So now that I find myself at Flatiron, I can happily say that I finally understand what cookies are, how they function, and what they are capable of when used. And let me tell you, they are crazy things…
The Birth of Cookies
Cookies are pretty amazing things that singlehandedly changed the landscape of the internet as we know it. Back in 1994, a young software developer at Netscape named Lou Montulli was trying to figure out a way to make eCommerce websites viable. At the time, websites were basically blind and deaf to users in that they had no idea who you were, how many times you had been there or anything about you. It was like having a conversation with “10 second Tom” for all you Adam Sandler/Drew Berrymore/Romcom fans out there…
So how did we go from eCommerce being a pipe dream to Jeff Bezos, founder of Amazon, being the richest person in the world? You guessed it: cookies!
So What are Cookies?
HTTP cookies, or cookies as they are commonly called, are just pieces of data, set in key/value pairs, that get passed from a server to a browser with the purpose of collecting information for identification. It’s what allows you to create a user account on Instagram and then verify that it is you when you log on. Cookies that are set by the website you are visiting are referred to as “first-party” cookies and they are what make online shopping and general browsing through a website possible and enjoyable. Without these first-party cookies, you would have to sign in again every time you loaded a new page on Facebook or refill your shopping cart when looking at different items on Etsy. Think of them as wristbands you get at a music festival or at a dance club. Once you have identified yourself to the security personnel, you are given a token in the form of a wristband that allows you to leave, return and even access VIP spaces without having to prove who you are at every turn. Cookies allow a site to say, “Hey, we know who you are — you’ve been here before! No need for ID checks, just keep having fun.”
This all sounds pretty convenient, so why are people up in arms about cookies recently?
So no one really complains about first-party cookies; people love those. What people are getting really itchy about are third-party cookies and the security and privacy concerns that come along with them.
In terms of security concerns, there are a number of ways cookies can be used maliciously, including session hijacking, cross-site scripting, and cross-site request forgery to name a few. While these types of attacks are no joke, privacy is really at the center of the recent cookie wars. This is because of “third-party” cookies or tracking cookies as they are colloquially called.
Third-party cookies allow domains that you are not currently on, to drop cookies via resources that are on the actual site you are visiting. This is most commonly done by ads and sharing icons but it can also include other resources such as images and files.
Let’s say, for example, that I’m on a publication website, like Vox, looking through some articles. I don’t click on any ads I see, nor do I even share the articles using the icons for Twitter or Facebook. Regardless, both these companies now have set third-party cookies that will relay information about my internet habits. If I go to a shoe store’s website immediately after and that site uses Facebook Pixel for advertising, Facebook is now able to connect the dots of where I’ve been across multiple locations on the internet.
What happens next? As I keep traversing the internet, I will most likely keep hitting facebook cookies that are continuously added to my browser. After inspecting my cookies on Chrome for this article, I had easily over 400 cookies saved, of which a significant portion are from companies I have never heard of, much less visited their site. All of these cookies help ad companies to build profiles of me to better target me for advertising. The more information an ad company has on me, the stronger that profile becomes which is why ad companies are incentivized to share and purchase this information. This is how you end up with ads following or “stalking” you on every single corner of the web.
Obviously this alone is a big privacy issue because no one wants to feel like a version of them is being bought and sold for the explicit purpose of making money. The thing that further worries folks are that platforms like Google and Facebook pretty much have access to every piece of information about you because they contain your information in the form of user accounts to their sites, they serve ads to you via Google Ads and Facebook Pixel on sites across the internet, and they drop cookies wherever their resources are used, like sharing icons or maps. That is a lot of data and it’s pretty safe to say that they might know you better than you know yourself.
So What is Does All This Mean?
If you are terrified by the idea of all these companies tracking such vast amounts of information, the good news is that cookies are just temporary pieces of data that can be deleted from your browser. Of course, this means that you might be throwing out those saved logins to your most frequented sites or giving up access to pages altogether.
All in all, I would say that cookies have illuminated a brand new portion of the world for me, and I’ve only hit the tip of the iceberg. I certainly have a bigger appreciation for my past experience working with these data regulations, a more keen and astute eye for what I’m being shown on the internet and the information I willingly give, and a greater understanding of larger privacy and human rights issues they present.
Below are some wonderful resources that go into greater detail on all things cookie and data regulations:
How cookies track you around the web & how to stop them | Privacy.net
If you use a web browser like Chrome, Firefox, Internet Explorer, Edge, or Safari, then you've probably picked up a few…
Facebook and Google's pervasive surveillance of billions of people is a systemic threat to human…
Facebook and Google's omnipresent surveillance of billions of people poses a systemic threat to human rights, Amnesty…
Browser Cookies: What Are They & Why Should You Care? - WhoIsHostingThis.com
Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on…
GDPR launches today. Here's what you need to know
May 25th marks the first day of enforcement for Europe's General Data Protection Regulation, otherwise known as GDPR, a…