What are cookies and should I delete them?

What are cookies and how are they useful?

What are cookies?

There are well over 1 billion websites on the World Wide Web as of 2024, and while the vast majority of them are inactive (over 80%), that still leaves over 200 million websites that are actively maintained and interacted with^[1]. As soon as you enter one of them, you can register for an account, add items to your cart, and interact with it in so many other ways.

Once you return to the same site, however, all your preferences will be saved, and each site will remember them for a very long time. If you wonder how that is possible, the answer is cookies, otherwise known as internet cookies or HTTP cookies.

Cookies are tiny files stored on one's machine and created by web browsers. They are extremely useful not only for eCommerce websites but also for visitors themselves. Without cookies, they would have to enter their login information each time they access the site or lose all the shopping cart items if they were not purchased from any online shopping portal. Thus, cookies are generally a good thing that is useful for both users and website owners, as they can help with a customized experience.

Most people do not even care about cookies and simply browse the web without putting too much thought into it – there is no need to know how websites remember some of their information. Despite this, there are so many more peculiarities that surround these puny items, which leads to multiple misconceptions about them. One of the most common questions is “Should I delete cookies?” – and we are here to answer it.

Tracking cookies and privacy concerns

The most commonly used cookies come from the server that the website is hosted on – these are generally used to remember your login information, shopping cart details, and other preferences – these are known as first-party cookies. Each of such created cookies can only be read by the website, which creates it, meaning that no other websites can uncover your information.

However, when you access any website, you might acquire a tracking cookie from third-parties generated via JavaScript – a type of technology that is used for tracking your clicks, the site you previously visited, installed extensions, your geographical location, and other anonymous, otherwise known as non-personally identifiable, information.

Third-party cookies can actually help users find products or services they are interested in. For example, if you recently ordered contact lenses online, you might see an ad that offers eye correction surgery; if you recently bought a new pair of RAM sticks, you are likely to see ads that promote other computer parts.

In other words, tracking cookies can greatly help you to find items you have been looking for much quicker and even with discounts – which is always nice for a new purchase.

Despite the usefulness of tracking cookies, there have been serious concerns about users' privacy. For many years, information about users has been tracked even without them knowing, and only in the past decade, were steps from official agencies taken in order to make it more clear who, how, and for how long is storing information about them.

The most recent regulation that advocates users' rights was implemented in Europe – it is known as GDPR (General Data Protection Regulation),^[2], which replaced the previously used Data Protection Directive. Since the implementation on May 25, 2018, all websites that are accessible to European Union users are meant to adequately inform them about cookies, data collection, and the right to withdraw the information at any time. In the U.S., the Federal Trade Commission (FTC) is one of the main regulatory bodies that enforce adequate consumer privacy laws.^[3]

Despite these regulations, there are still millions of websites that do not adequately inform users about their data collection, and sell this information to third-parties for profits.

Cookie-stealing malware and data breaches are real threats to many users

One of the greatest misconceptions about cookies is whether these tiny files can be malicious. Despite their data-gathering nature, the short answer is no – HTTP cookies are just tiny text files that do not hold any malicious code within them – cookies are not bad, per se. Besides, a cookie can carry some personal information only if it is provided on the visited website – this data is most commonly encrypted as a precautionary measure.

Even though cookies have no connection to malware in any way, they can be stolen by cybercriminals with the help of malware designed for that precise purpose. Despite this, there are claims on the internet that being scared of cookie theft is simple paranoia.^[4] Although, we strongly disagree, and so do the experts working in the cybersecurity field.

Security researchers from Kaspersky, who discovered Android malware Cookiethief in March, claimed that hackers can bypass usual identification measures without password or login data, thanks to the stolen unique ID:^[5]

How can stealing cookies be dangerous? Besides various settings, web services use them to store on the device a unique session ID that can identify the user without a password and login. This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter’s account for personal gain.

In February of the same year, Palo Alto Networks Unit 42 security experts discovered Mac-based malware dubbed Cookieminer, which was designed to steal browsing cookies related to cryptocurrency wallets.^[6] This would allow the attackers to access funds held in particular cryptocurrency wallets and transfer them elsewhere, leaving victims with nothing.

To mitigate hacking attempts, users should immediately patch all the software on their devices and employ robust anti-malware software that could protect them from unauthorized intrusions.

