About cookies

What are cookies in computers?

Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’).

Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier. If a website doesn’t use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it won’t recognise you and it won’t be able to keep you logged in.

Some websites will also use cookies to enable them to target their advertising or marketing messages based for example, on your location and/or browsing habits.

Cookies may be set by the website you are visiting (‘first party cookies’) or they may be set by other websites who run content on the page you are viewing (‘third party cookies’).

What is in a cookie?

A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or what’s in your shopping basket.

What to do if you don’t want cookies to be set

Some people find the idea of a website storing information on their computer or mobile device a bit intrusive, particularly when this information is stored and used by a third party without them knowing. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of that website.

Standard uses for browser cookies

Website servers set cookies to help authenticate the user if the user logs in to a secure area of the website. Login information is stored in a cookie so the user can enter and leave the website without having to re-enter the same authentication information over and over.More information

Session Cookies are also used by the server to store information about user page activities so users can easily pick up where they left off on the server's pages. By default, web pages really don't have any 'memory'. Cookies tell the server what pages to show the user so the user doesn't have to remember or start navigating the site all over again. Cookies act as a sort of “bookmark” within the site. Similarly, cookies can store ordering information needed to make shopping carts work instead of forcing the user to remember all the items the user put in the shopping cart.

Persistent or tracking Cookies are also employed to store user preferences. Many websites allow the user to customize how information is presented through site layouts or themes. These changes make the site easier to navigate and/or lets user leave a part of the user's “personality” at the site. For Information on session and persistent and tracking cookies, see here

Cookie security and privacy issues

Cookies are NOT viruses. Cookies use a plain text format. They are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Since they cannot perform these functions, they fall outside the standard virus definition.

Cookies CAN be used for malicious purposes though. Since they store information about a user's browsing preferences and history, both on a specific site and browsing among several sites, cookies can be used to act as a form of spyware. Many anti-spyware products are well aware of this problem and routinely flag cookies as candidates for deletion after standard virus and/or spyware scans.See here for some privacy issues and concerns.

The way responsible and ethical web developers deal with privacy issues caused by cookie tracking is by including clear descriptions of how cookies are deployed on their site. If you are a web developer and need advice on implementation of cookies and a privacy policy, we suggest you contact marketing specialists who offer search engine optimisation services. These privacy policies should explain what kind of information is collected and how the information is used. Organizations using the cookies initiative started by IAB Europe include: InviteMedia Networkadvertising.org : andAntor

Most browsers have built in privacy settings that provide differing levels of cookie acceptance, expiration time, and disposal after a user has visited a particular site. Backing up your computer can give you the peace of mind that your files are safe.

Types of Cookies

First party cookies

First party cookies are set by the website, you are visiting and they can only be read by that site.

Third party cookies

Third party cookies are set by a different organisation to the owner of the website you are visiting. For example, the website might use a third party analytics company who will set their own cookie to perform this service. The website you are visiting may also contain content embedded from, for example YouTube or Flickr, and these sites may set their own cookies.

More significantly, a website might use a third party advertising network to deliver targeted advertising on their website. These may also have the capability to track your browsing across different sites.

Session cookies

Session Cookies are stored only temporarily during a browsing session and are deleted from the user’s device when the browser is closed.

Persistent cookies

This type of cookie is saved on your computer for a fixed period (usually a year or longer) and is not deleted when the browser is closed. Persistent cookies are used where we need to know who you are for more than one browsing session. For example, we use this type of cookie to store your preferences, so that they are remembered for the next visit.

Flash cookies

Many websites use Adobe Flash Player to deliver video and game content to their users. Adobe utilise their own cookies, which are not manageable through your browser settings but are used by the Flash Player for similar purposes, such as storing preferences or tracking users.

Flash Cookies work in a different way to web browser cookies (the cookie types listed above are all set via your browser); rather than having individual cookies for particular jobs, a website is restricted to storing all data in one cookie. You can control how much data can be stored in that cookie but you cannot choose what type of information is allowed to be stored.

Other cookie-based threats

Since identity protection is highly valued and is every internet users right , it pays to be aware of what threat cookies can pose.

As cookies are transmitted back and forth between a browser and website, if an attacker or unauthorized person gets in between the data transmission, the sensitive cookie information can be intercepted. Although relatively rare, this can happen if the browser is connecting to the server using an unencrypted network like an non-secured WiFi channel.Internet security is only attainable if you regualrly use a anti-virus protection programme.

Other cookie-based attacks involve exploiting faulty cookie-setting systems on servers. If a website doesn't require browsers to use encrypted channels only, attackers can use this vulnerability to trick browsers into sending sensitive information over insecure channels. The attackers then siphon off the sensitive data for unauthorized access purposes.

New Laws for the use of cookies and other technologies that store online user information.

On May 26th 2011, new rules governing the use of cookies by websites comes into force in Europe.

Rather than the "Opt out" option for website visitors, websites will need to specifically gain the consent of their visitor and they must "Opt In" to be able to store cookies on their computer or other devices.This is expected to be difficult to manage and enforcement will more than likely be done subtlely and with encouragement rather than with the threat of fines and penaltys.

What does the new law say?
The new requirement is essentially that cookies can only be placed 
on machines where the user or subscriber has given their consent. 
6 (1) Subject to paragraph (4), a person shall not store or gain 
access to information stored, in the terminal equipment of a subscriber 
or user unless the requirements of paragraph (2) are met. 
(2) The requirements are that the subscriber or user of that terminal 
equipment-- 
(a) is provided with clear and comprehensive information about the 
purposes of the storage of, or access to, that information; and 
(b) has given his or her consent. 
(3) Where an electronic communications network is used by the 
same person to store or access information in the terminal equipment 
of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) 
are met in respect of the initial use. 
“(3A) For the purposes of paragraph (2), consent may be signified by a 
subscriber who amends or sets controls on the internet browser which 
the subscriber uses or by using another application or programme to 
signify consent.
(4) Paragraph (1) shall not apply to the technical storage of, or 
access to, information-- 
(a) for the sole purpose of carrying out the transmission of a 
communication over an electronic communications network; or 
(b) where such storage or access is strictly necessary for the 
provision of an information society service requested by the subscriber 
or user.

Key tips for safe and responsible cookie-based Web browsing

Due to their flexibility and the fact that many of the largest and most-visited websites use cookies by default, cookies are almost unavoidable. Disabling cookies will lock a user out of many of the most widely-used sites on the Internet like Youtube, Gmail, Yahoo mail, and others. Even search settings require cookies for language settings. Here are some tips you can use to ensure worry-free cookie-based browsing:

Customize your browser's cookie settings to reflect your comfort level with cookie security.

If you are very comfortable with cookies and you are the only person using your computer, you may want to set long expiration time frames for storing your personal access information and browsing history.

If you share access on your computer, you may want to set your browser to clear private browsing data every time you close your browser. While not as secure as rejecting cookies outright, this option lets you access cookie-based websites while deleting any sensitive information after your browsing session.

Install and keep antispyware applications updated

Many spyware detection, cleanup applications, and spyware removers include attack site detection. They block your browser from accessing websites designed to exploit browser vulnerabilities or download malicious software.

Make sure your browser is updated

If you haven't already, set your browser to update automatically. This eliminates security vulnerabilities caused by outdated browsers. Many cookie-based exploits are based on exploiting older browsers' security shortcomings.

Cookies are everywhere and can't really be avoided if you wish to enjoy the biggest and best websites out there. With a clear understanding of how they operate and how they help your browsing experience, you can take the necessary security measures to ensure that you browse the Net confidently.