What are cookies?
Cookies, also known as internet cookies, browser cookies, website cookies or HTTP cookies, are small text files that store data meant to identify you when you visit a website. Cookies store data such as login details and browsing activity with the goal of providing a personalized user experience to returning website visitors.
Cookies are stored on a user’s device, in the browser directory or program data subfolders, using a unique ID. The website stores a corresponding file with the same ID to recognize returning visitors and provide personalized content. While cookies help web developers uniquely identify returning users and display customized content to them, they may also threaten users’ online privacy.
What are the main types of cookies?
Depending on their purpose, cookies can be split into two categories: temporary cookies, better known as session cookies, and persistent cookies.
Session cookies vs. persistent cookies
Session cookies are used while the user navigates a website, and they are deleted after the visitor ends the session. Session cookies are used, for example, in online shops to store login data and items in your cart while you are shopping online. Session cookies are saved in the temporary memory of the device (RAM), unlike persistent cookies, which are saved on the device for a longer period.
Persistent cookies remain on the device for a long time, and they are mainly used for authentication and tracking. Persistent cookies make it possible for a site to remember preferences you set up in previous sessions, like language, region, as well as what you browsed and other data. Their purpose is to improve user experience by offering content tailored to your preferences. They are stored indefinitely, unlike session cookies, which are removed automatically once you leave the website.
Technically necessary cookies vs. technically unnecessary cookies
Depending on how they impact users’ data privacy, cookies are classified into technically necessary and technically unnecessary.
Technically necessary cookies are essential for the proper functioning of the website. Without these, users can’t use the website’s features. Session cookies are technically necessary, as they make it possible to browse different pages of the website without having to repeat actions on every page of the website. For example, without session cookies, you wouldn’t be able to add multiple items in your shopping cart when browsing through an online shop.
Technically unnecessary cookies are used for providing a personalized experience, such as marketing cookies that track your online activity to help advertisers target you with relevant ads. These are persistent cookies.
According to the General Data Protection Regulation (GDPR), website operators in EU member states may only collect personal data from users if they have given their express consent to the specific purposes of their use. An exception are the technically necessary cookies. Cookie consent is usually obtained by means of a query via opt-in banners when a website is visited for the first time and must be obtained again annually.
Types of technically unnecessary & persistent cookies
- Functional cookies are used to offer users personalized functions and are stored anonymously. These include, for example, language selection, location, and device-specific data such as screen resolution.
- Analysis/performance cookies collect information about user behaviour to improve the usability and content of the website. These persistent cookies also store all information and data in an anonymous form.
- Advertising/marketing cookies are used by advertisers and website operators to display personalized ads or product suggestions based on a user's browsing behaviour.
- Flash cookies are commonly used in videos and are tied to Adobe Flash Player. They are not collected by the browser but by the Flash plugin, and have no expiration date.
Can cookies be dangerous?
Cookies are simple text files, so they are not dangerous in themselves. They can’t access any other information beside the data they have stored on your device or browser when you first visited a website. This data is stored in the form of random alphanumeric text characters and it can be usually decoded only by the website’s server that created the cookie. However, some types of cookies can be used to track users. Cookies linked to ads or cookies provided by plugins that enable users to share content on social networks with one click might track a user's browsing history across the web.
First-party vs. third-party cookies
First-party cookies are generated by the website you are visiting. Websites typically encrypt the information they store in cookies and some even go further by adding additional layers of security to the cookie handling process. While first-party cookies are rarely a threat, third party cookies might pose serious privacy risks.
Third-party cookies are set by a different website than the one you are visiting. Third-party servers are usually social media platforms that embed plugins or other content into the website, or advertisers that use banners, for example, to collect user information. These cookies are responsible for those ads follow you all over the internet: that pair of sneakers you once checked out in a shop and now keeps popping up everywhere. If these cookies are used for a long time and across multiple websites and devices, they allow the creation of extensive user profiles ("profiling").
While first-party cookies are not dangerous, third-party cookies may expose users’ profiles, thus posing privacy risks.
How to clear cookies and protect yourself from tracking?
Some cookies, especially those from third-party providers, are questionable for data protection reasons and should always be blocked. And even though some cookies are necessary for the proper functioning of a website and for enjoying a personalized experience, it’s important to delete them regularly to maintain a good data hygiene. Even though cookies are small data packets, a large number can accumulate over time and take up a significant storage space. You can manage, delete and block cookies in the privacy settings of your browser.
There are several ways to block cookies and protect yourself from tracking, such as using the browser's "Do not track" option. However, this is only a non-binding recommendation that website operators do not have to adhere to. Users can also use the incognito or private mode of their browser. This way, cookies are stored, but deleted again after the session is ended. However, blocking cookies does not necessarily prevent tracking, as there are other tracking methods, such as fingerprinting.
Cookies can also be easily deleted with Avira Privacy Pal for Windows. Avira’s free tool eliminates your digital traces and allows you to set up a user profile with personalized privacy and protection settings.
Avira Browser Safety for Firefox and Avira Safe Shopping for Chrome, Opera, and Edge are browser extensions that help you block cookies and prevent tracking. In addition to protecting your privacy online, these free browser extensions also block phishing websites, keeping you safe online.