A cookie or HTTP cookie is just a small text file on the website that you visit. It is a file that is given by application from the side of the server used to run the website. The server can connect with the cookie given to you but not the ones from the other website.
It is used to identify you’re logging in on the website, but it won’t need your personal information. It will only detect you as the same browser that visited earlier. It is helpful in terms of:
Multi-browsing tab
Session management – You are remained logged in line of a single user session.
Login persistence – ‘Stay logged in’ and ‘Remember me’ that can be seen on many websites.
HTTP cookies can keep the settings and preferences of the user so it can make customization that is unique to a certain person. To cite some examples, cookies in an online shop works with the items in the added cart. It is connected to the database of the website along with a unique ID. When the user visits the website again, the preferred products will be shown.
YouTube uses cookies to filter the video preference of the user. When it’s your first time, it will only suggest a few random videos. After you start watching some videos, it has an idea of the things that you like as the cookie of the user stored them.
A website that offers pages in different languages is possible because of cookies. If you select ‘English,’ the cookie saves the information, so it will be the English page in your future visit.
There are many functions cookies have. They’re like tracking the breadcrumb trail that you have left.
What are Cookies Type
1. Session Cookies
It is the temporary type, and it would only be shown as long as the website is on the browser. It doesn’t contain security risk as it is basically with the purpose of short term storage.
It is the type used for online shopping and multiple visits done on a certain website.
2. Persistent Cookies
It is used for a longer-term as the issuer sets an expiration date for it. It will remain even though the browser was closed. The issuer is being updated every time you visit. It can also detect that you visit the other sources which are issued by the same site. An example of this is the ads.
It works with Google and Facebook. Both of them create a log activity of the user. When you opt for ‘Remember Me’ or the same option when you logged in to your account, this type of cookie will keep the personal login information on the browser.
Since persistent cookies can hang around for some time, you’ll be able to track your activities in multiple sites. However, there’s a greater risk compared with session cookies.
3. First-party Cookies
These are the cookies formed by the website you’re currently on. Sites used it for establishing filtering feature work.
4. Third-party Cookies
They are made by other domains, and it is not made by the site that you are currently visiting. The purpose of this is to know who clicks on advertisements to be brought to the referred domain.
When you click on the add, this cookie will link your traffic with the website where you were able to see the add. Even though it’s necessary for some ways, it can pose a security risk and invasion of privacy.
What are Cookies Risk and How to Avoid Them
Every web user should be conscious of what cookies can bring. It’s possible to view them and delete them when the necessity comes. It has two kinds of risks, which are fraud and invasion of privacy.
Fraud
Cookie fraud may come with complexity, but you should try to identify them. So you can be aware if ever you encounter one in the future.
They may appear in a single or two forms. For instance, a malicious website utilizes the visitors of legitimate sites as a proxy to attack. Another possibility is binding false session IDs in a game tracking system.
Here are the common kinds of fraud, and you have to know how they work.
XSS or Cross-site Scripting
It occurs when a user visits a malicious page that has a script payload to affect different sites. The malicious website tried to look like it is originally from the cited site.
When the user visits a cited site, the malicious cookie, together with the script payload, is directed to it as a host.
Session Fixation
The user received a session ID of a malicious website. When the user tries to log in on a targeted site, the malicious ID of the issuer goes through instead of the user’s. It appears to the targeted site that the issuer is the one conducting the actions. But the real thing is that it’s from the user.
XSRF or Cross-Site Request Forgery Attack
First, the user checked out a legitimate domain then went to a malicious website. The latter instructs the user to do some action that targets the legitimate one. It was accepted as a legitimate website that thinks it’s requested by the user.
Cookie Tossing Attack
The user opens a malicious website that produces a cookie that looks like a sub-domain of the targeted domain. When the user checks the targeted site, the fake subdomain will be sent along with a legitimate cookie.
How to Combat Fraud
Cookie fraud happens as there’s a falsification of the identity of the real users. It may also use identity to do malicious actions. Even how malicious they are, they are not viruses. Your anti-virus can’t do anything about it. Here’s what you can do to combat them:
1. Make sure that your browser is updated. There may be security holes on outdated ones, so malicious cookies will take advantage of it. Most browsers automatically update these days.
2. Don’t proceed to questionable sites. If there’s already a warning from your browser, you should follow so you won’t be exposed to risk.
Invasion of Privacy
Most users would be more concerned about the invasion of privacy. For example, Google has made a lot of things for cross-site activities. Users feel creepy, and something is wrong about the information delivered to targeted ads. It’s an invasion of privacy to the perspective of many.
It’s not only Google that makes these actions but other websites too like Facebook, Infolinks, Disqus, and so on. They dig for more data from the user to deliver ads as relevancy heightens, and user targeting is enhanced.
When you accept cookies, you’re being tracked. Now you know. But you can protect your privacy by:
1. Know the private setting and security of your browser. You have to see to it that the cookie policies are stringent enough without making it difficult in visiting sites.
2. You can use incognito or private browsing mode. It is the mode that doesn’t use or retain any persistent cookies. When you close the browser, the cookies are gone too. But you should know that using this mode will need you to put your username and password every time you log in.
Summary
Cookies or HTTP cookies make your browsing experience smooth, and you have easy access to things or topics that you are interested in. But there’s a downside to it. So you have learned that it can be a tracker. The good news is that you can apply prevention to protect your privacy.
