We hear a lot about cookies these days. And often, the things we hear aren't positive:
- Cookies are spying on us
- Cookies can track our every move
- Cookies contain viruses
- Cookies are responsible for spam or popups
Bottom line, there is a lot of fear, uncertainty, and doubt (and some straight-up lies) about what cookies are, and what they can do. Let's clear that up a bit!
First of all, what is a cookie? A cookie is simply a small piece of text that is saved on your computer by a website. The cookie has a name (eg: "username"), a value (eg: "John"), an expiry date, an associated domain, and a couple other properties (all just text). This means a cookie is not:
- A virus
- An ad
- A program
Did you know? "Local Storage" is a modern technology that has a similar role as cookies, but offers more security and storage. Many of the traditional uses of cookies are also often implemented through Local Storage.
Common uses of cookies include:
- Tracking and analytics: People who run websites want to understand their visitor behaviour to make better sites, show more ads, sell more products, and make more money. When you visit a website, they initially don't know much about you, and it's difficult to recognize that you are the same person who visited their site last week. By assigning you a unique user ID and saving that in a cookie, every time you visit the site, they can send data on that visit with your ID back to their servers to analyze. Now your two visits have the same user ID and can be linked.
- Shoping carts: Ever notice that some sites can save your shopping cart even without you signing in? Cookies! When signed in, sites can easily store and retrieve your shopping cart in a database on their servers. But if you don't sign in, again it's hard to recognize you. So they can save a list of products in a cookie and read those any time you navigate to the cart page to make the checkout process easier.
- Sign in: Sites that users can sign in to require cookies for basic functionality. When you sign in, the server sends your computer an encrypted 'key' to idenfity you uniquely and securly. Now as you navigate around the site, each new page that loads can check if you have this key and ask the server for the right info for the person holding this key.
- Personalization: Cookies can also be used to personalize a site just for you. Sometimes, your browsing habits on the site are saved to a cookie, like which products you viewed. The site can then read this cookie when you return and display relevant content for you. Alternatively, if a site wants to personalize for you based on data that is saved elsewhere (ie a database containing your purchase history), they will use a cookie with a unique ID (similar to the analytics cookie above) that can then be used to look up your data in the database.
Did you know? You can check exactly which cookies a site has saved on your computer. For example, in Chrome, choose View > Developer Tools > Application > Cookies.
One important note about cookies is that they are tied to a domain, meaning that one site you visit can't view the cookies from other sites. However, clever engineers have found ways around this. For example, Facebook offers a feature for websites called 'Facebook Pixel' that lets developers add Facebook features to their site (like Facebook sign in, sharing shortcuts, or ads). Developers benefit by being able to offer more targeted ads, and Facebook benefits by being able to track your browsing data across all sites that use the Facebook Pixel! (Side note: want to see what data Facebook has gathered on you? Try out the Rightly app).
There's lots more to know about cookies, but hopefully this post gives you a good starting point. Cookies are nothing to be afraid of; rather they make possible many of the things we love about the internet!