A browser cookie is a little snippet of data that the browser stores while the user is browsing. Websites use cookies for their ‘remember me’ functions, for example – if you tick the box under your log in and ask the website to remember you, it will, using a cookie.
The same goes for online shopping – when you’re logged in, the website remembers what you have in your cart by saving that information elsewhere. However, even when you’re not logged in, the page remembers what you’ve added to the cart, sometimes (depending on your browser and the website’s settings) even after you’ve left the page, closed the browser, and shut down the computer. Coming back a day later, the website will still have those items in your cart even though you’re still not logged in. That’s the convenience of a cookie!
It may not be immediately apparent, but this actually has quite a few security implications.
The Good
Websites use cookies to figure out if they should show you certain pages. If you’ve logged out in one tab, switch to another, and keep trying to shop, the website will put a hold on things before checkout (as long as checkout’s a separate page. It is on most websites).
The Bad
The downside to having cookies that keep you logged in is that if someone else gets their hands on your device, they can access everything that the browser has stored password cookies for. Example: You don’t log out of Facebook, but you close the browser. You let a friend use your computer to look something up real quick, but they notice Facebook pops up in the web bar. Suddenly they have access to your Facebook.
Or, logging in to Amazon on a friend’s device to order something, and then leaving without logging out, makes it possible for that friend to buy something on your account completely accidentally!!
Additionally, cookies can be ‘read’ by hackers and public WiFi providers like Starbucks or McDonald’s, but that security issue isn’t exclusive to cookies. Tracking cookies and other such shenanigans are usually used for advertising purposes, but that can be a security concern too, if privacy is a part of your security considerations.
These aren’t all the security risks of cookies, but they’re the most obvious, and the most likely to trip up a user.
Mixed Considerations
Cookies have more functions than simply recording logins. Some can take your device’s diagnostic data, some can recall settings you set the last time you visited a webpage, and some can track you. Tracking cookies are exactly what they sound like: cookies that track you as you travel along the web. These cookies can be used to form a long-term record of a user’s browsing history, which is obviously a concern – most people would be creeped out by someone following them through the mall, watching what stores they go into and what items they come out with. The same goes for cookies. Why does CarMods.com want to see what I’m buying for my tropical fish?
Any website that has something to gain from knowing what websites you visit, your potential interests, what kind of recipes you save, what kind of sports you watch or political sites you follow – they can use that to sell you something, and that something can be ideas.
Blocking Them
Cookies aren’t an enemy, and many just set out to make your life easier.
However, if you’re interested in keeping cookies from following you, for good or for bad, there are many options on the market. Some browser extensions like adblockers will also block cookies, and there are many third-party extensions built exclusively to keep websites from tracking the end user (you should always research the company you’re downloading from beforehand). Simply browsing in incognito mode or regularly erasing cookies along with your browsing history don’t require you to touch anything third-party if you don’t want to, as well!