Internet Cookies: How does it work and is it dangerous to our online security?

Tien Nguyen

Whenever you are browsing on the Internet, you’ll see a notification saying “This website uses cookies in order to offer you the most relevant information. Please accept cookies for optimal performance”. It will pop up on your screen. Most of the time you will click the agree button and go about your merry way. But you are here because you want to know what exactly cookies are and how they work. It’s not that sweet cookie that grandma whips up in the kitchen. We are talking about website cookies which are more formally called HTTP cookies

Website cookies simple explanation

A cookie is a small piece of data from a specific website that is stored on a user’s computer while they are browsing the web. They can have many functions such as: keeping track of a user’s browsing activity in order to serve up targeted information such as ads for goods and services. This is why when you are browsing Amazon for a Halloween costume for your dog, you might see ads for more dog costumes on Facebook later that day. Cookies can also have simple functions like remembering your login details for a specific website such as Facebook so you can close out of it and reopen it again later without having to log back in again. Cookies can also allow website owners to track exactly how many unique visitors they are getting to their website because each cookie has its own unique ID so if user visits the same website two or three times a day, a cookie can allow us to count this as one unique viewer so website owners can collect more accurate data about their website traffic.

So where did the cookie come from ? How did it get its name? The first cookie was invented in 1994 by a 24 years old programmer for Netscape Communication named Lou Montulli. He was creating an online store for a company that said that their servers were getting too full from storing each individual user's shopping cart data while they were browsing the store. Lou was asked to figure out the way to store each user’s shopping cart data on their computer which would then save server space for the company and save them money. So he thought back to an old computing token called the magic cookie which was used to identify when somebody would log into a system by passing a tiny bit of information between the server and the computer. Lou then recreated this concept for web browsing and thus the modern-day cookie was born. Cookies today are still used to identify your computer, but now they have the added function of also tracking your activities, which can be very helpful or be a breach in privacy depending on how the website decides to use this information. That is why you get a little notification whenever you visit a website that uses cookies because they are legally obligated to inform you in their cookie policy of what they use these cookies for.

Types of Internet cookies

There are several types of cookies, it is depending on how you categorize them

Depending on their lifetime, they can be

Session cookies

A session cookie only lasts for the duration of the users using the website. A web browser normally deletes session cookies when it quits. A session cookie expires if the user does not access the website for a period of time chosen by the server (idle timeout) . If someone were to come behind us and use our computer, they wouldn’t be able to see anything on site that uses session cookies because they would have to answer our username and password again.

Persistent Cookies

A persistent cookie will outlast user sessions. If a persistent cookie has its max-age set to 1 year, then, within the year, the initial value set in the cookie would be sent back to the server every time the user visits the server. This could be used to record a vital piece of information such as how the user initially came to the website. For this reason, persistent cookies are also tracking cookies.

These are kinds of cookies that are used on websites that need to know who we are but offer us the ability to “remember me” when we enter our username and password. When you select “remember me”, the site will allow you into your account automatically.

Do not use this feature when someone else is going to use the computer you are on.

If you click the logout function, the cookie will be deleted and you will have to authenticate yourself again.

Judging by their domain, cookies are:

First-party cookies

1st party cookies are created and stored by the website you are visiting. They allow site owners to collect customer analytics data, remember language settings, and carry out other functions to provide you with a good user experience.

Third-party cookies are cookies being set with a different domain than the one shown in the address bar. For example, if you were to visit SendFlowers.com, it may set a cookie for the address of ad.someadvertiser.com. Later, when you visit RebuildEngines.com, it will set a cookie for ad.SomeAdvertiser.com. Both of these cookies will be used by SomeAdvertiser.com to ascertain that you are the person who sends flowers and works on car.

This is where cookies get a little tricky. Third-party cookies are used by advertising agencies who have clients that pay for displaying ads for products and services but they don't want to waste money displaying them to people who are not going to be a customer. So they need to track the types of site you visit and make an educated guess if you are the kind of person who would be in the market for what they have to offer.

Not all cookies are saved in your browser:

A zombie cookie is any cookie that is automatically recreated after a user has deleted it. This is accomplished by a script storing the content of the cookie in some other locations, such as the local storage available to Flash or Silverlight content , HTML5 games and other client side mechanisms.

Zombie cookies are initially used to keep people from cheating in on-line games. These cookies are written from the  little widget you download in order to play the game.

You have to “accept” a download in order to have one of these written to your computer, so if you are not playing a game or know exactly what is being installed, then select “No”.

Super Cookies

A Super Cookie is a cookie with a public suffix domain, like “.com”, “.co.uk”, or”.k12”. Most browsers by default allow first-party cookies - a cookie with domain to be the same or the sub domain of the requesting host. For example, a user visiting  www.google.com could have a cookie set for all of .google.com

As companies add more and more services, they want you to easily move from one of their services to another. These Super Cookies do just that. Make sure you “opt in” to each and every service, some malicious individuals will try to make their site look like the real site in order to fool you.

How does a cookie work ?

Now, for the age-old question: how does a cookie work? When you visit a website for the first time, let’s just say it’s an example. An online store on a website puts a cookie on your hard drive that has its own unique identification code. The site then uses this ID to keep track of your session. The session being your overall visit on their website from start to finish, The reason it does it is to keep track of things like which item you put in your shopping cart or which item you looked at so it can suggest similar items or even save coupon code for you that can be used later even if you close out of the website then come back to it. And they have many more functions than this. This is just some of the most common ways. Now a cookie is only specific to that website, meaning that they can’t track you on a totally different website.

In case they can, that’s because of a type of cookie called a third-party cookie. Let’s explain this with an example. You are browsing around a website and that has a button to like or share on facebook embedded into it. This button has to talk to Facebook.com, which means that facebook can now send their own cookies through this website in order to track your activities, and then most likely serve up some targeted ads for you on your Facebook newsfeed later.

With this technique, social media websites could track you with first party cookies but in a third party context. Let’s say you create/ register an account on Facebook. Once you do this, you are assigned a first party cookie by Facebook that is unique to you. After this, you open the website https://www.website1.com which has a Facebook like button on its page. You get back a response, rendering the website on your browser. On rendering the website, the code snippet or script is embedded in the website to render the Facebook “like” button, instructing your browser to make a request to Facebook servers. When doing this, your browser sends your Facebook cookies along with the request. The Facebook server responds and the like button is displayed on the web website1.com. This way, Facebook builds a browsing profile of you and would know if you browsed website1.com.

Overall, cookies are a way for a website to remember you, your preferences, and your habits online.

Security threats of Internet cookies

Common risks that can affect users are security and privacy. The leak of personal information will also happen on any website you visit.

A cookie is nothing but a file stored on your computer that contains data and helps a website identify your visit. Therefore, cookies themselves cannot be used to spread viruses or malicious code.

However, since Cookies are often used to manage user state (for example login status), there may be some security related issues when using Cookies. For example, Cookies that save the user's login state are stolen, hackers can use these Cookies to impersonate the user and perform interactions with the website without logging in. Some browser extensions allow sharing Cookies so that different users can access the same account without knowing access information such as username and password.

Here are some of the ways attackers can steal your cookies.

Brute force attacks

This is the most basic yet tedious type of cookie hijacking.

Malware injections

Malware can be used to also spy on you and record your browser session.

A hacker can infect your device with malware that records and hijacks your browser’s cookie files, including your session cookies.

Cross-site scripting

Cross-site scripting attacks enable hackers to inject client-side scripts into web pages.

By using JavaScript, the attackers try to get your session cookies. The easiest way to do this is through phishing links.

Packet sniffing

When malicious parties collect and log packets that pass through a computer network, often without your knowledge or consent, it’s called packet sniffing. A network or Wi-Fi analyzer is the tool for this.

Through packet sniffing, attackers can intercept and log your data, including your session cookies.

How to stay safe and secure in the Internet

Not all cookies are privacy breaching parasites and they will generally help you have a much more enjoyable user experience on the web and save you lots of time. Cookies are not the bad things that Internet programmers are using to steal your personal information. Used probably, they can really add to your overall experience while using the Internet.  Stick to the advice below and you’ll be as safe as you can be

  • Make sure you are using an up-to-date web browser
  • Read the privacy notices on the websites you visit
  • Make sure your antivirus software has all its updates.
  • When it doubts - do not agree with anything.

If you want to prevent third party tracking, for starters, you could modify your browser privacy setting. You could set it up such as your browser “Blocks third-party cookies” or cross site tracking cookies. Also switch on the “Do not track” option.

You could set your browser “Clear cookies and site data when you close all window

You could make your privacy more robust by installing ad/script blocking extensions like Privacy Badger, uBlock Origin, or Ghostery,.

Moreover, at an advanced stage, if you need to use multiple profiles and want complete security for professional work, you might need to consider using the Anti-detect Browser tool  to have a good security solution . It will help you create separate browsing environments with their own digital fingerprint: different browser headers and other identifying information.

Antidetect browsers are often used to manage multiple accounts on social media, control merchant profiles on e-commerce platforms like Amazon, or run Google Adwords. Now, Hidemyacc is one of the best software for multi-login purpose in the market.  With Hidemyacc, you can control your fingerprints and manage your profiles and you still remain anonymous. Each profile will act as they are running on a different computer and separate environment. As a result, each profile will contain a different cookie and will be uploaded on a cloud (or not, based on your permission). So you can freely Making Money Online (MMO) without being tracked and detected by web-servers like Google, Facebook, Amazon, Etsy, Ebay... ️️

Hidemyacc software will help you hide original computer parameters and create multiple new computer parameters for each profile, supporting users to access the internet with multiple accounts without being detected. Download Hidemyacc and start your 7-day trial now!

DOWNLOAD


If you have any further questions, comments, or suggestions, feel free to contact us via Telegram, Skype, or Facebook Messenger support.

Read more