What Are Tracking Cookies and How They Threaten Your Privacy


What do Cookies Do?

A cookie is the term given to describe a type of message that is given to a Web browser by a Web server. The main purpose of a cookie is to identify users and possibly prepare customized Web pages or to save site login information for you.

When you enter a Web site using cookies, you may be asked to fill out a form providing personal information; like your name, e-mail address, and interests. This information is packaged into a cookie and sent to your Web browser, which then stores the information for later use. The next time you go to the same Web site, your browser will send the cookie to the Web server. The message is sent back to the server each time the browser requests a page from the server. A Web server has no memory so the hosted Web site you are visiting transfers a cookie file of the browser on your computer’s hard disk so that the Web site can remember who you are and your preferences. This message exchange allows the Web server to use this information to present you with customized Web pages. So, for example, instead of seeing just a generic welcome page you might see a welcome page with your name on it.

Types of Cookies

Session cookie

Also called a transient cookie, a cookie that is erased when you close the Web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from your computer. They typically will store information in the form of a session identification that does not personally identify the user.

Persistent cookie

Also called a permanent cookie, or a stored cookie, a cookie that is stored on your hard drive until it expires (persistent cookies are set with expiration dates) or until you delete the cookie. Persistent cookies are used to collect identifying information about the user, such as Web surfing behavior or user preferences for a specific Web site.

What Information Does a Cookie Store?

For the most part a cookie will contain a string of text that contains information about the browser. To work, a cookie does not need to know where you are from, it only needs to remember your browser. Some Web sites do use cookies to store more personal information about you. However, this can be done only if you yourself have provided the Web site with that personal information. Legitimate Web sites will encrypt this personal information stored in the cookie to prevent unauthorized usage by another party with access to your cookie folder.

Cookies have six parameters that can be collected and transferred / send:

    The name of the cookie.
    The value of the cookie.
    The expiration date of the cookie – this determines how long the cookie will remain active in your browser.
    The path the cookie is valid for – this sets the URL path the cookie us valid in. Web pages outside of that path cannot use the cookie.
    The domain the cookie is valid for. This makes the cookie accessible to pages on any of the servers when a site uses multiple servers in a domain.
    The need for a secure connection – this indicates that the cookie can only be used under a secure server condition, such as a site using SSL.

 What are Malicious Cookies or tracking cookie?

Cookies normally do not compromise security, but there is a growing trend of malicious cookies. These types of cookies can be used to store and track your activity online. Cookies that watch your online activity are called malicious or tracking cookies. These are the bad cookies to watch for, because they track you and your surfing habits, over time, to build a profile of your interests. Once that profile contains enough information there is a good chance that your information can be sold to an advertising company who then uses this profile information to target you with interest specific adverts. Many antivirus programs today will flag suspicious spyware or adware cookies when scanning your system for viruses.

Since you’ve likely never had to deal with cookies beyond emptying out your browser cache to free up hard-drive space, it’s easy to see how a hidden tracking cookie could be installed without your knowledge and be monitoring your activities right now.

What do tracking cookies do differently?

A tracking cookie takes the regular cookie process one step further and sends a log of your online activities, usually tied to your Internet Protocol (IP) address, to a remote database for analysis. Many tracking cookies are benign and want only to use your information, along with the data of millions of other anonymous users, for marketing analysis.

However, some cookies are designed by programmers to send specific user information, which can include names and addresses, out to the tracker host.

If the host recognizes a cookie on the browser whenever an ad or page is loaded, it can send the record of your visit to the logs and more precisely target you with ads geared to your next visit. Some ads will even address you by name and mention your location.

To many Web users, such practices are an invasion of privacy, and naturally lead to concerns about whom the ad companies are sharing personal data with.

The federal government is moving forward with a “Do Not Track” proposal that would let people control exactly what they divulge online. Most Web browsers have made Do Not Track an optional feature that users can switch on, but most websites don’t.

Viewing & Removing Cookies

Cookies are stored by the Web browser on your system’s hard drive, and you can view them to see which Web sites that you visit are associated with your cookie files.

Google Chrome
Click on the “Tools” menu and select “Options”.
Click the “Under the Bonnet” tab, locate the “Privacy” section and click the “Clear browsing data” button.
Select “Delete cookies and other site data” to delete all cookies from the list (alternatively, you can remove all cookies created within a specific time period by selecting the period you want from the dropdown list).
Select “Clear browsing history” to delete traces of which websites you’ve visited.
Select “Clear download history” to delete records of which files and programs you’ve downloaded.
Select “Empty the cache” to delete cached website pages.
You can also delete saved passwords (which log you into websites) and saved form data (such as your name and address).
Then click on the “Clear browsing data” button.
Click on the Close button when you’ve finished.
Edge (windows 10)
Select the … icon in the top right corner of the browser window to get to the settings menu.
NOTE: You can also access this menu by holding Ctrl + Shift + Delete. By using this shortcut you may skip down to step 3.
In the settings menu, towards the bottom, click on Choose what to clear.
Select Cookies and saved website data and Cached data and files. After the two are marked click on clear.
Internet Explorer
On the Start screen, tap or click Internet Explorer to open Internet Explorer.
Swipe in from the right edge of the screen, and then tap Settings.
(If you’re using a mouse, point to the lower-right corner of the screen, move the mouse pointer up, and then click Settings.)
Tap or click Options, and then, under History, tap or click Select.
Select the Cookies check box, and then tap or click Delete.
Mozilla Firefox
Click on Tools, then Options (or Edit | Preferences on Linux)
Select Privacy
In the Cookies panel, click on Show Cookies
To remove a single cookie click on the entry in the list and click on the Remove Cookie button
To remove all cookies click on the Remove All Cookies button
To delete all cookies at the end of every session, select it in the privacy settings under Tools > Preferences.
Click on Manage cookies to delete specific cookies or cookies from specific domains.
To delete all cookies immediately, go to Delete private data on the Tools menu.

