Most people know that there are cookies all over the Internet.

Recent controversies with hackers gathering passwords from user accounts in
Yahoo!, people are becoming more and more cautious of using the internet.

The hackers broke into Yahoo!’s systems, and learned how to forge its website’s
session cookies, this allowed them to log into user accounts without ever typing a
password. Cookies are important and can affect your privacy, so you should know
what they do.

Whether you’re browsing Google or Bing search results, logging into your social
media, or just looking through sites, you’re likely to have come across cookies.
They aren’t naturally harmful but, just like passwords or email addresses, they
can be abused when placed in the wrong hands.

What is a Cookie?

Cookies are text files stored on your computer, and therefore cannot be used to
infect your computer with a virus or allow malicious code to run on your computer.
So cookies are not deemed dangerous, however there may be concerns over privacy.

A cookie is created at the request of the website a user is viewing. The website
requests the web browser create a small text file with a small amount of information,
which it can access whilst you are viewing the website. The information is usually to
provide some functionality such as a shopping cart to enhance the users experience
on the site.

The information saved in a cookie includes the name of the cookie, a value (which
can be a numeric or text value), the domain the cookie is for, the path/page on the
website (if not specified then the cookie is for all pages on the domain), cookie
expiry date and time, if the cookie is HTTP only (ie cannot be accessed by javascript)
and finally if the cookie is secure.

Types of Cookies:

 

How Do Cookies Affect You?

For the most part, cookies are NOT harmful. They’re just another protocol used on
the Internet to facilitate communication between users and servers. Cookies cannot
carry viruses or malware, nor can they transfer such them to other users. Cookies
are actually a necessary part of the Internet experience and they shouldn’t be feared.
For example, deleting your cookies will log you out of sites like Facebook where you
have stored your passwords, to have a quicker log in process. If you like
convenience and personalisation, then cookies are perfect for you.

The worst possible scenario would be the interception or forgery of one of your
cookies, which would allow another user to impersonate you on some website.
This could result in them prying in on your data or hijacking your account
credentials. Cookie security mostly depends on the website and your browser; a
cookie encryption feature, for example, can help protect you from hackers.

A more widespread issue is a specific type of cookie called the ‘tracking’ cookie.
These cookies aren’t used to better your experience. As a substitute, they keep
track of all of your actions on certain websites. These can be used to build
browsing history profiles, which can be used to target specific ads to you. This
is where invasion of privacy comes in.

Cookie security and privacy

The major problem of cookies is the information they contain. When a user connects
to a website that can be personalised, they will be prompted with several questions in
order to build a profile, this information is then stored in a cookie. Depending on the
website, the manner in which this data is stored could end up being damaging to the
user.

For example an online sales site could collect information on users’ preferences by
means of a questionnaire, so that they can suggest items that would be of interest to
users. Such as knowing that a user is male or female, a site can direct the user the
appropriate department to save time (and most importantly sell more). If in addition,
the user indicates in his profile that he plays tennis, the site will suggest to him a
personalised selection of the latest items regarding that subject.

A cookie is therefore a way to create a link between the user’s session (browsing
certain pages of a website for a certain amount of time) and the data relating to the
user. Ideally, a cookie should contain a random chain (session identification),
which is unique and difficult to decipher, and valid only for a given period of time.
Only the server should be able to associate the user’s preferences with the session
identifier. Therefore, when the session cookie expires, it becomes useless and
should not contain any information relating to the user.

The cookie should never contain direct user information, and its lifespan should be
as close as possible to the duration of the user’s session.

Instead, the data stored in the cookie is sent to the server, to the database where the
user entered their data (except the IP address and the browser ID which is
automatically transmitted to the server). As a result, the cookie should never contain
user information that the user hasn’t given himself, nor information on contents of
the computer, in other words, the cookie should not collect information from the
user’s computer.

You should always refuse to give personal information to a website that does not seem
legitimate, it has no right to collect your personal information, However even though
a cookie is not a dangerous file in itself if it is well designed and if the user does not
provide personal data.

Cookie Uses

Cookies are used on websites to provide enhanced functionality on improve the users
experience.

Examples of website cookie use include:

  • An online store can record items in your shopping cart whilst you are browsing
    the store.
  • A website can display different content, if you have never visited a site before.
    Many sites show a cookie warning on first visit to a website.
  • Allow a website to save any preferences set by a user, so that next time the settings
    don’t need to be set again, e.g. is setting your hometown on a weather website.
  • Can tracking browsing habits. An online store can suggest more useful additional
    items to buy, based on the previous pages visited.
  • It remembers your login details, so you do not need to repeat typing in your user
    name and password every time to visit the site (or view different pages on a site).

Browser cookies – How to use them to your advantage. Whether you’re browsing Google or Bing search results, logging…

Posted by Certa Hosting on Tuesday, 25 April 2017

Cookie law

UK Regulations

Recently all EU countries introduced new rules about the use of cookies on websites,
this was an amended E-Privacy Directive of 2009. Each EU country then were
require to amend their laws accordingly.

The UK introduced the amendments on 25 May 2011 through The Privacy and
Electronic Communications (EC Directive) (Amendment) Regulations 2011. The
relevant section is below:

“6. – (1) Subject to paragraph (4), a person shall not store or gain information, or to
gain access to information stored, in the terminal equipment of a subscriber or user
unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment-

(a) is provided with clear and comprehensive information about the purposes of the
storage of, or access to, that information; and

(b) has given his or her consent.

(3) Where an electronic communications network is used by the same person to store
or access information in the terminal equipment of a subscriber or user on more than
one occasion, it is sufficient for the purposes of this regulation that the requirements
of paragraph (2) are met in respect of the initial use.

(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who
amends or sets controls on the internet browser which the subscriber uses or by using
another application or programme to signify consent.

(4) Paragraph (1) shall not apply to the technical storage of, or access to, information –

(a) for the sole purpose of carrying out the transmission of a communication over an
electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information
society service requested by the subscriber or user.”

Managing cookies

Most modern browsers allow you to manage cookies saved on your computer. You may
wish to accept all cookies or reject all cookies.

Google Chrome:

To amend the cookies settings:

  1. Click on the Chrome menu.
  2. Select settings.
  3. Click + Show advanced settings at the bottom of the page
  4. Under the Privacy section click the Content settings button
  5. In the Cookies section you are able to change the settings, such as allow cookies,
    remove all cookies, block third party cookies.

Further, more detailed instructions are available here.

Internet explorer 8, 9 and 10

  1. Select the Tools menu (ALT-X)
  2. Select Internet Options
  3. Click the Privacy tab
  4. Move the slider to choose your preferred settings.
  5. For more specialised settings click on the Advanced button, check the Override
    cookie handling
     check box and modify the settings to suit your requirements.

Further instruction are available here.

Mozilla Firefox

  1. Select Options
  2. Click the Privacy tab

To clear cookies, select the remove individual cookies link.

If you want to amend the cookie settings, change the Firefox will drop-down in the History section
to Use custom settings for history.

Further instructions are available here.

Safari

  1. Choose Safari settings menu
  2. Select Preferences
  3. Click the Privacy tab.
  4. In the Block cookies section, specify whether the browser should accept or reject
    cookies from websites.
  5. If you want to see which websites store cookies on your computer, click Details.

If you set Safari to block cookies, you may need to temporarily accept cookies to open a
page. Repeat the above steps, selecting Never in the “Block cookies” section. When you’re
done with the page, block cookies again, and then remove the page’s cookies.

Further details are available here.

Other browsers

With new devices being created all the time, including tablets and phones it is not possible
to list every browser for every device, the best advice is to consult the manufacturer’s website
for further instructions regarding cookies.