Are All the Cookies That Sweet?

Apart from delivering top tier cyber security services and solutions, we'd like to be useful in providing interesting information about new or familiar, but not so close, terms and practices of cyber security processes and aspects. Our next topic is about Cookies - not in the cooking, but on the web - and cyber security issues. 

You've undoubtedly heard about computer cookies, the term you see on nearly all websites. But do you really know what that is? Or - even more importantly - are the Cookies good or bad? There are so many myths surrounding such a small piece of data. Let's try to make it clear.

What Are Cookies?

A computer cookie, a.k.a. HTTP cookie, web cookie, Internet cookie, browser cookie, or simply cookie, is a piece of data that your device (computer or any mobile device) receives, then sends back without altering it. Your device stores it in your web browser, and you may find it by the simple name "Cookie(s)."

How Do Cookies Work?

If the website you access uses cookies, it will probably inform you of that issue, or you'll give your consent to cookies by agreeing with their Privacy Policy and Terms of Use.

Then cookies are automatically downloaded onto your PC (or other devices) as a .txt file (in most cases, Cookie.txt) at your first visit to the website. Next time you go to this website, you send the data contained in the cookie back as your identification card. So, the website understands you've already been there. And upon each visit to the website, the procedure repeats. Two parties have access to the cookies file - PC and the web server.

The text file usually contains a website name and some information about its user - your account info or basic ID.

What Do They Do? Benefits You Get with Cookies 

Cookies keep track of your visits, activity (browsing pages, clicking buttons, etc.), and some important stateful information such as online shopping cart items. For remembering the information you fill in various forms (logins, passwords, ID information, etc.), websites also use cookies. Moreover, web servers can use the information in cookies to tailor webpages to your needs.

Generally speaking, cookies provide initially stateless web pages with memory - easy logging in, browsing web pages still staying logged in and with your shopping cart full at online stores.

Cookies also serve some marketing purposes. They can be used to track the pages you browse (not only on a particular website). By analyzing that information, advertisers build a picture of your preferences and interests.

Types of Cookies

There are many different types and classifications of web cookies, with an average website storing 20+ cookies on your computer. The common types include: 

• session cookies, a.k.a. in-memory cookie, transient cookie, or non-persistent cookie, are temporary cookies existing during a session - a website's short-term memory;
• persistent cookies, also known as permanent cookies, stored cookies, or first-party cookies, are a website's long-term memory; used for permanent logging in, tracking website navigation and activity for creating web analytics - analytics cookies;
• secure cookies are transmitted via HTTPS only and are encrypted, used for online banking, financial transactions, and other purposes;
• HTTP-only cookies prevent cross-site-scripting (XSS) attacks by a malicious script that tries to send the content of a cookie to a third party website.
• same-site cookies disable third-party usage;
• third-party cookies, or 3P cookies, are primarily used in online marketing and advertising;
• super cookies are more difficult to find and/or delete; the most common type is a flash cookie;
• zombie cookies can instantly recreate themselves after being deleted.

Security Concerns

Almost all websites utilize cookies or other tracking technologies (web beacons, etc.). In most cases and under ordinary circumstances, browser cookies themselves are harmless as they represent a text file with a limited amount of information. However, security vulnerabilities may allow hackers to access data in cookies. That may lead to unauthorized access to websites and systems, followed by data leaks and other negative consequences. 

Meanwhile, among cookie types, you may find cookies that can have more harmful properties than others. The functionality of super cookies and zombie cookies exceeds browsers' capacity. They are more difficult to manage. 3P cookies are considered suspicious and intrusive. They can definitely cause a real security and privacy concern as they give strangers the power to watch where you are going and what you are doing online.

And one more threat is that some malware can be disguised as cookies.

Manage your cookies wisely or let professionals take care of any cyber security concerns. Reach out to MBS Tech - a renowned specialist in data protection.