What Are Cookies?
Cookies are pieces of data, normally stored in text files, that websites place on visitors' computers to store a range of information, usually specific to that visitor - or rather the device they are using to view the site - like the browser or mobile phone.
They were created to overcome a limitation in web technology. Web pages are 'stateless' - which means that they have no memory, and cannot easily pass information between each other. So cookies provide a kind of memory for web pages.
Cookies allow you to login on one page, then move around to other pages and stay logged in. They allow you to set preferences for the display of a page, and for these to be remembered the next time you return to it.
Cookies can also be used to watch the pages you visit between sites, which allows advertisers to build up a picture of your interests. Then when you land on a site that shows one of their adverts - they can tailor it to those interests. This is known as 'behavioural advertising'.
Cookies are incredibly useful – they allow modern websites to work the way people have come to expect – with every increasing levels of personalisation and rich interactive functionality.
However, they can also be used to manipulate your web experience in ways you might not expect, or like. It could be to your benefit, or the benefit of someone else – even a business or organisation that you have never had any direct contact with, or perhaps heard of.
The Benefits of Cookies
Cookies are used in many different ways, and many of them make the web experience much better. However, most of this can be summed up on one word – personalisation.
The online store Amazon is a great example of this. The more you use the site, the more Amazon understands what kind of products you search for and buy. This allows it to make recommendations of products you might like – which could help prevent extensive searching in such a big store.
If you have bought from Amazon and don’t actively sign out from your account, it will remember you when you return – greeting you by name even. It also remembers any items you have put in your shopping basket but not purchased – making it quicker to go through the checkout.
Of course they are doing it for their own benefit as well – all of this increases their sales, but it does benefit users.
In fact online shopping would not be possible without cookies. If we didn’t have cookies, you could not effectively login to a website. Instead you would have to tell it who you are every time you went to a new page, which would be extremely tedious.
Cookies can personalise a website in all sorts of other ways as well – without having to be about shopping. For example, they can be used to remember a user prefers a larger font size than normal. A news website might remember that you like certain types of stories and promote them to the home page.
There are also more subtle uses of cookies that bring benefits that are less tangible.
Some services even claim they can work out which part of a page users spend most time looking at, even without clicking anything. This is because they can track where in the page the mouse pointer is, and many users tend to place the pointer near where they are looking at.
Aggregating all that data into useful information is known as ‘web analytics’, and it gives website owners real understanding about how people user their site, which are the most and least popular pages, and how this changes over time. Doing this enables them to improve the site – doing more of what visitors like and less of what they don’t. Ultimately this benefits visitors through better content and services targeted at their needs.
Cookies and Online Privacy
Although cookies are in many ways essential to the modern internet, ever since they were created there has been a debate going on about their impact on the privacy of web users.
They are basically a way for a website, and the people who own that site, to store and retrieve data about the user or their interaction with the site. They do this basically to either alter what that person sees, or record their activity (e.g. the pages they visit, how long they spent on a site).
Cookies are central to the modern web experience. So although they are not inherently ‘bad’ there are uses of them where privacy concerns arise.
Storing Personally Identifiable Information
Cookies can be used to store personal data – anything from a name or email address, to a unique user identifier which may just be a random string of letters and numbers. This may be information that you as a user would provide to the site through registration, login pages or order forms. Or it could be information that is uniquely assigned to you by the website. This may be fine as long as that information is both secure and held only temporarily – but often it is not, which means there is a risk it can be intercepted by malicious software – especially when using shared computers.
Tracking User Behaviour
However, the most common privacy concern that people have is the use of third party cookies to track them across different websites, most often used for advertising. This is usually done through the placement of invisible (to the user) tags in the page that set cookies.
When you visit another site with the same tag, it reports to the advertiser the site you were last on when the cookie was set. By aggregating the information across lots of sites this enables the advertiser to build up a profile of your interests through your browsing history. They then use this information to display more targeted adverts to you, based on your perceived interests.
In most cases they are actually targeting your browser rather than you – because they don’t know who you are. But as most people login and use the same browser regularly, it can be highly personalised.
And if you let someone else use your computer without creating a separate profile – they will see ads meant for you – which could reveal something about your browsing history you would not be happy to share!
Of course, all this advertising pays for a lot of the free content we get on the web, and a lot of people understand and accept this. But many do not, especially as they feel this has been done without their consent.
The other issue is the companies collecting this data are usually not the companies whose websites you are visiting. And they are not only collecting it, but selling to other companies as well. So all of this data is being gathered and aggregated, without most people even being aware of it – and this is what people find objectionable.
Additionally, a lot of this tracking profiling is getting more sophisticated, and is sometimes linked to ‘real world’ identities – like names and addresses. Which increases both the level of intrusion, and the privacy risk if the information is stolen or lost.
Law makers are increasingly looking at bringing in regulations to place some control on this activity. The EU cookie directive is one recent example. This requires websites to declare what cookies they are using and get consent from users to do so.
Although its implementation is currently patchy, it is beginning to raise consumer awareness, which in turn can create market pressure for even greater transparency and choice.
The EU is also looking to introduce a new harmonised Data Protection Regulation, which may require much of the use of third party cookies to be subjected to explicit user consent.
Do Not Track
One of the latest global initiatives is the attempt to create a ‘Do Not Track’ (DNT) standard for the internet. This would be a way for people to use their browser to signal to websites that they don’t want to have their behaviour recorded, and a requirement for websites to then respond to that request.