you the option to refuse all cookies).
Cookies can be a great way to improve your experience while browsing online, but there are valid concerns being raised about their safety. Hyperoptic is here to help you understand everything you need to know to safely navigate the internet.