More Information About Cookies

What is a cookie?

Cookies are very small text files that are stored on your computer when you visit some websites.

Cookies help identify your computer so a website can tailor a user’s experience, track shopping basket contents and remember where you are in the order process.

What They Store

Cookies do not usually store sensitive information about you, such as credit card or bank account information, photographs, your ID or personal information, etc. The data stored are technical, personal preferences, content personalization, etc.

The web server does not associate you as a person, but your web browser. In fact, if you regularly browse with Internet Explorer and try to browse the same web with Firefox or Chrome you will see that the web does not realize that you are the same person because it is actually associating the browser, not the person.

Types of Cookies

  • First Party Cookies: One of the key attributes of a cookie is its ‘Host’ – this is the domain name of the site that ultimately sets the cookie. Only the host domain can retrieve and read the contents of the cookie once it has been set. If the host name is the same as the domain in the browser address bar when it is set or retrieved, then it is a First Party Cookie. First party cookies are only set or retrieved by the website while you are visiting it, so they cannot normally be used to track activity or pass data from one site to another. However the owner of that website can still collect data through their cookies and use that to change how the website appears to the user, or the information it displays. Of course they can also collect the data and use it outside their website, and even sell it on to other organisations. However, if they do this it must be explained in the site’s privacy policy. Most desktop browsers allow you to see a list of the cookies that have been set – and they will normally be listed by the host domain value.
  • Third Party Cookies: If the host domain for a cookie is different to the one in the browser bar when it was downloaded, then it is a third party cookie. They are usually placed in a website via scripts or tags added into the web page. Sometimes these scripts will also bring additional functionality to the site, such as enabling content to be shared via social networks. Online advertising is the most common use of third party cookies. By adding their tags to a page, which may or may not display adverts, advertisers can track a user (or their device) across many of the websites they visit. This allows them to build up a ‘behavioural profile’ of the user, which can then be used to target them with online ads based around their ‘calculated’ interests. Use of cookies for this purpose is often seen as intrusive and an invasion of privacy. Such activity is one of the drivers behind the development of new privacy laws, especially the EU Cookie Law.
  • Session Cookies: Session Cookies are only stored temporarily in the browser’s memory, and are destroyed when it is closed down, although they will survive navigating away from the website they came from. If you have to login to a website every time you open your browser and visit it – then it is using a session cookie to store your login credentials. Many websites use session cookies for essential site functions, and to make sure pages are sent to the browser as quickly and efficiently as possible.
  • Persistent Cookies: are created by giving them an expiry date. If that expiry date is reached, it will be destroyed by the computer. If the expiry date is not set then it is automatically a session cookie. Persistent cookies are also used to track visitor behaviour as you move around a site, and this data is used to try and understand what people do and don’t like about a site so it can be improved. This practice is known as Web Analytics. Since Google started providing its own analytics technology free of charge to website owners, almost all websites use some form of it – although there are also paid-for services available to rival Google’s. Analytics cookies are probably the most common form of persistent cookies in use today.
  • Secure Cookies: are only transmitted via HTTPS – which you will typically find in the checkout pages of online shopping sites. This ensures that any data in the cookie will be encrypted as it passes between the website and the browser. As you might imagine – cookies that are used by e-commerce sites to remember credit card details, or manage the transaction process in some way, would normally be secure, but any other cookie might also be made secure.

 

  • HTTPOnly Cookies: When a cookie has an HTTPOnly attribute set, the browser will prevent any client script in the page (like JavaScript) from accessing the contents of the cookie. This protects it from so-called cross-site-scripting (XSS) attacks, where a malicious script tries to send the content of a cookie to a third party website.

What Happens if Cookies are Disabled?

To understand the consequences of disabling cookies, we will show you some examples:

  •  You can not share content of this site on Facebook, Twitter or any other social network.
  • The web site will not adapt content to your personal preferences, as often happens in online stores.
  • You can not access the personal area of ​​the web, such as My Account, or My Profile or My orders.
  • Online stores: It will be impossible to buy online, you will need to order by calling or visiting the physical store if there is one.
  • Not be possible to customize your geographic preferences as time zone, currency or language.
  • The website can not perform web analytics about visitors and web traffic, making it difficult to be competitive anywhere.
  • You can not write on the blog, you can not upload photos, post comments, evaluate or rate content. The web may not know whether you are a human or an automated application that publishes spam.
  • No advertising may be personalised, which will reduce the web advertising revenue.
  • All social networks use cookies, if disabled you can not use any social network.

Almost all modern browsers provide ways for you to control how your computer handles cookies. This includes the ability to block all or different types of cookies – and preventing them from being placed on your machine in the first place. They also enable you to delete the cookies that you already have. However each browser is different – and some offer more fine-grained control than others, or at least control that is easier to find. Anyone wishing to take better control over their online privacy would be well advised to spend some time familiarising themselves with the controls in their browser. However, below we provide a bit of an overview for the most common browsers.

Browsers are of course found on smartphone and tablets as well as traditional computers. Generally speaking smartphone browsers do not provide anywhere near the level of functionality in respect of cookie controls that ones on your PC or laptop do. However this is changing quickly so it is worthwhile trying to find out what controls you can make use of.

Google Chrome

Google Chrome provides quite a good level of control over cookies. These can be found under the ‘Settings’ menu, which you can get to by clicking on the spanner icon in the top right hand corner.

Under ‘Advanced Settings’ you can find a section dedicated to Privacy, which includes being able to clear your browsing history – which has several settings options, including deleting all your cookies.

You can also use Chrome to send a ‘Do Not track’ signal to the websites you visit.

However, the ‘Content Settings’ button also gives access to further controls including the ability to list all cookies and delete them individually. This list also includes HTML5 local storage and databases that modern sites sometimes use instead of cookies.

FireFox

With Firefox you get to the cookie settings by clicking in the menu box in the top left hand corner and selecting ‘Options’. On the pop-up, then select the ‘Privacy’ icon.

With Firefox you can tick a box that tells every website you visit that you do not want to be tracked. This functionality is known as Do Not Track (DNT), however there is no guarantee at the moment that a website will respect that request – and there are no legal requirements for them to do that.

You can also set your preferences for what Firefox will record of your browsing history, including the way it treats cookies. For example, you can choose to accept third party cookies, but have them deleted when you close the browser. Like with Chrome you can also see a list of all the cookies saved and either delete them all or delete just the ones you don’t like.

More recently, the Mozilla foundation have announced that newer releases of Firefox, most likely from June 2013 onwards, will block third party cookies by default.

Internet Explorer

In most recent versions of Internet Explorer you select the cog icon in the top right corner, choose ‘Internet Options’ from the drop down menu, then select the ‘Privacy’ tab in the pop-up that appears.

IE uses a slider control which you can use to select different levels of privacy, although you can also select the ‘Advanced’ button for a more custom setting for allowing or blocking first and third party cookies.

It also enables you to create lists of sites where you always want to allow or block cookies. However it does not give you the ability to list the cookies you have, or selectively delete them, through this menu.

To do that – you have to use the ‘Developer Tools’, which you can get to either from the cog icon, or by hitting the F12 button on your keyboard. Then select the ‘cache’ menu and view or clear cookies options in the drop down. The problem with this is that have to be on the site in question to do this, and it is not particularly user friendly – most people would be put off by the idea of using the developer tools, because they are not developers!

Under the Internet Options>General tab you also have a tick box that you can set to delete your browsing history when you shut it down. Ticking this will mean all your cookies are deleted when you close your browser.

From Internet Explorer 10 onwards, Microsoft introduced Do Not Track functionality. This will usually have been switched on by default when the browser was first installed. To check your own settings, go to Internet Options>Advanced. Scroll down to the Security Settings, and there you will find a tick box labelled ‘Always send Do Not Track header’. If you tick or un-tick this box, you will need to re-start the browser for the change to take effect.