How many times every day do you agree to a website’s cookie policy? 10? 20? Probably dozens, not to mention all the cookie policies you’ve agreed to in the past.
But do you know what they actually are?
This post is going to look at what cookies are, how they work, what they do, and why they might not be a great idea.
What are cookies, what cookies do
Cookies are very tiny text files that live on websites. When people visit those sites, these text files are downloaded to their devices. They work in a similar way to a virus, except that websites have to inform their visitors about them and they’re not in any way nefarious.
Cookies cannot carry or execute code, they cannot change a computer, and most importantly they cannot replicate themselves among multiple devices (e.g. they cannot spread).
Here’s how they work.
You visit a website, say
moveableonline.com. When you get there, the web server sends the cookie to your browser, which downloads it to your hard drive and stores it as a text file. Browsers vary, but Chrome lets cookies get up to 4096 bytes.
For some comparison, to stream normal Netflix (not HD), they recommend your broadband goes at
3 megabytes per second. That’s 3,145,728, or 768 cookies per second.
So cookies are very, very small.
Now, once that very small text file is on your computer, every time you revisit that site, your browser goes and gets it and sends it to the server. That allows the server to know who you are and help you much faster than if you’re a new visitor.
One really simple example of this is a site that you log into. Websites use cookies so that if or when you leave, you don’t have to re-enter the authentication information.
Tracking cookies
These are a subcategory of cookie, and are most commonly used in advertising. They work in much the same way, except that instead of just communicating between the server and your browser, it communicates your browsing behaviour to a third party (like an advertiser).
This information has two functions. First, your browsing data is aggregated with others for market analysis. The second function is to allow the third party to follow you and communicate with your browser as you visit other web pages.
Retargeting is a common example of this. For instance, let’s say you visit a website that sells cast iron pans. They’ll install a cookie on your machine. Then, when you’re looking at other sites on the same ad network, like Facebook or a site that uses Google AdWords, that website comes up again. The cookie has communicated your browsing history, and the third party advertiser is using that information to show you sites based on previous behaviour.
Why we use them
The short answer is that they’re extremely useful. They are what make websites and ads on websites display nicely. They’re also the tech that makes sites remembering your preferences possible. Plus, they are tremendously helpful for the user experience.
Have you ever been shopping online only to go and research a purchase before you buy, to come back and have your items still in their shopping cart, ready to go? That’s enabled by cookies. Or have you ever put something into a shopping cart and clicked ‘back to browse’, checking out later with all your items? Cookies again.
Cookies also help reduce the amount of information that servers have to retrieve, so your experience runs faster and servers don’t have to work quite so hard on each I/O request. Therefore, they can make more requests, stretching the hardware further.
There’s also an economic imperative for companies. Retargeting campaigns are much more effective than first time impressions, and cookies let you to get the biggest bang for your buck.
Security and privacy concerns
There, is however, a downside to that
positive user experience. Again, cookies are not executable code, and are simple text files – they can’t change anything on your computer or deploy code. They’re not viruses. However, there are some security and
privacy concerns.
Form fields
Cookies can track and log information that you enter into a form field – for example, credit card information. While that data is protected via SSL certificates from the third party server (e.g. an ad server), it’s still information that the cookie has access to, and thus exposes you to security risks.
Personal information
With tracking cookies, there’s a huge amount of personal information being transacted that isn’t requested. Often it’s not even transparent what information is being used.
Consider the example from before. When you were browsing cast iron pans, there was no explicit agreement that your information and browsing behaviour could be taken and repurposed. But it’s this data that makes AdWords so enormously effective, and thus makes Google so fabulously rich.
Summary
Cookies (for now) are a part of how users experience the internet and all of its wonderful facets. They create the ability to actually browse, and enormously improve the speed and fluency of websites. Basically, cookies are a big part of why the internet has become the tremendously powerful technological juggernaut in our society that it has.
But there’s a downside. Security and privacy are both increasingly important to users, and people are beginning to make purchasing decisions based on company policies. While cookies are essential right now, if a newer technology came along that alleviated those concerns, we think that there might be an opportunity for a cookie rebellion.
