Understanding Cookies, Part 1: A Guide for Consumers
Everywhere we browse, every time we buy online, cookies are there, waiting for us. And while that situation sounds delicious (and somewhat sinister) in theory, most of us know that browser cookies just a fact of everyday life in the digital age. That’s why it’s important to understand cookies and to understand how we can use them – without letting them use us.
Cookies are the tiny text files that take ordinary online experiences and make them personalized, relevant, and even rewarding. Using online tracking and cookies, online businesses are able to gain better insight into the interests of their customers and prospects so they can deliver targeted advertisements and tailored marketing messages to them. According to a poll conducted by research firm Zogby Analytics, 70% of respondents said that they’d like at least some ads tailored directly to their interests, compared to 16% who preferred to see only generic ads for products and services.
However, for some people, targeted ads can make them feel like they’re being followed or watched. This anxiety can lead them to delete cookies, or even block them altogether. As online consumers, our privacy is becoming a commodity. Of course, how you feel about that situation depends on your age. According to a survey from the Annenberg Center, Millennials (ages 18-34) were more willing than those in older age groups to allow access to their personal data or web behavior – as long as they received tangible benefits in return.
It’s up to us to understand ad targeting and behavioral analytics so that we can make informed decisions about what levels of privacy are important to us, what we’re willing to share, and how much the benefits of allowing access to our data may outweigh any potential drawbacks. And that starts with understanding how cookies and web tracking solutions work.
What a Cookie Is
First, let’s define what a cookie is.From a consumer point of view, a cookie is a small amount of data stored as a text file in your browser’s storage cache. Web servers pass cookies to your web browser when you visit certain sites on the Internet. These cookies usually contain an ID number and the URL that set the cookie. The website you visited stores a corresponding file (with same ID) so they can track and keep information about your site behavior, as well as any information you voluntarily provide while visiting the site, like your email address.
Temporary cookies, also called “session cookies,” are automatically removed from your computer once you close your web browser. Websites use them to store fleeting information like items you recently browsed. Persistent cookies stay on your computer after you close your browser. They’re used so you don’t have to re-enter information every time you visit a site, such as your user name and password. Persistent cookies can stay on your computer for days, months, or years. Suppose you are shopping online and abandon your shopping cart. If you visit that site again, and it reminds you that you have items in the cart, then the site is using persistent cookies.
Authentication cookies are used by web servers to check whether the user is logged in or not, and which account they are logged in with. Without them, websites wouldn’t be able to tell whether or not to send a page containing sensitive information. They would always require the user to authenticate themselves by logging in. How secure are authentication cookies? That depends on the security of the website that issued them as well as the web browser you’re using, and also whether the cookie data is encrypted.
Many sites also use third-party cookies. That means your data may be collected by a company that you don’t have a direct relationship with. For example, when you visit BigRetailer.com, your browser sets several cookies associated with this domain name. While you’re there, these are first-party cookies. If you visit another site, like SmallerRetailer.com, it might request files from BigRetailer.com, including cookies. And that means they are now third-party cookies.
Third-party companies sometimes accumulate information from a variety of sources, both online and offline, and build profiles based on the online activity of the people they track. This is made possible because they have relationships with different organizations (that set the cookie on their own sites) that collect data about their visitors and then share it with the third party. The information collected could be personally identifiable information (PII), which is data that could be used to recognize you as an individual. It also could (and commonly is) aggregated into trend data (with all PII stripped out or not gathered to begin with) that businesses hope will show them what’s happening in the marketplace.
What a Cookie Isn’t
Now let’s define what a cookie is not. A cookie is not a virus or a piece of software. It is a text file that is set on your computer until you delete it. Getting rid of cookies or blocking them from being placed is not the same as clearing your browsing history or deleting your web cache. If you are concerned about having an ID on your computer that links to information about sites you’ve visited, or you’re worried about hackers using cookies to steal your identity, you should manage, delete, or even block cookies.
Most modern browsers make it easy to take the level of control you need – just search for information on managing cookies with your specific browser and operating system. Remember that if you block cookies from being set, you’ll always have to re-enter your data every time you visit a site. So if you trust a brand, you may want to leave some cookies in place.
Cookies are also different from clear gifs (also called web beacons). These are used to help websites manage content by gaining insight into what content is effective. Clear gifs are tiny graphics with a unique identifier. They’re used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages.
Should You Toss Your Cookies?
This is a question that only you can answer for yourself. You need to decide if the benefits of customized web experiences outweigh the sensitivity of the information that’s being collected. It’s a lot like using a rewards card at your supermarket. You let them keep track of what you buy, and they give you coupons and discounts relevant to your purchase history. Some people worry about the social implications about the data being tracked. Others see the Internet as marketing-driven. An online world without ads would be a very different place, and cookies are the fuel behind targeted ads.
However, if you’re concerned about cookies, you should check your browser’s privacy settings (under preferences). Most browsers have settings that will let you either delete or block cookies from your computer automatically. And remember, every device you use has its own set of cookies, so you’ll want to check the settings on your mobile devices as well as your computers.
Here’s where to find information on managing and deleting cookies for popular browsers and devices:
You can also use an application like Ghostery. It shows you the tracking that’s going on as you browse the web and allows you to block it if you want to.
Keep in mind that certain sites won’t function properly if cookies are removed or deleted. So consider keeping those cookies – and try taking a more active role in managing them. After all, the risks are small and the rewards can be significant.