What is a Cookie

What is a Cookie

I should probably watch out for my weight because I have accepted too many cookies recently.

An understanding of cookies can help you keep unwanted eyes off your internet activity. In this article, we will discover what cookies are, how cookies work and how you can stay safe online.

What Are Cookies?

Cookies are small bits of data that a server creates and stores on your web browser(computer). These bits of data are used to monitor a users journey on a particular web site. It contains the address of the Web site and codes that your browser sends back to the Web site each time you visit a page there.

Screenshot 2021-04-18 at 11.55.32.png

How does this work?

When you visit a website, the site may deliver a cookie that identifies you as user A. If you leave the site and then return to it again, that cookie will be used by the website to recognize that you are the same user A that was at the site previously. This occurs because cookies contain a minimum of two pieces of data comprising of a unique user identifier and some information about that user.

Different types of cookies :

Cookies can be classified into several different ways four most common classifications to help us understand how cookies work and how they are used.

  • Session cookies

    These are temporary cookies that can only be stored in the memory of your browser while it’s open. Once you close your browser, the cookies get removed, making them pose a low-security risk. This cookie is used to power E-commerce shopping carts.
  • Persistent Cookies

    These cookies remain on a computer indefinitely, although they have an expiration date tagged to them by the issuer. This means that even while your browser is off, the cookie will still be there. This poses a great security risk as they track what you’re doing over more than one site
  • First-Party Cookies

    The first part cookies are created by a site you are currently visiting. These cookies help a website for diverse purposes like it allows you to add more than one item to your online order when purchasing items. Without it, every time you add an item to your cart it will be treated as a new order.

  • Third-Party Cookies

    These are stored cookies that are created by a domain that is not the domain you are visiting. They are the cookies used for advertising purposes to track users who click on advertisements and associate them with the referring domain. That is, when you click on an Ad, a third-party cookie is generated to link your traffic with the website where you saw the advertisement.

What Are Cookies Used For?

Cookies are a necessity in order for some basic website functions to work. They are useful for:

  1. Session management: They act as short-term memory for a website, reminding the site what actions a user has performed on a previous page (ie: Logins, shopping carts, or game scores ).

  2. Personalization: They help a user remembering personal data they have previously submitted on a website( User preferences & themes).

  3. Tracking: Shopping sites use cookies to track items users previously viewed, allowing the sites to suggest other goods they might like and keep items in shopping carts while they continue shopping.

Cookies keep track of quite a number of information about a visitor to that page and the actions performed on the page such as:

USER SPECIFIC iNFORMATION

  • Online identifiers and IDs (user IDs, device IDs, marketing IDs etc.)
  • IP addresses
  • Login information and passwords
  • Operating system, browser, language settings etc.

USER ACTIVITY AND BEHAVIOR

  • Pageviews
  • Purchase information (shopping cart items)
  • Website referrals (channel, social media, search engine, campaign)
  • Timestamps
  • Privacy settings such as cookie preferences

    Why Cookies Can be Dangerous

    Although cookies are integral to the way the internet works, they’re also a cause for concern when it comes to security and privacy risks. Let us look at some risks associated with cookies.
  • Cross-Site Scripting:

    In this attack, you will receive a cookie in disguise after have visited a malicious website. This website contains a script payload that targets another website. When you visit the targeted site, this fraudulent cookie (and its script payload) is sent to the targeted site’s server.

  • Cookie Tossing Attack: In this attack, you are provided with a cookie by a malicious site, which has been designed to look like it’s come from the targeted site’s subdomain. When you visit the targeted site targetsite.com, all of the cookies are sent, including legitimate ones and the subdomain cookie. If the malicious subdomain cookie is the first one received by the web server, it will take it as a valid one, and that cookie value will provide the session for the user. The attackers mostly falsify the identity of the user through malicious actions.

  • Cross-Site Request Forgery Attack (CSRF):

    For instance, assuming you have accepted a cookie from a legitimate website called "iamlegit.com" and this cookie is stored on your browser. Whereas an attacker someone embeds a link that can perform a delete action of " iamlegit.com" in a video and posts it on a site known as “iamabait.com” Once you visit “iamabait.com.” the webpage will load the video and then send a delete request to "iamlegit.com". Once the server receives this request, it searches for the cookie and when it finds your cookie, it will execute the delete request because it interpreted it as a valid request.

  • Session Fixation:

    This type of cookie fraud allows attackers to take over valid user sessions. In this attack, an attacker impels the user to use the attacker’s session ID by sending a malicious cookie. So when the user goes to log into a domain that’s being targeted, the user’s session ID isn’t logged but the cookie attackers own is.

How to Clear Cookies

It is possible to clear the cookies from your browser and for most browsers, you can do that through settings. Nevertheless, be mindful that if you remove cookies you'll be signed out of websites and your saved preferences could be deleted.

Clearing your cookies on Chrome

  • On your computer, open Chrome.
  • At the top right, click More More and then Settings.
  • Under "Privacy and security," click Cookies and other site data.
  • Click See all cookies and site data and then Remove all.
  • Confirm by clicking Clear all.

    Clearing your cookies on Microsoft Edge

  • Open the drop-down menu on the right side of your browser, then select "Settings"

  • Halfway down the drop-down, you'll see a "Clear browser data" heading.
  • Click on the "Choose what to clear" button below.
  • Then ensure that the "Cookies and saved website data" box is ticked.
  • Click "Clear" to finish.

Clearing your cookies on Firefox

  • Open Firefox on your computer.
  • In the upper right-hand corner of the browser, click the “menu bars,” which look like three parallel lines, and click the “Privacy” tab.
  • Here you can select “Clear your recent history.”
  • Be sure that only “Cookies” is checked, and then select the time frame for which you would like to delete your cookies. If you want to delete all cookies, select “Everything.”
  • Double-check your selections to make sure that other items you want to keep are not selected, and then hit “Clear now.”

Clearing your cookies on Safari

  • Open "Preferences" from the Safari drop-down menu, then click "Privacy".
  • To clear all cookies, click "Remove all website data", then confirm by selecting "Remove now".
  • It's also possible to clear cookies on a site by site basis by clicking "Details".
  • Then selecting the website information you'd like to erase.

giphy.gif

Conclusion

It is eminent that Cookies come with both advantages and disadvantages and Even though they provide a website with features that are business-critical, they can also pose a great threat to your privacy and security. Knowing about cookies and how they work is a great way to avoid being victims of cookie fraud and invasion of your privacy.

Resources: