Internet users privacy concns may mean cookiestart torumble

Internet users privacy concerns may mean cookies start to crumble

Firefox is about to follow Safaris lead by disabling third-party cookies, but the web simply would not work without them

Fri 24 May 201309.48 EDTFirst published on Fri 24 May 201309.48 EDT

The internet needs cookies to function, which is why Firefoxs move to disable third-party versions is a concern. Photograph: LJSphotography/Alamy

When the Cookie Directive, officially known as the EU e-Privacy Directive, was first drafted two years ago, tablets hadnt been adopted in their millions, and smartphones had nothing like their present-day ubiquity.

Their rise in popularity raises a number of difficult issues for publishers and other website owners when it comes to the directive, which has now been in place for 12 months, not least because of the way mobile devices deal with cookies, those small bits of code left by web browsers on your computer or mobile devices that personalise your online experience.

To complicate matters, not all cookies are the same. There are session-based cookies, or temporary cookie files which are erased when you close your browser, and persistent cookies, that stay in one of your browsers subfolders until you delete them manually or until your browser deletes them based on the duration period contained within the persistent cookies file.

These persistent cookies can stay in your browser for anything from 18 months to 18 years. Of all the cookies written onto users browsers, roughly half are first party and belong to the site you are visiting, and half are third party, and belong to partners, services or advertisers working with the site.

Nearly a third of all page views in the UK now occur on a smartphone or tablet, according to ComScore, with one in five UK users using their smartphone to buy online during the three months ending January 2013. But users are more aware than ever of the potential threat to their privacy.

According to a survey by online privacy management services provider TRUSTe at the start of this year, 66% of smartphone users are now more concerned about their privacy on the devices than a year ago, while 79% say they avoid using apps they dont believe protect their privacy online.

The mobile landscape is still developing and the way that mobiles and tablets deal with cookies is inconsistent. Its a complicated and changing environment which merits some attention from the information commissioner.

With first-party cookies, there are not really significant issues, as they improve the user online experience, enabling you to stay logged on, remember passwords, items in your shopping basket and so on. The difficulty arises with third-party cookies, which are used to track activity and recognise frequent and returning visitors, to optimise advertising, or improve the user experience by tailoring content or offers, based on that cookies history.

Apples Safari, for instance, blocks third-party cookies such as those from advertisers, so its impossible to track a highly significant portion of the mobile audience, the iPhone users, when theyre online. Mozilla is joining Apple in the latest version of itsFirefoxbrowser and intends to disable third-party cookies.

Why is any of this important? In short, the current web environment requires user movements to be tracked, and cookies are needed to achieve this. And its right that the placing of cookies on computers and mobile devices should be monitored and users protected from unscrupulous elements. But the internet simply would not work without cookies they are a fundamental currency of the internet, enabling web analytics as well as tailoring the online experience, compiling a browsing history and the rest.

In particular, third-party cookies are critical for the automated trading that has come to dominate digital media since the Cookie Directive was introduced. Its no exaggeration to say that there has been a sea change in the volume and usage of third-party cookies over the last year because of the rise of automated trading methods like real-time bidding. The marketplace for exchange-traded media has doubled in the past quarter and has grown 184% over the past year, according to a recent report from Accordant Media.

The internet runs on an advertising model, and payback for it being free to users is that their movements and behaviour online can be tracked by advertisers. In fact, 23% of UK users are OK with companies tracking me in exchange for free services or content according to TRUSTes research, accepting that such an exchange keeps the services free or low priced.

The move from Firefox is of concern for AOP members because it raises the possibility that other browser makers could follow suit, which may mean that even publishers first-party cookies would be seen as third-party cookies by a browser and disabled, denying the user the benefits and convenience they provide.

A year ago, the UKs information commissioner ruled that websites only have to obtain implied rather than explicit consent from users before cookies or any other form of data can be stored on their browser, and most website owners have interpreted this to mean that it is sufficient just to alert users that their sites use cookies.

Twelve months on, this stance has yet to be proven, and in the meanwhile, the mrket has developed to become much more complex. The UK has the slackest regulation of all EU members; other member states are much more stringent in their approach. In the UK, no one knows how far they can go and there is a real risk that the desktop internet could become over-legislated while mobile internet becomes under-legislated.

Its an issue for all websites, whether they are well-resourced businesses like the premium publishers represented by the AOP, or smaller businesses which may fall foul of the regulations more easily. For the benefit of both users and web site providers we need more guidance on best practice and more clarity from the information commissioner.

John Barnes is chairman of the AOP and managing director digital & tech, Incisive Media

Internet Privacy

Internet privacy advocates object to cookies for a wide variety of reasons. First among them, succinctly put by Viktor Mayer-Schonberger is that the cookie is stored in the users computer without her consent or knowledge (). Before the upgrades of popular browsers like Netscape and Microsoft Internet Explorer, cookies were placed anonymously and without alerting the user. Next, information from the cookie was transmitted to the website, again without the users knowledge. (ibid) With browser upgrades users may be alerted to when they are being offered a cookie, but the formatting of the information may tell the user little about what is actually being stored. For example, on August 10, 1997 The AdLink Exchange offered the following cookie information to the author of this paper:The server wishes to set a cookie that will be sent back to any server in the domain .linkexchange.com. The name and value of the cookie are: SAFE_COOKIE=33eec. This cookie will persist until Tue, Nov. 09 15:59:59: 1999.A second cookie was offered immediately afterward, with a value of XLINK=X194454, without an expiration date. There is little way to decipher what information was to be stored in these cookies, although presumably it would have recorded the site where the cookie was offered, what advertisement was currently on display, and whether or not the ad had been accessed.

In addition to the cryptic nature of cookie alerts to the user, it is not always clear where the cookie is coming from. In the case of banner advertisers, they are placing cookies on any number of websites, and the user may not always be alerted that the cookie is coming from an advertiser rather than the website itself. In the example above the Adlink Exchange server was clear, but on more crowded sites where multiple cookies are offered, the identity of the cookie may become blurred.

Software IssuesThe safety of personal information stored on the users hard drive has also been of concern in the cookie debate. Concerns have been raised about the possibility of cookies being written that would allow access to other information that the user has stored. Cookie programming has many times been found to contain gaping security holes. At one point in its development it allowed access to your e-mail address as you had it specified in your Netscape/MSIE preferences file (Robulack). One of the most recent upgrades of the popular Internet browser, Netscape Communicator, was plagued with a bug that would allow a website access to the information that was passed between that site and the cookie file, including credit card numbers and passwords that had been entered into files. While this bug has been fixed and did not allow access to the users hard drive, it was still a serious breach of cookie security (Radosevich). Further concerns have been raised about the possibility of websites gaining access to cookies placed by other sites, but it is being debated whether or not this is practicable (Shutko). Another issue regarding cookies is that they may contain malignant viruses which would be transferred onto the users hard drive. While it is possible that a malicious program might be transmitted and allowed to execute by a bug in Microsofts Internet Explorer 3.0, it is not a strong concern. Cookies are routinely stored only as text files, and so are not executable (Cookies and Viruses). A more serious worry could be the possibility that a cookie might be developed that could snoop through a users hard drive, looking for something that resembles a Social Security number or a bank balance (Moukheiber, 343).

Internet PrivacyThe most pressing issue concerning cookies, more than possible hardware invasions and general unease with the placing of files on user hard drives by third parties is the concern of user privacy and the potential for abuse. Advertisers and webmasters are currently using cookies to develop detailed profiles of users and their browsing habits. Each click on a particular type of advertisement or page in a website is added to the profile maintained by the maintainer. For the time being this information is primarily used for website design and the placement of banner advertisements, but the possibility also exists for these profiles to be sold and resold to other commercial interests (Roubulack). This could lead to deeper incursions into personal privacy, because if any one of the cookie-maintainers links a user identity to their cookie ID, then that information could also be resold. …once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites (How web servers cookies threaten your privacy).

While this might at first seem to be only a nuisance, which would probably lead only to a serious increase in targeted junk paper mail or e-mail, there are more serious concerns for potential abuse. In addition to extensive information on personal interests, those individuals who do online research on controversial areas such as abortion, birth control, capital punishment, or gun control might find themselves subjected to harassment from special-interest groups (Dyrli, 20). This possibility has sinister overtones, given the wide variety of information available on the Internet, and the disparate individuals who maintain websites. The possibility of such abuse of information is not impossible, especially for researchers who frequently utilize search engines which use cookies. BothInfoseekandLycos Inc.have the stated aim of creating a tracking system which would create highly detailed profiles of user search patterns. By matching the cookie identification with a user profile, the users past search history can be accessed by the web server (Vonder Haar). If these search profiles were to be resold or otherwise accessed, the users patterns of research would be immediately apparent. If any form of identification were linked to these profiles it might prove a serious invasion of user privacy, not unlike the records of public library patrons.

A closely related possibility is that user information could be resold to non-advertising entities, and possibly used in ways that advertisers had not intended. An extreme, but not impossible scenario was put forth byDavid Christle:…if you visited a number of sites that advertise alcohol…and you end up on a list that your insurance company purchases. The list compiled from a variety of Internet sites shows your name as someone who frequents sites that promote alcohol, or at least as someone who is a prime prospect for alcohol sales. They raise your premiums on a profile that has been built about you based upon the sites you visit on the Internet.

Someone assumes this is an accurate profile…and acts upon this erroneous assumption…This scenario may never happen but the door has been opened…Just ask anyone who has been victimized by an inaccurate credit report.It is an extreme example, but does point up a disturbing prospect for abuse.

Another possibility for cookies to pose an active threat to users would be in the case of law enforcement. There have been past instances where the distribution of online pornography has been tracked and arrests made on the basis of Internet activity. In the summer of 1995, as part of Operation Longarm, the FBI cracked down on what was called a Child Pornography Ring by posing as pedophiles on America Online. The FBI arrested 12 people on child porn charges (White). At this time cookies were not yet a part of the Internet world, but there is a possibility that if user profiles compiled via cookies had been available to law enforcement, they might have been admissible as evidence. Computer files, like other documents, may be sized as evidence with proper warrants, and since the cookie file exists on the users hard drive, they would be retrievable as are other files. Cyberspace law (see theElectronic CommunicationsPrivacy Act) is still being written, and it is a possibility that following a wrong link could land a user in legal trouble.

It should be noted that the Internet was considerably less than private before the widespread use of cookies. Webmasters can easily obtain information about users IP addresses, browser type, last pages visited and more depending on the users software and the program being executed (Robulack). Cookies are the preferred method of accruing data because the information persists from session to session, and allows the Web server to recognize a user as having visited from the same computer as before (Dern, 48). This is what allows the compilation of complex user profiles and large amounts of interest-data.

Internet Cookies

Office of Equal Employment Opportunity and Workplace Inclusion

Office of Administrative Law Judges

What You Need to Know About the Office of the Inspector General

Commemorating the 40th Anniversary of the IG Act

Council of the Inspector General on Integrity and Efficiency (CIGIE)

Reporting Fraud, Waste, Abuse or Mismanagement

Notice Concerning Nondisclosure Policies, Forms, or Agreements

Freedom of Information Act Contacts

Companies and People Banned From Debt Relief

Statute, Rules and Formal Interpretations

Post-Consummation Filings (HSR Violations)

Retrospective Review of FTC Rules and Guides

Other Applications, Petitions, and Requests

US Submissions to OECD and Other International Competition Fora

Magnuson-Moss Warranty Public Audit Filings

International Technical Assistance Program

International Cooperation Agreements

Competition & Consumer Protection Authorities Worldwide

Submit a Consumer Complaint to the FTC

List a Number on the National Do Not Call Registry

Get a Free Copy of My Credit Report

File Documents in Adjudicative Proceedings

A cookie is information saved by your web browser. When you visit a website, the site may place a cookie on your web browser so it can recognize your device in the future. If you return to that site later on, it can read that cookie to remember you from your last visit and keep track of you over time.

collect information about the pages you view and your activities on the site

enable the site to recognize you, for example by:

keeping track of your preferences if you visit the website again

The cookie transmits this information back to the websites computer (or server). You can set your web browser to warn you about attempts to place cookies on your computer or to limit the type of cookies you allow. For more information, please see theFTCs guidance on cookies and other forms of online tracking.

help with navigation on the website

only record information temporarily and are erased when the user quits the session or closes the browser

are enabled by default in order to provide the smoothest navigation experience possible

are known as Tier 1 technologies under applicablegovernment guidance

remain on your computer and record information every time you visit some websites

are stored on the hard drive of your computer until you manually delete them from a browser folder, or until they expire, which can be months or years after they were placed on your computer

are used by the FTC solely to provide analysis of site use and to maintain access quality for users; capture only a unique, randomly assigned identifier for each user and do not send or receive information on non-FTC websites

are known as Tier 2 technologies under applicablegovernment guidance

Alternative (if you disable cookies)

to keep track of items in the shopping cart until checkout

The same publications are available at and individuals may print and use materials directly from the website.

to enable consumers to submit the complaint form

You can also register your complaint against a Telemarketer who has violated the Do Not Call rule by calling 1-.

to provide streamlined navigation and site language selection

You can also register your number with the Do Not Call list by calling 1- from the number you wish to register.

You can also register your complaint by calling 1-877-FTC-HELP (1-).

to enable a customer satisfaction survey and store basic information about user interaction with the site

to enable parties to a Part 3 matter to log-in and electronically file documents

You can also file documents in paper form in accordance with the FTCRules of Practice.

to enable telemarketers, sellers and other entities accessing the site to move from one secure Web page to another without having to log in to each page

For more privacy information regarding the Telemarketers Do Not Call site,click here.

to enable redress class members to check on the status of their claim

You can also check the status of a claim by calling the appropriate number listedhere.

to provide streamlined navigation and site language selection

For more privacy information regarding the Consumer Sentinel site,click here.

to enable consumers to submit the complaint form

You can also register your complaint by calling 1-877-ID-THEFT (438-4338).

Alternative (if you disable cookies)

military.consumer.govPrevents users from receiving a survey invitation if they have completed the survey in the last 30 days

You can also provide feedback regarding share questions or concerns by em.  Please write ForeSee in the subject line of the email.

Provides measures of website traffic and assesses how visitors use the site, distinguishing unique users

Google, Inc. (via General Services Administrations Digital Analytics Program)

Prevents users from receiving a survey invitation if they have completed the survey in the last 30 days

You can also provide feedback regarding share questions or concerns by calling 1-877-FTC-HELP (1-)

Google, Inc. (via General Services Administrations Digital Analytics Program)

Prevents users from receiving a survey invitation if they have completed the survey in the last 30 days

You can also provide feedback regarding share questions or concerns by calling 1-877-FTC-HELP (1-)

Google, Inc. (via General Services Administrations Digital Analytics Program)

Prevents users from receiving a survey invitation if they have completed the survey in the last 30 days

You can also provide feedback regarding share questions or concerns by calling 1-877-FTC-HELP (1-)

Google, Inc. (via General Services Administrations Digital Analytics Program)

You can also provide feedback regardingidentitytheft.govor share questions or concerns by calling 1-877-FTC-HELP (1-)

Provides measures of website traffic and assesses how visitors use the site, distinguishing unique users

Google, Inc. (via General Services Administrations Digital Analytics Program)

Generates a random number to identify unique visitors that view live FTC webcasts; does not collect PII

You can watch all live FTC webcasts with your cookies disabled.

Submit a Consumer Complaint to the FTC

List a Number on the National Do Not Call Registry

Get a Free Copy of My Credit Report

File Documents in Adjudicative Proceedings

Computer Security Systems

Computer security is an increasingly important consideration. From authentication to encryption keys, learn how to keep your computers hard drive protected and your personal information safe.

Security Selfies May Make Passwords Obsolete

How will biometrics affect our privacy?

Guarding Your Network Against Russian Hackers

Blockchain Technology Ready to Disrupt the World

Guarding Your Network Against Russian Hackers

The U.S. and U.K. issued a joint alert warning that Russian hackers have been targeting devices that help us connect to the internet. Is your digital information at risk?

Blockchain Technology Ready to Disrupt the World

Its the technology behind the meteorically rising bitcoin, and it could be really, really big.

Can You Really Delete Your Internet History?

The guys at Stuff They Dont Want You To Know talk about whether you can really delete your internet history and why you want to.

Companies Are Figuring Out How to Turn the Tables on Hackers

Active defense techniques are changing how companies fight back against cybercrooks.

2016 Broke the Record for Stolen Data

2016 was memorable for a whole lot of reasons, and one of them was the massive amount of data stolen.

Its sweet to have a personal assistant like Amazons Alexa do your bidding. Except when it does something you didnt anticipate, like order an adorable dollhouse.

A Spotify Bug Could Be Killing Your Hard Drive

A Storm Is Brewing: The Trouble of Malware in the Cloud

Malicious software is threatening the safety of some major cloud hosting services. Heres what a team of researchers is doing to help kick the bad guys out.

Passwords Sent Securely Through Your Body, Not the Air

To thwart hackers from intercepting wireless signals, engineers send a signal through the body, from a smartphone fingerprint scanner to a smart lock.

We Just Got Closer to Creating Unbreakable Quantum Enigma Machines

Researchers have developed experimental versions of a device that could send encrypted messages impossible to intercept or decipher.

Saurons Spies Are Everywhere Even on Computers

Cybersecurity experts recently discovered an insidiously clever piece of malware that went unnoticed for half a decade. The name? ProjectSauron.

Hackers Turn Computer Fans Into Snitches

You know how you cant really disconnect your PCs fan unless you want a hot mess on your hands? Turns out that fan could serve a more nefarious purpose, too.

Inside the Troll: The Science of Being an Awful Person

Trolls are everywhere these days, driving people off Twitter and wreaking havoc online. They also have specific personality traits that the general population doesnt.

Security Selfies May Make Passwords Obsolete

Remembering another password? How about replacing those codes with a simple selfie snap? Amazon and other companies are banking on pay-by-selfie as the future.

How the FBI Cracked the iPhone Case With a Little Help From Outside

And the FBI already has said itll help other law enforcement agencies with locked phones.

The Land of Mordor? How Hackers and Spies Use Google Translate

Google attributed some unflattering changes in a Ukrainian newspapers Russian translation to machine error. But some security experts say thats impossible.

The Closest Thing to a Real Hoverboard: Electric Skateboards Get Legal, Hacked

As these devices are finally made legal in California, here comes another worry: Their Bluetooth connection can be exploited.

The short answer is yes. The long answer? Some people do it for mischief, others for criminal purpose, and even governments are in on the game.

How could an algorithm spot trolls on the Internet?

If youve spent any time online, youve probably run into someone who seems to want nothing more than to stir up trouble and make others miserable. What if a program could find and weed out these trolls?

Online harassment seems to know no bounds, with new opportunities for meanness evolving all the time. Ever heard of dogpiling or doxing?

Remember that crazy video you made with your friends years ago? Yes, you do, but you also wish it wasnt the first thing that pops up in a Google search of your name. Well, rejoice! Theres a way to get it out of Google.

Do you know what youre doing when youre dropping dox on somebody? Its called doxxing, and while its technically not illegal, its probably not a very nice thing to do to someone.

Exactly what is a zero-day vulnerability?

Viruses. Malware. Spyware. Add to the seemingly ever-growing list of things we have to worry about when dealing with computers one more factor: zero-day vulnerability. So just what the heck is it, and how does it put us at risk?

Is the Chinese army hacking American computers?

After attacks on U.S. companies, government entities and news organizations, a cybersecurity firm traced the hacks back to a single 12-story building on the outskirts of Shanghai. Why does this location raise more questions than answers?

Does Marie Antoinette Still Roam the Halls of Versailles?

How the Alphabet May Have Destroyed Goddesses

a division ofInfoSpace Holdings LLC,

Get the best of HowStuffWorks by email. Keep up to date on:

Privacy Policy

Office of Equal Employment Opportunity and Workplace Inclusion

Office of Administrative Law Judges

What You Need to Know About the Office of the Inspector General

Commemorating the 40th Anniversary of the IG Act

Council of the Inspector General on Integrity and Efficiency (CIGIE)

Reporting Fraud, Waste, Abuse or Mismanagement

Notice Concerning Nondisclosure Policies, Forms, or Agreements

Freedom of Information Act Contacts

Companies and People Banned From Debt Relief

Statute, Rules and Formal Interpretations

Post-Consummation Filings (HSR Violations)

Retrospective Review of FTC Rules and Guides

Other Applications, Petitions, and Requests

US Submissions to OECD and Other International Competition Fora

Magnuson-Moss Warranty Public Audit Filings

International Technical Assistance Program

International Cooperation Agreements

Competition & Consumer Protection Authorities Worldwide

Submit a Consumer Complaint to the FTC

List a Number on the National Do Not Call Registry

Get a Free Copy of My Credit Report

File Documents in Adjudicative Proceedings

What Does the FTC Do with Your Personal Information?

Federal law requires us to tell you how we collect, use, share, and protect your personal information. Federal law also limits how we can use your personal information. Protecting the privacy and security of consumers personal information is very important to us. Please read this notice carefully to understand what we do with the personal information we collect both online and offline.

When you contact us to help you with a problem, we may collect personal information about you. We collect and use only the information necessary to respond to your concerns and conduct investigations. In most instances, we collect minimal personal information, such as name, address, telephone number, or email address. In limited cases, depending on the nature of your request or of our law enforcement investigations, we also may collect other personal information such as Social Security numbers, account numbers, or mortgage or health information. We also may collect information about your visit to our websites for security and internal operations purposes.

When do we collect personal information?

to order publications, obtain redress, or register for the National Do Not Call Registry.

to file a complaint or seek help for possible consumer fraud or identity theft.

to file a public comment or participate in a rulemaking, workshop, or community engagement project.

to ask if you will participate in a consumer survey.

to provide information in response to a subpoena or other legal process.

to collect information about potential victims when we investigate possible law violations.

we use consumer information to further our law enforcement investigations.

our contractors use your information when they perform certain services, such as operating the National Do Not Call Registry or our Consumer Response Center, processing redress claims, or fulfilling your order for publications.

To other government agencies (federal, state, local, international)…

we work with our partners to investigate complaints, coordinate law enforcement investigations, cooperate with oversight investigations, or follow up on ID theft reports.

we post public comments and transcripts, including names, state of residence, and other non-confidential information, on the FTC website in a rulemaking, workshop, blog, or other public FTC proceeding.

we provide information to credit bureaus for complaints about consumer fraud, ID theft, or credit reports.

we provide only your phone number to telemarketers to enforce the National Do Not Call Registry.

we provide information to businesses or individuals in response to court orders, subpoenas,

or Freedom of Information Act requests, or to resolve complaints.

we usethird-party serviceson our websites to assist in communicating or interacting with the public.

Additional FTC Privacy-Related Information

FTC Use of Third-Party Services & Websites

The FTCs Privacy Act rules including our procedures, timelines, and instructions for submitting Privacy Act requests, and a list of FTC systems of records that are exempt from the Acts requirements  are published at16 C.F.R. 4.13.

List ofFTC Privacy Act Systems of Records

For more information about making a Privacy Act request, visit ourFOIA request pageor use ouronline request form.

Questions or Complaints About This Privacy Policy

Write to the FTCs Acting Chief Privacy Officer:

Visitftc.gov/idtheftto learn about the crime of identity theft, including detailed information to help you deter, detect, and defend against it.

VisitOnGuardOnlineto learn how to be on guard against Internet fraud, secure your computer, and protect your personal information.

Visit ourContact Uspage to find email, phone, and mail contact information and links to our secure online complaint forms.

Personal Information Collected by the FTC

Information Collected From FTC Websites

Limiting Use of Personal Information

Information Collected by Third-Party Services

Submit a Consumer Complaint to the FTC

List a Number on the National Do Not Call Registry

Get a Free Copy of My Credit Report

File Documents in Adjudicative Proceedings

Hotspot Shield

Internet cookies are small text files (255 characters or less) that are placed on your web browser or computer by web servers.

A cookie is created when you first visit a site that wants to store information. This text file usually includes a name, an expiration date, a coded number, and the domain name of the visited site.

When you return to a site, the cookie tells the site that a computer with code XYZ has returned and reminds it of your activities and preferences on your previous visits.

These details can include pages visited at the site, what you did when you were on the site, how many times you visited the site, language preferences, the IP address of your device, and your login information.

The information collected from cookies enables websites to offer convenient logins and authentication, personalized experience for you through preference setting and language setting, enhanced online shopping experience, ad management, and more. So in and of themselves, cookies are not bad things.

Cookies, for example, do not store any of your personal information such as your email address or phone number. However, because they allow third-party sites to track you across the web, there can be a downside to cookies , particularly if you are concerned about what some refer to as targeted advertising and others as online spying or invasion of privacy.

When a website sends the requested information to you, it also sends your web browser a cookie to help it track what was sent and how. This can be either a session cookie which is only for the specific visit or a persistent cookie that is saved in the web browser for an extended period of time.

Session Cookies Session cookies help websites to recognize you and remember the information provided by you as you move from one page to another within the same website. For example, e-commerce sites use session cookies to remember the items you place in your shopping cart as you go from one page to another on the site. Without session cookies, your shopping cart will be empty upon Checkout since your shopping activities on prior pages will not be remembered.

Session cookies only retain information about your activities during your visit to the site. Once you close the browser, the session cookies are lost and the site will not recognize you the next time you return to the site.

Persistent cookies Persistent cookies can exist for an extended period of time until expired or until they are deleted. They enable the site to recognize you on a continuous basis. This is done by the web server planting a small text file with a unique ID tag on your computer, while keeping a matching file on the server. On subsequent visits to the site, your browser delivers this cookie over to the site, allowing the site to retrieve the matching file.

Persistent cookies enable websites to remember your preferences and settings (i.e. login information, language selection, font size preference, etc) so that they can offer you a more personalized and convenient access the next time you visit. For security purposes, your login information is generally encrypted by the web server before it gets stored in a cookie.

Cookies can come from multiple sources. First party cookies are sent directly by the visited site and they are usually identified by the sites domain name.

Then there are the third-party cookies, which come from those with an interest in the site such as advertisers and ad servers. They are difficult for the average user to identify because they can be connected to any banner ad on a site.

These third-party cookies allow advertisers and ad servers to alternate the ads sent to a specific computer and to track how often an ad has been viewed and by whom.

Cookies are not seen as a direct threat to privacy or security but they raise a host of indirect issues. Generally speaking, cookies do not contain private data (except for credit card numbers and IP addresses at times) and cannot be used to transmit malware or virus. Thats the good news. The bad news concerning privacy is on the practice of cookie profiling.

Cookie profiling is the use of multiple tracking cookies to track your overall activities online over a period of time and then to compile these data to create a profile of you. The data may include your browsing activities, your demographic data, and some other statistical information. Advertisers obtain the cookies from different sources, usually from popular websites with high traffic volume.

This may not seem like a big deal to some, but it is a big concern for those who take their privacy seriously.

By doing cookie profiling, advertisers can target ads that are more relevant to your interests and buying preferences. Some people may not mind this, while others equate this to cyber-stalking.

One of the largest ad servers isGoogles AdSense/Adwords network, which places ads on millions of web pages. Based on a devices past browsing history and ad clicking history, Google is able to serve ads that closely match the device or individual users preferred types of internet content. For example, a car enthusiast might be sent automobile related advertisements, even if he/she is at a site unrelated to the auto sector.

Cookies generally do not cause any harm if the sites you visit are trusted and legitimate. Make sure to read their online privacy policies if you are not sure.

If youre still concerned with what information is collected about you and how your information is shared by the cookies, you have several options when it comes to cookie management.

At the basic level, most browsers let you delete either individual cookies or to remove all of them. You can also choose to set up your browser so it only accepts first-party cookies, which will make it easier to log in to the sites you regularly visit, but will not leave you open to third-party advertising tracking cookies. For instructions on disabling cookies, visit

There are also cookie managers and browser plug-ins such as Firecookie, which enable you to view and manage cookies in your browser.

Computer users in the United States can also opt out of third-party cookies by going through In the EU, first-time visitors to a site are sent a popup notification of cookie use and given an option to change the settings.

Not all cookies are created equal and stored in the same location. Supercookies, also known as flash or zombie cookies, are stored either online or in the users computer outside of the usual location in the web browser. This makes them difficult to detect or manage using the standard cookie management tools.

For more information on supercookies and how to manage them, visit

Some of the information provided on this article was taken from the sources below. You may also refer to the sources below to get additional information on cookies and how to protect your privacy online:

Join over 600 million users already enjoying absolute Internet Freedom around the world by downloading Hotspot Shield VPN.

How Internet Cookies Work

If you have read the article to this point, you may be wondering why there has been such an uproar in the media about cookies and Internet privacy. You have seen in this article that cookies are benign text files, and you have also seen that they provide lots of useful capabilities on the Web.

There are two things that have caused the strong reaction around cookies:

The first is something that has plagued consumers for decades. Lets say that you purchase something from a traditional mail order catalog. The catalog company has your name, address and phone number from your order, and it also knows what items you have purchased. It can

to others who might want to sell similar products to you. That is the fuel that makes

possible. On a Web site, the site can track not only your purchases, but also the pages that you read, the ads that you click on, etc. If you then purchase something and enter your name and address, the site potentially knows much more about you than a traditional mail order company does. This makes

much more precise, and that makes a lot of people uncomfortable. Different sites have different policies. HowStuffWorks has a strictprivacy policyand does not sell or share any personal information about our readers with any third party except in cases where you specifically tell us to do so (for example, in an opt-ine-mailprogram). We do aggregate information together and distribute it. For example, if a reporter asks me how many visitors HowStuffWorks has or which page on the site is the most popular, we create those aggregate statistics from data in the database.

The second is unique to the Internet. There are certain infrastructure providers that can actually create cookies that are visible on multiple sites.DoubleClickis the most famous example of this. Many companies use DoubleClick to servebanner adson their sites. DoubleClick can place small (1×1 pixels) GIF files on the site that allow DoubleClick to load cookies on your machine. DoubleClick can then track your movements across multiple sites. It can potentially see the search strings that you type intosearch engines(due more to the way some search engines implement their systems, not because anything sinister is intended). Because it can gather so much information about you from multiple sites, DoubleClick can form very rich

. These are still anonymous, but they are rich. DoubleClick then went one step further. By acquiring a company, DoubleClick threatened to link these rich anonymous profiles back to name and address information — it threatened to personalize them, and then sell the data. That began to look very much like spying to most people, and that is what caused the uproar. DoubleClick and companies like it are in a unique position to do this sort of thing, because they serve ads on so many sites.

is not a capability available to individual sites, because cookies are site specific.

For more information on Internet cookies and related topics, check out the links on the next page.

Guarding Your Network Against Russian Hackers

Blockchain Technology Ready to Disrupt the World

Can You Really Delete Your Internet History?

Companies Are Figuring Out How to Turn the Tables on Hackers

2016 Broke the Record for Stolen Data

a division ofInfoSpace Holdings LLC,

Get the best of HowStuffWorks by email. Keep up to date on:

Site Information

Office of Equal Employment Opportunity and Workplace Inclusion

Office of Administrative Law Judges

What You Need to Know About the Office of the Inspector General

Commemorating the 40th Anniversary of the IG Act

Council of the Inspector General on Integrity and Efficiency (CIGIE)

Reporting Fraud, Waste, Abuse or Mismanagement

Notice Concerning Nondisclosure Policies, Forms, or Agreements

Freedom of Information Act Contacts

Companies and People Banned From Debt Relief

Statute, Rules and Formal Interpretations

Post-Consummation Filings (HSR Violations)

Retrospective Review of FTC Rules and Guides

Other Applications, Petitions, and Requests

US Submissions to OECD and Other International Competition Fora

Magnuson-Moss Warranty Public Audit Filings

International Technical Assistance Program

International Cooperation Agreements

Competition & Consumer Protection Authorities Worldwide

Submit a Consumer Complaint to the FTC

List a Number on the National Do Not Call Registry

Get a Free Copy of My Credit Report

File Documents in Adjudicative Proceedings

Small Business Comment Non-Retaliation Policy (PDF)

Submit a Consumer Complaint to the FTC

List a Number on the National Do Not Call Registry

Get a Free Copy of My Credit Report

File Documents in Adjudicative Proceedings