What are cookies and should I delete them?

by Ugnius Kiguolis - -

What are cookies and how are they useful?

What are cookies?

There were almost two billion websites in the world wide web in 2019,[1], and the number is increasing exponentially. As soon as you enter one of them, you can register for an account, add items to your cart, and interact with it in so many other different ways. Once you return to the same site, however, all your preferences will be saved, and each of the sites will remember them for a very long time. If you wonder how that is possible, the answer is cookies, otherwise known as internet cookies or HTTP cookies.

Cookies are tiny files that are stored on one's machine and created by web browsers. They are extremely useful not only for eCommerce websites but also for visitors themselves. Without cookies, they would have to enter their login information each time they access the site or lose all the shopping cart items if they were not purchased from any online shopping portal. Thus, cookies are generally a good thing that is useful for both users and website owners, as they can help with a customized experience.

Most people do not even care about cookies and simply browse the web without putting too much thought into it – there is no need to know how websites remember some of their information. Despite this, there are so many more peculiarities that surround these puny items, which leads to multiple misconceptions about them. One of the most asked questions is “Should I delete cookies?” – and we are here to answer it.

Tracking cookies and privacy concerns

The most commonly used cookies come from the server that the website is hosted on – these are generally used to remember your login information, shopping cart details, and other preferences – these are known as first-party cookies. Each of such created cookies can only be read by the website, which creates it, meaning that no other websites can uncover your information. 

However, when you access any website, you might acquire a tracking cookie from third-parties generated via JavaScript  – a type of technology that is used for tracking your clicks, the site you previously visited, installed extensions, your geographical location, and other anonymous, otherwise known as non-personally identifiable, information.

Third-party cookies can actually help users to find products or services they are interested in. For example, if you recently ordered contact lenses online, you might see an ad that offers eye correction surgery; if you recently bought a new pair of RAM sticks, you are likely to see ads that promote other computer parts.

In other words, tracking cookies can greatly help you to find items you have been looking for much quicker and even with discounts – which is always nice for a new purchase.

Despite the usefulness of tracking cookies, there have been serious concerns about users' privacy. For many years, information about users has been tracked even without them knowing, and only in the past decade, the steps from official agencies were taken in order to make it more clear who, how, and for how long is storing information about them.

The most recent regulation that advocates users' rights were implemented in Europe – it is known as GDPR (General Data Protection Regulation),[2], which replaced the previously used Data Protection Directive. Since the implementation on May 25, 2018, all websites that are accessible to European Union users are meant to adequately inform them about cookies, data collection, and rights to withdraw the information at any time. In the U.S., the Federal Trade Commission (FTC) is one of the main regulatory bodies that enforce adequate consumer privacy laws.[3]

Despite these regulations, there are still millions of websites that do not adequately inform users about their data collection, and sell this information to third-parties for profits.

Cookie-stealing malware and data breaches are real threats to many users

One of the greatest misconceptions about cookies is whether these tiny files can be malicious. Despite their data-gathering nature, the short answer is no – HTTP cookies are just tiny text files that do not hold any malicious code within them – cookies are not bad, per se. Besides, a cookie can carry some personal information only if it is provided on the visited website – this data is most commonly encrypted as a precautionary measure.

Even though cookies have no connection to malware in any way, they can be stolen by cybercriminals with the help of malware designed for that precise purpose. Despite this, there are claims on the internet that being scared of cookie theft is simple paranoia.[4] Although, we strongly disagree, and so do the experts working in the cybersecurity field.

Security researchers from Kaspersky, who discovered Android malware Cookiethief in March, claiming that hackers can bypass usual identification measures without password or login data, thanks to the stolen unique ID:[5]

How can stealing cookies be dangerous? Besides various settings, web services use them to store on the device a unique session ID that can identify the user without a password and login. This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter’s account for personal gain.

In February same year, Palo Alto Networks Unit 42 security experts discovered Mac-based malware dubbed Cookieminer, which was designed to steal browsing cookies related to cryptocurrency wallets.[6] This would allow the attackers to access funds held in particular cryptocurrency wallets and transfer them elsewhere, leaving victims with nothing.

To mitigate hacking attempts, users should immediately patch all the software on their devices and employ robust anti-malware software that could protect them from unauthorized intrusions.

While malware has to reside on users' devices in order to steal cookie-related information, data breaches are also a relatively common occurrence. They happen when corporations and businesses do not comply with the security requirements and fail to protect consumer information. For example, in 2015, internet giant Yahoo suffered a massive data breach, which compromised the data of 32 million users, which allowed hackers to bypass the authentication process for their accounts.[7]

How often should you delete cookies and will it wipe your passwords?

As previously mentioned, cookies are not bad and can help to improve your online experience, and yet many experts advise users to delete cookies from time to time. However, doing so each time you close your browser can be exhausting (although this can be automated), and can negatively impact your browsing experience. If you choose to completely block all cookies, some websites might straight out break or not work properly.

Third-party cookies can remain on your web browser for a very long time – as long as 540 days once they are implemented, there are no technical limits on how long the cookie can last, however.[8] That means that every website you visited can track your browsing information as long as those cookies are present on your browser.

However, privacy is not the only reason why you should delete cookies. Other reasons include:

  • Website(s) is not loading correctly
  • You logged in one of your accounts on a public network/computer;
  • You changed your password for one of your accounts;
  • Your browser is slow due to cached files and cookies.

There is no particular time frame on how often you should delete cookies, however, as it highly depends on various factors. For example, if you only visit a few trusted websites and rarely browse unknown sites, you might only need to clear cookies once a year for maintenance purposes. On the contrary, if you are surfing a lot on a daily basis, you should take care of cookie removal much more often, e.g., once a month.

Many users believe that deleting cookies will result in a total wipe of all their preferences, including installed extensions, passwords, etc. This is not true, however, and “recovery” from deleted cookies is nothing to be worried about. In other words, cookie and even site data deletion are not the same as browser reset.

If you want to delete cookies on Mac, the process will not differ from that on windows, as the process is related to the web browser, rather than the operating system. So, if you want to delete cookies on Mac, you will have to check your Safari or Chrome web browser instead.

Block third-party cookies

As mentioned above, third-party cookies are implemented to track your online activities. If you find this activity unacceptable and intrusive, there is an easy, easy way to prevent the tracking completely – all you have to do is access your web browser settings. Warning: enabling this could break the functionality of some websites.

Block cookies on Google Chrome

  • Go to menu and select Settings
  • Find Privacy and security section and pick Cookies and other site data
  • Under General settings, pick Block third-party cookies

Block cookies on Mozilla Firefox

  • Go to Menu and pick Options
  • Select Privacy & Security
  • Under Enhanced Tracking Protection, select Custom
  • Click on the drop-down menu next to Cookies and pick All third-party cookies

Block cookies on MS Edge (Chromium)

  • Click on Menu and pick Settings
  • Select Site permissions
  • Pick Cookies and site data
  • Turn on Block third-party cookies

Block cookies on Safari

  • Go to Safari and select Preferences
  • Click on Privacy
  • Select Prevent cross-site tracking
About the author
Ugnius Kiguolis
Ugnius Kiguolis - The problem solver

Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.

Contact Ugnius Kiguolis
About the company Esolutions

References


Your opinion regarding What are cookies and should I delete them?