With the introduction of new legislation (as explained in a moment) within which cookies play a major role, it seems wise to ensure users (especially those without any computer programming experience or knowledge) have some comprehension of what cookies are. Hence this article.
Any one who uses the World Wide Web (www), the internet, will know about the new GDPR (General Data Protection Regulation) that came into force as part of the Data Protection Act 2018 (DPA2018) on 25 May 2018.
A fundamental aspect of the GDPR relates to the privacy and protection of individuals principally by giving them control over their personal data (information). The regulation directs those who aim to collect and process such information must clearly disclose: any data collection; state the legal basis for collecting data; declare the purpose for processing data; state how long information will be retained; and whether it will be shared with third parties. Prior to collecting any such data the ‘informed’ consent of the person, or organisation, the data relates to must be obtained. There are a variety of ways for such consents to be given which is why, since (in some cases before) 25 May 2018 new privacy statements have been displayed with frequently (though not always) the requirement for users to take some positive action (e.g. clicking on an acceptance button) to indicate their consent to information being collected and held.
Cookies (not the sweet type!) are the principle means by which user data is obtained and collected.
Note: Within this article, to keep matters simple and straight forward, the terms ‘computer cookie’ or just ‘cookie’ are generally used. However, readers may come across other terms: web cookie; internet cookie; browser cookie; session cookie; etc. Though some of these may have additional intentions the way they operate is princely the same. In some instances these may just be alternative names for the same thing.
To assist readers comprehension of the information to be shared in this article it will first help to define some of the terms.
Cookie: Small pieces of data (information) held in a computer compatible file.
Browser: A software application used to obtain information from a network, principally the www. Each piece of information (web page; image; video; etc.) has a distinct url which enable browsers to receive and display such information on a user’s device (computer; smartphone; tablet; etc.). Browsers are not the same as search engines which store ‘searchable’ bits of data about other websites. Some of the most popular browsers in use are: Chrome; Firefox; Safari; Internet Explorer; Bing. There are others readers may be aware of or use but this is not intended to be a comprehensive study of the subject.
Server: Computer programme (software) or device (hardware) that provides functionality for other programmes or devices. These are used to manage a network’s resources and to control access. When a ‘client’ (usually a web browser), requests information it is a server that actions the request and delivers the page; image; video; e-mail; etc.
URL: (Uniform Resource Locator) Often referred to as a web address. These are distinct individual identifiers which specify where on a computer network the information may be located. They also provide the means for such information to be retrieved. Further explanation may be found here.
How cookies work
When a user visits or requests information from the internet or a specified website, the relevant server or site creates a cookie that contains basic details of what the user is looking at. These are then stored (as small text files) within the web browser being used or sometimes within the user’s device. Thereafter, whenever the user visits the same site the browser sends the cookie back to the server or site to notify it of the user’s previous activity. The intention, generally, is to provide a better experience for the user. This includes such things as: remembering what a user has added to an online shopping cart; recording login information; noting a user’s preferences when visiting the specific site; etc.
Different types of cookie
Though various names may be given to cookies which are principally the same there are some that have specific alternative purposes. However, as this article is simply intended to provide an overview and basic comprehension of cookies not all possibilities or alternatives are to be considered. Nevertheless, there are a couple which bear mentioning in their own right.
These are used by servers to determine: whether a user is logged-in or not; which account they are logged-in with; if it is safe to send a page containing sensitive data (information); whether, prior to sending any information the user needs to authenticate themselves by logging-in. Without such checks the information could become vulnerable, allowing the possibility for a hacker to gain access to the information.
These are commonly used to compile a longterm record of an individual’s browsing history. It is these that are generally used in the process outlined above under ‘How Cookies Work’. A potential downside: some companies utilise these to exploit users by collecting information about their buying habits, amounting, in effect, to a breach of privacy.
It was concern about privacy that led to European Union Directives, as amended, and law requiring websites gain ‘informed consent’ from users prior to storing non-essential cookies within their devises. Further subsequent abuse has led to the implementation of the GDPR on 25 May 2018.
For readers who are interested in the other types of cookies: A search against ‘Computer Cookies’; ‘Cookies’; or a similar term, will return lists of where information may be located.
Security normally depends upon the security of the issuing site. Vulnerabilities within it may allow cookies, and the data contained within, to be accessed by unauthorised parties (to be hacked).
As a rule, cookies cannot collect personal information unless the user has specifically provided it or has given permission for it to be collected. In addition, historically, cookies did not form part of computer virus methodology however, times have changed and, though still not overtly employed, cyber criminals can and occasionally do utilise them for their illicit purposes. Consequently it will help users to have some idea of how to negate the possibility.
Thankfully it is possible for users to delete cookies from their systems. This is normally achievable from two different places: System Record and History Clearing.
System Record: Most computer systems, usually through a ‘Tools’ facility or similar, enable users to view what has been saved onto their computer (software and hardware). These records normally have a delete option built in.
History Clearing: Regular computer activity should include the frequent clearing of browsing history. This is probably the easiest, most used and more readily understood option. Prior to clearing the history, users are given the option to choose what should be cleared. Cookies are always one of the options and, in the writer’s opinion, should always be selected. Nothing is really lost because, if there are sites the user frequently visits and constantly wants access to, they simply have to re-enter the web address thereby causing a new cookie to be created and stored.
Note: There are exceptions. For example, to be able to provide relevant and valid updates social media sites such as Facebook need to retain some of the user’s details, which are collected by means of cookies. Consequently, users are not given the option of deleting these. If a problem does arise the user may contact the relevant social media site or, if it becomes dangerous or out-of-hand, they may delete their account and set up a new one.
Readers, if interested, may find further information regarding computer viruses here.
Cookies are normally safe and useful. They provide for smoother, and relevant, internet activity.
Naturally, as with any activity, users should maintain an awareness and take action if something appears to be wrong. Regrettably cyber crime is on the increase and there is no guarantee the criminal will not target or try to utilise some cookies for their nefarious activities.
Users should maintain a regular schedule for clearing their browsing history including cookies.
Generally, users need not be afraid of cookies.
Disclaimer: The writer is not a computer programmer or in any other way a computer software expert. What is shared has been learnt through limited personal experience and/or through research. Consequently, though every effort has been made, total accuracy of all the above information cannot be guaranteed.