Cookies were created in 1994 by Lou Montulli of Netscape Communications (the company responsible for the most popular web browser in the early days of the internet) to create a more seamless experience for people making commercial transactions online. The term “cookie” was derived from an earlier programming term, “magic cookie,” meaning a packet of data that remained unchanged even after being sent and received several times.
What Are Cookies?
Cookies aren’t just a delicious treat to be had with milk. They’re text files that are created when users visit websites. They store information such as shopping cart contents, registration or login credentials, and user preferences. This is done so that when users revisit sites, any information that was provided or preferences that were set in previous sessions can be easily retrieved.
Different types of cookies
- Session cookies: Session cookies are also known as transient cookies or per-session cookies. Session cookies store information such as user behavior and browsing history, while the user is visiting the website. These cookies are deleted once the user ends the session.
- Persistent cookies: Persistent cookies are stored for a specific length of time. These cookies remain on your device until they expire or are deleted. Persistent cookies are sometimes called tracking cookies because they are used to collect user information such as browsing habits and preferences.
- First-party cookies: First-party cookies are cookies set by websites that users directly visit. These cookies often store information that is relevant or related to the site, such as preferred settings or user location.
- Third-party cookies: Third-party cookies are cookies that come alongside third-party content, such as embedded videos, ads, web banners, and scripts, on a visited website. Advertisers often use third-party cookies to track user behavior.
- Supercookies: Supercookies are similar to session cookies in that they also track user behavior and browsing history. However, they also have the ability to re-create users’ online behavior, even after regular cookies have been deleted. Supercookies are stored in different places than standard cookies. This makes detecting and removing them more difficult for the average user. Supercookies are sometimes called “zombie cookies” or “evercookies.”
- Flash cookies: Flash cookies or “local shared objects” (LSOs) are data files that are stored on computers by websites that use Adobe® Flash®. Like session cookies, Flash cookies can store user information in Flash applications. Flash cookies are sometimes used by sites as “backup” once the browser cookie is deleted.
Why you should be concerned about cookies
- Potential security risks: While cookies can be a time-saver and are necessary for some sites to work correctly, they also have some potential security risks because they can open your computer up to threats from spyware and worms. While executing on a user’s infected system, these worms and spyware programs search for cookies related to popular websites such as Facebook, Google, and Amazon. Once a match is found, they access the user’s profiles on those websites using the credentials contained in the cookie files. For Facebook, in particular, the worms then modify the user’s profile to include a link pointing to malware to infect more systems.
- Zombie cookies: Zombie cookies are from a third party and remain permanently installed on users’ computers. A “zombie cookie” is a cookie that re-creates itself after being deleted! They are sometimes called “supercookies” and are extremely difficult to remove.
- Notable cases: While cookies cannot carry or install malware onto computers, they can be exploited by cybercriminals in their malicious schemes. Some notable cases are listed below:
-In November 2010, the Koobface worm was observed searching for cookies related to Facebook and using the stolen credentials to log in to victims’ accounts.
-In May 2011, an Internet Explorer® zero-day bug was exploited to hijack session cookies using social engineering tactics.
-In July 2011, an attack on numerous e-commerce websites used malware that searched for internet caches, cookies, and browsing histories in order to steal login credentials and other data.
3 tips to protect yourself
- Disable third-party cookies: It is third-party cookies that are the biggest privacy concern. These are cookies that aren’t from the sites you visit but from other companies. You can tweak your web browser’s built-in settings to block third-party cookies only. This way, the sites you visit retain their functionality, but your data is not being sent to third parties.