Before getting on to the proper deep discussion on this topic there is a need to explain what exactly a website cookie is.
As the Internet (HTTP to be specific) was designed to be stateless initially, a website cookie is simply a short length unique text that websites put inside your computer for the purpose to identify you (e.g. login status) at that site conveniently.
In that case, why does a website ask for cookies? It starts with recent privacy laws, such as GDPR in Europe, that require companies to seek users' consent before collecting and using their information. Cookies have actually been used all along to track user and it was only when such laws were imposed, companies start to seek users' permission formally.
An example of information is a website cookie that remembers your geographic location to provide you relevant movies or traffic information near you. Cookies have also the ability to customize the banners for ads, keep track of the items in your cart, remember your username and password for the websites.
What happened before GDPR
Before GDPR, the browser (e.g. Internet Explorer, Google Chrome) automatically accepts cookies based on default rules. This probably means accepting all cookies except third-party cookies that can contact you.
There are different kinds of cookies
- Essential website cookies: These cookies are strictly necessary to provide you with services available through our Websites.
- Performance and functionality cookies: These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
- Analytics and customization cookies: These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customize our Websites for you.
- Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
- Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our Websites through third-party social networking and other websites. These cookies may also be used for advertising purposes too.
A cookie also has an expiry date while some are temporary and deleted when you log off your browser and used just to help you in that single session.
While on the other hand most saved cookies stay inside your PC for a period of time, extended on each visit, to assist you the next time when you are accessing that site. Sometimes staying in your browser for more than a year before expiring.
There are also 3rd party cookies that are allowed by websites to let their partners (e.g. Facebook, Google) track you even though you are not at their platform.
What happened if you ignore or reject cookies
Firstly, any websites which provide personalization (e.g. letting you log in, choose country or language or even shopping carts) must use cookie. If the website is compliant to GDPR and you refused to accept the use of cookies, those functionalities should not work at all. If you choose to ignore, the cookies will continue to be accepted as per normal.
Secondly, we don't think such a website exists yet as the cookie is an intrinsic setup even without the website developers' knowledge.
What is expected from us
A user is required to be conservative and selective about sites that he or she is going to allowed to give a cookie. For your information, these cookies are not threatening like viruses or malware. But yet, you may feel for example that the browser is tracking your visits to a specific set of websites or keeping them remember your login information. But that is a personal decision for the user to make on a site by site basis.
You can easily control how you treat these cookies regarding your internet browser security setups. If you block all the cookies that would probably limit the quality of your internet browsing experience. The better option if you are concerned is to set your browser to ask every time your permission before accepting a website's cookie. And obviously, only accept cookies from the websites you already trust and not third-party cookies.
There are also some cases where you will not be able to access a website if you do not allow that website to provide cookies.
A cookie is written usually when you are loading a new website. An example is when a submit button has been pressed, the page that is handling the data would be responsible for determining the values inside a cookie. The write operation will only fail upon the event if the user has chosen to reject or disable cookies on his or her browser. Some websites which heavily rely on the cookie will show an option that it has to take a default action or it would most probably prompt the user to enter the information again for that it should have been stored in the cookie.
Who can access the cookies in your browser?
Now here comes the part that you learn about who exactly can access the cookies in your browser. By setting its root domain it is possible to control its visibility by when a cookie is created. After that, it would be accessible to other URL that belongs to that same root. To easy explanation, if the route is set to what are cookies.com, then the cookie would be for the available sites are www.whatarecookies.com or xyz.whatarecookies.com, etc. this is used to allowed related pages help each other by communicating through common grounds. Of course, an IT person with physical access to your computer can also export your cookie files.
How secure our cookies exactly?
The Internet is now all about the privacy and security policy and procedures. Cookies are necessary and presented as a risk to privacy. Nevertheless, cookies only contain information which the user has given to the website. However, all this information may be made available to some of the previously specified third party websites. This is just something that the user has to compromise for a better internet experience.
Tracking cookies
Commercial websites might add some advertising material which is usually brought in from third party website and the fact is that it is very much possible for such advertisements to install a cookie for that third party website. The type of information usually includes the name of the website particular products that are being viewed recently visited pages etc. When the user at a later time visits some other website that contains the same looking embedded advertisement for the same third party, the advertiser will then be able to read the cookie information and also can use that information in determining something about the users' browser history. This fact usually enables the advertisement publishers to serve their advertisement at a targeted set of people.
Suppose if you browsed a website that is selling camping equipment, and it starts showing you some advertisements regarding safety products for being in the forest or country areas. Look carefully that these two events are interconnected.
If you are looking for camping equipment, the advertiser might think that there is an 80% chance that you are going to some forest or hill tracks. Those are places where you may face some security issued situation. The cookie that you used on some previous websites and also on the current one, would be provided to that third party website which is showing you the ads for self-defense products. That is how the advertisers set their target on the people that they can show interest if their ad is shown.