Understanding the Recipe of a Web Cookie

We’ve all heard the term ‘cookie’ used in the context of web browsers, and while we enjoy the warm, delicious connotation they bring to mind, do we really know what one is? How are cookies used by websites to provide customization and personalization? How are cookies used by third-party advertisers to track you across the internet?

To answer these questions, let’s chew through the necessary information so we know exactly what a cookie is, what it does, how it works, and the role it plays when it comes to online privacy.

The Main Ingredients

The main ingredients of a cookie are usually simple strings of text. The nature of this text is to open a dialogue between your web browser and the website that you’re visiting.

A cookie is created by a website and sent to your computer so the next time you visit that site, it knows what to do and how to act.

A cookie has up to six parameters

An example of a cookie’s text

Content-type: text/html Set-Cookie: foo=bar; path=/; expires Tue, 17-Apr-2014 13:37:00 PST

Aside from a disappointing lack of chocolate chips, the content of a web cookie is pretty innocuous.

Examples of helpful cookies

Three common examples of cookies encountered day-to-day:

• Remembering your username for a site so it’s already entered every time you visit
• Your selected preferences for personalization on your favorite websites (such as your zip code for a website with your weather forecast)
• Product information stored in your shopping cart on e-commerce websites

It’s hardly the kind of information that would allow somebody to break into the high security vault for your Swiss bank account. More on privacy later.

Other usage of cookies

Cookies can be used in other ways as well. Have you ever had an advertisement seem to follow you across the web, with ads for the same company appearing on site after site?

• A website can use cookies to track your usage of the site, determining which pages you visited and the length of time you spent on each page
• Third-party cookies are generally used by advertisers to track you across multiple sites, thereby building up a “profile” of who you are based on your web browsing habits

Different Flavors of Cookie

Just like the ones you’d find on a trip to your favorite local bakery, Internet cookies come in a variety of different flavors. Let’s take a quick overview of two different types that exist in addition to the plain old web cookies we covered above.

Flash Cookies

Flash Cookies, also known as Local Shared Objects (LSO’s), take their name from the fact that they work in a similar manner to regular web cookies. They’re used in conjunction with Adobe’s Flash Player, which is used to play videos on YouTube, for website animations, and to power Flash games such as the popular Desktop Tower Defense. Flash cookies can also be used by advertisers in a similar was to the third-party cookies mentioned above. The only difference is that they need to be deleted in a different way.

Evercookie

Despite sounding like a good idea (who wouldn’t want an unlimited supply of cookies?!), Evercookie serves a more nefarious purpose. Evercookie is an Application Programming Interface (API) that allows developers to create a type of cookie that’s nearly impossible to delete. By storing the cookie data using 13 different methods (including hiding the cookie data in a small image file), the original cookie can be recreated if at least one of those pieces of data remains present on the system. The nature of an Evercookie to actively resist deletion has earned it the nickname of “the zombie cookie” and has repeatedly been cited by online privacy advocates as a cause for concern.

How Cookies Are Stored

There was a time (back in the dark days before FaceBook and YouTube) when cookies were stored as individual .txt files. These days, however, modern web browsers utilize a cookie database (‘cookie jar’, if you will) to store cookies as individual entries in a common, shared location, which varies depending on the browser that you’re using.

You may be wondering whether having all these snippets of personal information in one tidy location would be a cause for concern regarding privacy or security, and this brings us to our final point.

Is There Genuine Concern over Privacy?

While your personalized Google home page or local weather site may be harmless on an individual basis, hundreds of these small details can add up and start to paint a bigger picture, raising concerns over the extent of the market for tracking and selling information which should otherwise be private.

Whether or not cookies present a privacy concern depends on your perspective of what really constitutes private information. A cookie will not be able to take a video of you while you’re taking your morning shower, but at the same time it’s a bad idea to underestimate the ingenuity of people who create malware, or the tenacity of advertising agents who gather behavioral browsing information from the Internet. Now that you know what cookies are and how they work, you’ll be able to make informed decisions when it comes to managing your online privacy.