By Meghna Murali
Oftentimes, when surfing websites, we come across those pesky pop-ups asking us to enable cookies. But, what are ‘cookies’? Most of us generally avoid websites with a lot of cookies. Some of us think they must be evil somehow. Are all cookies bad and do they form a secret pathway to spy on our information?
A cookie, according to Internet terminology
Web cookies are mainly used to describe a notification that is given to a web browser by a web server. Cookies are small snippets of information that are predominantly used to identify users. This enables the process of creating customised web pages. For example, it can be used to save a particular user’s login information.
When a user loads a webpage with cookies for the first time, he or she is asked to fill in some questions. These answers are then parcelled together and sent to the server in the form of a cookie. On visiting the same site in the future, the cookie is downloaded. The computer then verifies whether the cookie is relevant or not.
Different types of cookies
In general, cookies can be divided into the following categories:
1) First party cookies
2) Third party cookies
A first-party cookie is generally used for enhancing the user’s experience with a website they are visiting. By default, a first party cookie appears on every web browser. By disabling first-party cookies, the browser will not be able to track the user’s activity. A third party cookie, on the other hand, is one which is used by any other website in a random manner. The following example provides a clear difference between first and third party cookies.
If a user visits ‘xyz.com’ and the domain of the cookie placed on the user’s computer is ‘xyz.com’, then the cookie is known as a first-party cookie. However, if the user visits ‘xyz.com’ and the domain of the cookie placed on the user’s computer is ‘pqr.com’, then the cookie is referred to as a third-party cookie. In order to increase the security, users generally block those pop-up icons which allow third-party cookies.
First and third-party cookies can also be either ‘session’ or ‘permanent cookies’. Session cookies are transient in nature. They have a fixed time period and expire once the user closes the web browser. They are most commonly used in e-commerce websites. Permanent cookies persist for a longer period. They do have an expiration date. According to the law, no cookies are allowed to remain beyond six months.
Zombie cookies- they are just weird!
One more type of cookie, Zombie cookies, return to life after being deleted by the user! A technology called Quantcast recreates these cookies after they are deleted after which they can be used to track users’ activity on the internet. Also known as flash cookies, they can remain on a computer indefinitely.
Technically, zombie cookies are supposed to be used for setting volume levels and for tracking users with a unique ID. If the user, after visiting a Quantcast technology website, deletes the cookie, the user’s unique ID is stored in the Adobe Flash Player storage bin. Quantcast retrieves this unique ID from Adobe and recreates the zombie cookie. This, in turn, allows Quantcast to monitor online marketing activities and to measure website traffic.
In the year 2010, Quantcast was sued over the issue of zombie cookies. About 98% of all PC systems use Adobe today. Thus, all these computers use zombie cookies. The cookies not only keep a track of your personal information but are also extremely difficult to erase using normal deletion techniques.
Do cookies compromise security?
Featured Image Source: Flickr