 First and Third-Party Cookies

When choosing a privacy setting in your browser, two terms you will see are “first-party cookies” and “third-party cookies”. First party cookies are those cookies that originate from (or be sent to) the Web site you’re currently viewing. These types of cookies usually will contain information about your preferences for that particular Web site. These cookies are usually Third-party cookies originate from (or will be sent to) a Web site that is not the site you are visiting. For example, if the Web site you are on using third-party advertising those third-party advertising Web sites may use a cookie to track your Web habits for marketing purposes.

While some may simply choose to block all cookies, it can make Web surfing difficult if you do this. For example if you shop online, many e-commerce shopping carts that have been implemented with cookies will not work. Sites you frequently visit which enable you to personalize content also will not show your preferences when you visit if you delete or disable that cookie.

Most cookies, despite some misconceptions, are legitimate files and will not invade your privacy. Once you get in the habit of reviewing the cookies associated with your browser and manage them on your own by way of deleting malicious cookies or trying different browser privacy settings, you can still keep the good cookies that make surfing a breeze, yet keep the bad cookies that may be tracking your surfing habits off your system.
Did You Know…? – The name cookie derives from UNIX objects called magic cookies. These are tokens that are attached to a user or program and change depending on the areas entered by the user or program.

Key Terms to Understanding Cookies:
CookieA message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server.
Session cookieAlso called a transient cookie, a cookie that is erased when you close the Web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed.
Persistent cookieAlso called a permanent cookie, or a stored cookie, a cookie that is stored on your hard drive until it expires (persistent cookies are set with expiration dates) or until the user deletes the cookie.

here are some of the options to make your browsing more safe and untraceable.

Tor Browser Bundle
Tor (originally short for The Onion Router) began life as a US Navy project for anonymized online activity, but is now in used by a wide range of people including those in the military, journalists, bloggers, activists (and yes, sometimes, criminals). Tor makes communications harder to trace through traffic analysis by routing your internet activity through a series of network nodes, with each node ignorant of the whole route from beginning to end. There are tradeoffs though, mainly in terms of speed, as the extra routing will slow down the transmission. The Tor Browser Bundle is a package that contains an easy to use and install portable browser and the required software to connect that browser to the Tor network. The whole thing allows for anonym zed online activity. It’s not perfect, as Tor itself will point out in their website, but combined with smart browsing habits, it can reduce your exposure online.

Concerned that Google knows too much about you? Do you believe that the filter bubble limits your searches and keeps you insular in the online search world? DuckDuckGo is an anonymized search provider that keeps no records and logs of your searches. DuckDuckGo has been touted as a more private alternative to Google as a search tool. You lose out on customized results and advertising tailored to your interests and previous searches, but then again, that’s the whole point of using anonymized search, isn’t it?

HTTPS Everywhere
HTTPS Everywhere is a Firefox and Chrome extension produced as part of collaboration between the Tor Project and the Electronic Frontier Foundation. HTTPS Everywhere helps encrypt your online browsing and communications by rewriting HTTP link requests to HTTPS when within a whitelist of sites that support HTTPS. This at least ensures that, when a site supports HTTPS, you’re using the more secure means of communication.

DoNotTrackMe (Chrome, Firefox)
Do Not Track Me (formerly known as Do Not Track Plus) is another tool for detecting and blocking trackers, cookies, and other means by which online companies, social networks, and advertisers track your internet usage. Do Not Track Me displays which organizations and companies are tracking you and allows you to block all tracking, or selectively eliminate or whitelist particular trackers.

Ghostery (Chrome, Firefox)
Ghostery is a free browser privacy extension that allows users to quickly and easily detect and block web trackers that advertisers, media companies, and social networks use to tag your movements across the web. In addition, Ghostery allows you to look up more information about companies and sites using these tracking methods, as well as providing links to their privacy policies and opt-out options. It may require a bit of tinkering, but if you’re conscious about your online privacy, Ghostery is a great add-on for your browser.

Many popular websites like Facebook do what they can because of a popular scripting language called Javascript (JS). The problem is that JS also makes much online vulnerability like cross-site scripting (XSS) possible, letting scammers trick unsuspecting web users into revealing personal information. NoScript is a security filter that stops these attacks cold, by taking a closer look at how JS runs on the websites you visit.

As NoScript is to Firefox, so NotScripts is to Google Chrome. NotScripts provides the user with extra control over javascript, iframes, and other plugins to your Chrome session, potentially minimizing your exposure to malicious online code. The add-on includes support for white-listing sites that you trust in order to allow scripting, while blocking everything else.

2 thoughts on “What Are Tracking Cookies and How They Threaten Your Privacy

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Up ↑

%d bloggers like this: