What are Cookies?
For almost any modern website to work properly, it needs to collect certain basic information on its users. To do this, a site will create files known as cookies – which are small text files – on its users' computers. These cookies are designed to allow the website to recognise its users on subsequent visits, or to authorise other designated websites to recognise these users for a particular purpose.
Cookies do a lot of different jobs which make your experience of the Internet much smoother and more interactive. Generally, for instance, they are used to remember your preferences on sites you visit often, to remember your user ID and the contents of your shopping baskets, and to help you navigate between pages more efficiently. They also help ensure that the advertisements that you see online are more relevant to you and your interests. Much, though not all, of the data that they collect is anonymous, though some of it is designed to detect browsing patterns and approximate geographical location to improve user experience.
Some websites may also contain images called 'web beacons' (also known as 'clear gifs'). Web beacons only collect limited information, including a cookie number, a timestamp, and a record of the page on which they are placed. Websites may also carry web beacons placed by third party advertisers. These beacons do not carry any personally identifiable information and are only used to track the effectiveness of a particular campaign (for example by counting the number of visitors).
Information collected by cookies and web beacons is not personally identifiable.
Standard uses for browser cookies
Website servers set cookies to help authenticate the user if the user logs in to a secure area of the website. Login information is stored in a cookie so the user can enter and leave the website without having to re-enter the same authentication information over and over. There are two types of cookie;
Session Cookies are also used by the server to store information about user page activities so users can easily pick up where they left off on the server's pages. By default, web pages really don't have any 'memory'. Cookies tell the server what pages to show the user so the user doesn't have to remember or start navigating the site all over again. Cookies act as a sort of "bookmark" within the site. Similarly, cookies can store ordering information needed to make shopping carts work instead of forcing the user to remember all the items the user put in the shopping cart.
Persistent or tracking Cookies are also employed to store user preferences. Many websites allow the user to customize how information is presented through site layouts or themes. These changes make the site easier to navigate and/ or lets user leave a part of the user's "personality" at the site. For Information on session and persistent and tracking cookies, see here
Cookie security and privacy issues
Cookies are NOT viruses. Cookies use a plain text format. They are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Since they cannot perform these functions, they fall outside the standard virus definition.
Cookies CAN be used for malicious purposes though. Since they store information about a user's browsing preferences and history, both on a specific site and browsing among several sites, cookies can be used to act as a form of spyware. Many anti-spyware products are well aware of this problem and routinely flag cookies as candidates for deletion after standard virus and/or spyware scans.
Most browsers have built in privacy settings that provide differing levels of cookie acceptance, expiration time, and disposal after a user has visited a particular site. Backing up your computer can give you the peace of mind that your files are safe.
Other cookie-based threats
Since identity protection is highly valued and is every internet user's right, it pays to be aware of what threat cookies can pose.
As cookies are transmitted back and forth between a browser and website, if an attacker or unauthorized person gets in between the data transmission, the sensitive cookie information can be intercepted. Although relatively rare, this can happen if the browser is connecting to the server using an unencrypted network like a non-secured WiFi channel. Internet security is only attainable if you regularly use an anti-virus protection programme.
Other cookie-based attacks involve exploiting faulty cookie-setting systems on servers. If a website doesn't require browsers to use encrypted channels only, attackers can use this vulnerability to trick browsers into sending sensitive information over insecure channels. The attackers then siphon off the sensitive data for unauthorized access purposes.
Key tips for safe and responsible cookie-based Web browsing
Customize your browser's cookie settings to reflect your comfort level with cookie security or use a cookie cleaner app.
If you are very comfortable with cookies and you are the only person using your computer, you may want to set long expiration time frames for storing your personal access information and browsing history.
If you share access on your computer, you may want to set your browser to clear private browsing data every time you close your browser. While not as secure as rejecting cookies outright, this option lets you access cookie-based websites while deleting any sensitive information after your browsing session.
Install and keep antispyware applications updated
Many spyware detection, cleanup applications, and spyware removers include attack site detection. They block your browser from accessing websites designed to exploit browser vulnerabilities or download malicious software.
Make sure your browser is updated
If you haven't already, set your browser to update automatically. This eliminates security vulnerabilities caused by outdated browsers. Many cookie-based exploits are based on exploiting older browsers' security shortcomings.
Cookies are everywhere and can't really be avoided if you wish to enjoy the biggest and best websites out there. With a clear understanding of how they operate and how they help your browsing experience, you can take the necessary security measures to ensure that you browse the Net confidently.
Cookies also have, broadly speaking, four different functions and can be categorised as follow: 'strictly necessary' cookies, 'performance' cookies, 'functionality' cookies and 'targeting' or 'advertising' cookies.
Strictly necessary cookies are essential to navigate around a website and use its features. Without them, you wouldn't be able to use basic services like registration or shopping baskets. These cookies do not gather information about you that could be used for marketing or remembering where you've been on the internet.
Examples of how we use 'strictly necessary' cookies include:
Setting unique identifiers for each unique visitor, so site numbers can be analysed.
Performance cookies collect anonymous data for statistical purposes on how visitors use a website, they don't contain personal information, and are used to improve your user experience of a website.
Here are some examples of how we use performance cookies:
The analytics services we use are:
Information supplied by performance cookies helps us to understand how you use the Website; for example, whether or not you have visited before, what you looked at or clicked on and how you found us. We can then use this data to help improve our services. We generally use independent analytics companies to perform these services for us and when this is the case, these cookies may be set by a third party company (third party cookies).
Functionality cookies allow users to customise how a website looks for them: they can remember usernames, language preferences and regions, and can be used to provide more personal services like local weather reports and traffic news.
Advertising and targeting cookies are used to deliver advertisements more relevant to you, but can also limit the number of times you see an advertisement, and be used to chart the effectiveness of an ad campaign by tracking users' clicks. They can also provide security in transactions. They are usually placed by third-party advertising networks with a website operator's permission, but can be placed by the operator themselves. They can remember that you have visited a website, and this information can be shared with other organisations, including other advertisers. They cannot determine who you are though, as the data collected is never linked to your profile.
By continuing to use our site, you agree to the placement of cookies on your device. If you choose not to receive our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be. You can change your cookie settings at any time through your browser.
How do I control my Cookies?
Most browsers accept cookies automatically, but you can alter the settings of your browser to erase cookies or prevent automatic acceptance if you prefer. Generally you have the option to see what cookies you've got and delete them individually, block third party cookies or cookies from particular sites, accept all cookies, to be notified when a cookie is issued or reject all cookies. Visit the 'options' or 'preferences' menu on your browser to change settings.
Managing performance Cookies
It is possible to opt out of having your anonymised browsing activity within websites recorded by performance cookies. If you still want to switch off third-party advertising cookies, you can turn do this by visiting the Internet Advertising Bureau's consumer advice site, youronlinechoices.com This will give you a list of all cookies that are currently set on your device and how to opt out of each of them. Please note that this list will contain all networks found.