While malware has to reside on users' devices in order to steal cookie-related information, data breaches are also a relatively common occurrence. They happen when corporations and businesses do not comply with the security requirements and fail to protect consumer information. For example, in 2015, internet giant Yahoo suffered a massive data breach, which compromised the data of 32 million users, which allowed hackers to bypass the authentication process for their accounts.^[7]

How often should you delete cookies and will it wipe your passwords?

As previously mentioned, cookies are not bad and can help to improve your online experience, and yet many experts advise users to delete cookies from time to time. However, doing so each time you close your browser can be exhausting (although this can be automated), and can negatively impact your browsing experience. If you choose to completely block all cookies, some websites might straight out break or not work properly.

Third-party cookies can remain on your web browser for a very long time – as long as 540 days once they are implemented, there are no technical limits on how long the cookie can last, however.^[8] That means that every website you visit can track your browsing information as long as those cookies are present on your browser.

However, privacy is not the only reason why you should delete cookies. Other reasons include:

Website(s) is not loading correctly
You logged in to one of your accounts on a public network/computer;
You changed your password for one of your accounts;
Your browser is slow due to cached files and cookies.

There is no particular time frame on how often you should delete cookies, however, as it highly depends on various factors. For example, if you only visit a few trusted websites and rarely browse unknown sites, you might only need to clear cookies once a year for maintenance purposes. On the contrary, if you are surfing a lot on a daily basis, you should take care of cookie removal much more often, e.g., once a month.

Many users believe that deleting cookies will result in a total wipe of all their preferences, including installed extensions, passwords, etc. This is not true, however, and “recovery” from deleted cookies is nothing to be worried about. In other words, cookie and even site data deletion are not the same as browser reset.

If you want to delete cookies on Mac, the process will not differ from that on windows, as the process is related to the web browser, rather than the operating system. So, if you want to delete cookies on Mac, you will have to check your Safari or Chrome web browser instead.

An easier way to take care of cookies and protect your privacy

If you are using several browsers, tracking everything related to cookies and other data on them might be annoying and time-consuming. Besides, it may be a difficult task for users who are not too tech-savvy. Therefore, we would like to recommend an automatic solution for this – FortectMac Washing Machine X9. This software can not only serve as a diagnostic, maintenance, and repair tool for your computer but also take care of your privacy.

All you have to do is download the application and run a scan. Once complete, it will display the issues that could be fixed automatically within these sections – Stability, Security, Registry, Junk files, Privacy.

If you continue using Reimage and performing scans from time to time, you will ensure that your ISP, websites, and third-parties will not be able to track you anymore, thus your privacy will be drastically improved.

Block third-party cookies

As mentioned above, third-party cookies are implemented to track your online activities. If you find this activity unacceptable and intrusive, there is an easy, easy way to prevent the tracking completely – all you have to do is access your web browser settings. Warning: enabling this could break the functionality of some websites.

Block cookies on Google Chrome

Go to menu and select Settings.
Find Privacy and security section and pick Third-party cookies.
Under Default behavior, pick Block third-party cookies.

Block cookies on Mozilla Firefox

Go to Menu and pick Settings.
Select Privacy & Security.
Under Enhanced Tracking Protection, select Custom.
Click on the drop-down menu next to Cookies and pick All cookies.

Block cookies on MS Edge (Chromium)

Click on Menu and pick Settings.
Select Cookies and Site permissions.
In the Cookies and site data section, enable the Block third-party cookies setting.

Block cookies on Safari

Go to Safari and select Preferences.
Click on Privacy.
Select Prevent cross-site tracking.

About the author

Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions

References

^ Top Website Statistics For 2024. Forbes. Business Magazine.
^ General Data Protection Regulation. Wikipedia. The free encyclopedia.
^ USA: Data Protection Laws and Regulations 2020. ICLG. Legal advice.
^ Fact and Fiction: The Truth About Browser Cookies. Lifehacker. Do everything better.
^ Anton Kivva, Igor Golovin. Cookiethief: a cookie-stealing Trojan for Android. SecureList. Kaspersky security blog.
^ Lucia Danes. https://www.2-spyware.com/new-mac-malware-cookieminer-is-capable-of-stealing-crypto-wallet-data. 2-spyware. Cybersecurity news and articles.
^ Asha Barbaschow. Yahoo says 32m user accounts were accessed via cookie forging attack. ZDNet. Breaking news, analysis, and research.
^ Free website tracking audit: try Cookiebot's cookie checker. Cookiebot. ePrivacy Solution.

Read in other languages

• Español
• Français
• Polski
• Deutsch