What’s a cookie?
A depiction of a computer gremlin eating a cookie
A browser cookie is a little snippet of data that the browser stores while the user is browsing. The most familiar use of the cookie is likely for logging in –if you log into a site on one page, and then open another completely new page on your browser (maybe you want to look at something specific without interrupting the feed) that new page remembers that you’re currently logged in on another tab, and won’t make you do that again.
The same goes for online shopping – even when you’re not logged in (when you’re logged in, the website saves that info to their server instead of your browser), the page remembers what you’ve added to the cart, sometimes (depending on your browser’s settings) even after you’ve left the page, closed the browser, and shut down the computer. Coming back a day later, the website will still have those items in your cart even though you’re still not logged in. That’s the convenience of a cookie!
It may not be immediately apparent, but this actually has quite a few security implications.
The Good
Websites use cookies to figure out if they should show you certain pages. If you’ve logged out in one tab, switch to another, and keep trying to shop, the website will put a hold on things before checkout (as long as checkout’s a separate page. It is on most websites).
The Bad
The downside to having cookies that keep you logged in is that if someone else gets their hands on your device, they can access everything that the browser remembers you as logged in from. Example: You don’t log out of Facebook, but you close the browser. You let a friend use your computer to look something up real quick, but they notice Facebook pops up in the web bar. Suddenly they have access to your Facebook.
Or, logging in to Amazon on a friend’s device to order something, and then leaving without logging out, makes it possible for that friend to buy something on your account completely accidentally!!
Additionally, cookies can be ‘read’ by hackers and public WiFi providers like Starbucks or McDonald’s, but that security issue isn’t exclusive to cookies. Tracking cookies and other such shenanigans are usually used for advertising purposes, but that can be a security concern too, if privacy is a part of your security considerations.
These aren’t all the security implications of cookies, but they’re the most obvious, and the most likely to trip up a user.
Why does every website warn me that they’re using cookies to “improve my experience” on their site?
Well, tracking cookies. Tracking cookies are exactly what they sound like: cookies that track you as you travel along the web. These cookies are used to form a long-term record of a user’s browsing history, which is obviously a concern, and caused outcry due to what it could do to privacy – most people would be creeped out by someone following them through the mall, watching what stores they go into and what items they come out with. The same went for cookies. Why does CarMods.com want to see what I’m buying for my tropical fish?
And that’s just shopping! Any website that has something to gain from knowing what websites you visit, your potential interests, what kind of recipes you save, what kind of sports you watch or politics you follow – they can use that to sell you something, and that something can be ideas. That’s why they have to warn you first.
Should I be Worried?
It’s not all bad – cookies are still really useful, and they make a lot of websites more convenient to use. Staying logged in on a personal device that you don’t share and don’t use on public WiFi is usually pretty low-risk, anyway. Just clear that cache every now and again and use a password manager if possible – it means that the log-in cookies are less important!