How important are Cookies for your business?
Most people know that there are cookies all over the Internet. Recent controversies with hackers gathering passwords from user accounts in Yahoo!, people are becoming more and more cautious of using the internet. The hackers broke into Yahoo!’s systems, and learned how to forge its website’s session cookies, this allowed them to log into user accounts without ever typing a password. Cookies are important and can affect your privacy, so you should know what they do. Whether you’re browsing Google or Bing search results, logging into your social media, or just looking through sites, you’re likely to have come across cookies. They aren’t naturally harmful but, just like passwords or email addresses, they can be abused when placed in the wrong hands.
What is a Cookie?
Cookies are text files stored on your computer, and therefore cannot be used to infect your computer with a virus or allow malicious code to run on your computer. So cookies are not deemed dangerous, however there may be concerns over privacy. A cookie is created at the request of the website a user is viewing. The website requests the web browser create a small text file with a small amount of information, which it can access whilst you are viewing the website. The information is usually to provide some functionality such as a shopping cart to enhance the users experience on the site. The information saved in a cookie includes the name of the cookie, a value (which can be a numeric or text value), the domain the cookie is for, the path/page on the website (if not specified then the cookie is for all pages on the domain), cookie expiry date and time, if the cookie is HTTP only (ie cannot be accessed by javascript) and finally if the cookie is secure.
Types of Cookies:
Types of Cookies
How Do Cookies Affect You?
For the most part, cookies are NOT harmful. They’re just another protocol used on the Internet to facilitate communication between users and servers. Cookies cannot carry viruses or malware, nor can they transfer such them to other users. Cookies are actually a necessary part of the Internet experience and they shouldn’t be feared. For example, deleting your cookies will log you out of sites like Facebook where you have stored your passwords, to have a quicker log in process. If you like convenience and personalisation, then cookies are perfect for you. The worst possible scenario would be the interception or forgery of one of your cookies, which would allow another user to impersonate you on some website. This could result in them prying in on your data or hijacking your account credentials. Cookie security mostly depends on the website and your browser; a cookie encryption feature, for example, can help protect you from hackers. A more widespread issue is a specific type of cookie called the ‘tracking’ cookie. These cookies aren’t used to better your experience. As a substitute, they keep track of all of your actions on certain websites. These can be used to build browsing history profiles, which can be used to target specific ads to you. This is where invasion of privacy comes in.
Cookie security and privacy
The major problem of cookies is the information they contain. When a user connects to a website that can be personalised, they will be prompted with several questions in order to build a profile, this information is then stored in a cookie. Depending on the website, the manner in which this data is stored could end up being damaging to the user. For example an online sales site could collect information on users’ preferences by means of a questionnaire, so that they can suggest items that would be of interest to users. Such as knowing that a user is male or female, a site can direct the user the appropriate department to save time (and most importantly sell more). If in addition, the user indicates in his profile that he plays tennis, the site will suggest to him a personalised selection of the latest items regarding that subject. A cookie is therefore a way to create a link between the user’s session (browsing certain pages of a website for a certain amount of time) and the data relating to the user. Ideally, a cookie should contain a random chain (session identification), which is unique and difficult to decipher, and valid only for a given period of time. Only the server should be able to associate the user’s preferences with the session identifier. Therefore, when the session cookie expires, it becomes useless and should not contain any information relating to the user. The cookie should never contain direct user information, and its lifespan should be as close as possible to the duration of the user’s session. Instead, the data stored in the cookie is sent to the server, to the database where the user entered their data (except the IP address and the browser ID which is automatically transmitted to the server). As a result, the cookie should never contain user information that the user hasn’t given himself, nor information on contents of the computer, in other words, the cookie should not collect information from the user’s computer. You should always refuse to give personal information to a website that does not seem legitimate, it has no right to collect your personal information, However even though a cookie is not a dangerous file in itself if it is well designed and if the user does not provide personal data.
Cookie Uses
Cookies are used on websites to provide enhanced functionality on improve the users experience. Examples of website cookie use include:
  • An online store can record items in your shopping cart whilst you are browsing the store.
  • A website can display different content, if you have never visited a site before. Many sites show a cookie warning on first visit to a website.
  • Allow a website to save any preferences set by a user, so that next time the settings don’t need to be set again, e.g. is setting your hometown on a weather website.
  • Can tracking browsing habits. An online store can suggest more useful additional items to buy, based on the previous pages visited.
  • It remembers your login details, so you do not need to repeat typing in your user name and password every time to visit the site (or view different pages on a site).
Cookie law
UK Regulations
Recently all EU countries introduced new rules about the use of cookies on websites, this was an amended E-Privacy Directive of 2009. Each EU country then were require to amend their laws accordingly. The UK introduced the amendments on 25 May 2011 through The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. The relevant section is below: “6. – (1) Subject to paragraph (4), a person shall not store or gain information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met. (2) The requirements are that the subscriber or user of that terminal equipment- (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent. (3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use. (3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent. (4) Paragraph (1) shall not apply to the technical storage of, or access to, information – (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.”
Managing cookies
Most modern browsers allow you to manage cookies saved on your computer. You may wish to accept all cookies or reject all cookies. Google Chrome: To amend the cookies settings:
  1. Click on the Chrome menu.
  2. Select settings.
  3. Click + Show advanced settings at the bottom of the page
  4. Under the Privacy section click the Content settings button
  5. In the Cookies section you are able to change the settings, such as allow cookies, remove all cookies, block third party cookies.
Further, more detailed instructions are available here. Internet explorer 8, 9 and 10
  1. Select the Tools menu (ALT-X)
  2. Select Internet Options
  3. Click the Privacy tab
  4. Move the slider to choose your preferred settings.
  5. For more specialised settings click on the Advanced button, check the Override cookie handling check box and modify the settings to suit your requirements.
Further instruction are available here. Mozilla Firefox
  1. Select Options
  2. Click the Privacy tab
To clear cookies, select the remove individual cookies link. If you want to amend the cookie settings, change the Firefox will drop-down in the History section to Use custom settings for history. Further instructions are available here. Safari
  1. Choose Safari settings menu
  2. Select Preferences
  3. Click the Privacy tab.
  4. In the Block cookies section, specify whether the browser should accept or reject cookies from websites.
  5. If you want to see which websites store cookies on your computer, click Details.
If you set Safari to block cookies, you may need to temporarily accept cookies to open a page. Repeat the above steps, selecting Never in the “Block cookies” section. When you’re done with the page, block cookies again, and then remove the page’s cookies. Further details are available here. Other browsers With new devices being created all the time, including tablets and phones it is not possible to list every browser for every device, the best advice is to consult the manufacturer’s website for further instructions regarding cookies.

Add a comment

Your email address will not be published. Required fields are marked *