What are cookies and what should users know about handling them?
Almost every PC user will have at some point or another come across cookies when using a browser to surf the Internet. Do you want to accept cookies? Do you want to enable cookies, block cookies and of course delete cookies? These are all questions that most of us have been asked by our machines at some point over the years.
What are cookies anyway?
A cookie is a small data file containing information about a particular website and a user’s history and track record of visiting the site itself. A cookie file may be updated just once, or multiple times if a user revisits a site’s various different subsections and engages in different levels of registration or other interactivity.
The cookie file can be updated by both the user’s own computer and also by the web server where a particular website’s pages “live” in cyberspace. When a user submits information to the website during normal usage, data is written to the cookie file.
Cookies can of course be deleted, but while a user agrees to leave them actively enabled on his or her machine they will continue to play a role communicating with a website’s “scripts” (small computer programs), which have been specifically built to talk to cookies to learn what preferences a user may have for any particular web pages.
Given this basic amount of detail on what cookies are and how they work, you can see that they are not necessarily a bad thing. Most users would probably agree that they are happy about their favorite websites knowing who they are so that they can be presented with custom-tailored content specific to their likes and interests.
Why is there a negative view of cookies?
So while it is true that cookies will only ever be able to store information a user has willingly given up and submitted, something of a negative aura has arguably been created around the residency of cookies on users’ machines. This may be down to natural user skepticism related to some “fear of being watched”, but the presence of cookies from websites that have been ranked as safe by a user’s anti-malware Internet security protection software do not necessarily or automatically pose a threat to a machine’s data and applications.
Indeed, the apprehension borne out by some user’s discomfort with cookies has been reflected in moves taken in the European Union by the Privacy and Electronic Communications Directive. This edict, is intended to require web site owners to seek consent from users before they can send cookies to their machines.
With public policy cookie guidelines about to now solidify, reports have suggested that there are as many as 14 tracking tools in action on many sites today. The prevalence of this many tools could mean as many as 140 cookies and trackers are working together on any single webpage that users will typically visit.
Some users also think that the “stockpiling” of cookies by their machine will use up valuable hard disk space and potentially slow their computer down. This should not generally be a concern; cookies themselves are typically very small files of around 4 kilobytes, so 300 cookies would take up just over one megabyte of space.
The upshot of current governmental discussion (in Europe at least) are the now fairly hard hitting comments that have been made by the Information Commissioner’s Office (ICO), which has said that website owners “must try harder” in terms of complying with new cookie laws. The ICO wants companies to present cookie information “upfront” and tell people that cookies are present, what they are doing and, ultimately, to request users’ consent to store a cookie on their device before doing so.
So-called “zombie cookies” do exist that will persist on a user’s machine after repeated deletion (a trick accomplished by a script writing them to the computer in more than one place), but for the purposes of this overview we can classify zombies as malicious and therefore a target for Internet security software.
So is a cookie a piece of malware or a computer virus of some form? Unless your security software flags it up as such, the answer is no.