What are cookies, and can I avoid them?

It’s been thirty years since web cookies first rose to prominence, on the now-defunct Netscape web browser.

Back then, the World Wide Web was only three years old, still growing exponentially, and experimenting with technologies that may or may not last the test of time.

While landing pages, Flash animations and Comic Sans fonts have all rightly been consigned to history, cookies have become a cornerstone of modern internet usage.

So what are cookies, and how much do they compromise user privacy when browsing the web?

Early years

Even before web cookies were invented, the term ‘magic cookie’ was being used to define data packets used by the Unix operating system.

The term was reprised for separate text files placed on a user’s device by the websites that device visits, tracking each user individually and learning about their behaviour online.

Each device is assigned a unique ID number that allows return visits to be simplified – logins saved, basket items restored, previous viewed pages remembered, and so forth.

It would be several years before those visitors were officially notified about cookies being stored, by which point the original concept had morphed into several variants:

Session cookies are temporary files retained for the duration of a visit to a website, and then jettisoned once the web browser is closed or the user departs.

Tracking cookies last for a period of time specified by their creator, distributing identifying information to the host site every time the user returns, such as saved login details.

Secure cookies are distributed exclusively across HTTPS connections, meaning they’re less liable to be spied on or have their contents viewed than normal cookies.

Third-party cookies are the most pernicious, since they can track web browsing history and habits across multiple websites.

Because they can monitor anything from your location and personal data to your browsing history and which links you click, cookies can infiltrate many supposedly secure online activities.

When an advert comes up on-screen relating to a product or service you viewed a fortnight ago, cookies are responsible.

When a relative logs into a private account on a shared device because your account details are saved, cookies are responsible.

And when your personal data is sold and resold around the world, by companies you’ve never heard of and for purposes you’ll never be told about, cookies are responsible.

Cookie monster

Websites have relied heavily on cookies to generate revenue by selling user data for targeted advertising, but consumer resistance is leading to changes in cookie policies around the world.

The Google Chrome web browser is going to start phasing out third-party cookies this year, following in the footsteps of Apple.

Consumers already have to confirm they’re happy with cookie use on each website they visit, usually displaying a box that reads “This website uses cookies” and asking them to accept it.

However, reams of small print are usually buried away in sub-menus which few people are aware of – or could understand – and few people have any real understanding of GDPR best practice.

You can reject cookies on individual websites, but avoiding them entirely is nigh-on impossible, even if you use the Tor browser and a VPN.

Upcoming changes to cookie management and legislation are designed to ensure companies can only harvest customer (or visitor) data using approved methods like newsletters and forms.

While media outlets and advertising agencies are concerned about the viability of their business models, most consumers will be delighted not to have their web histories endlessly remarketed.