Ok, but like, what ARE cookies?
You've probably swatted away 14 cookie notifications just today, but what exactly are cookies and should you be concerned?
Happy Monday, friends! This post is a little different than the last few in that it’s our first explainer post! There will be some suggested tips for how to deal with cookies and best practices to protect your privacy near the end, but primarily we’re here today to understand what cookies are, what they’re for, and how you can protect your privacy.
So what are cookies?
Commonly called ‘biscuits’ in the UK, cookies are actually more like breadcrumbs than cookies, but ‘breadcrumbs’ means something else in web terms, so here we are.
Basically, cookies are a bit of text code with an ID that’s been assigned to you personally, and they’re stored in your web browser’s cache. Some cookies allow websites to access this ID to see what you’re doing all over the web and can share or sell that information to ad networks or other websites. It’s like you’re leaving breadcrumbs around the internet. See? If only that name wasn’t already taken…
Anywho, these types of cookies are called ‘tracking cookies’ and, as you might imagine, they’re the ones that give us some privacy concerns.
Types of Cookies
So there are a lot of types of cookies out there.. you’ve got your Thin Mints, your Fudge Shoppe cookies, your basic chocolate chip and sugar cookies… whoops, not those cookies...
Actually, you’ve got your persistent cookies and your session cookies.
Persistent cookies stay in your browser until they expire. You know like how you can just open your email no problem for like 8 months and then one day they’re like, “actually, can you sign in again for us?” Those are persistent cookies. So, when do they expire? Well, that depends on the amount of time specified by whichever site set the cookie. Could be a few hours, could be a few days, could be a few months or even a few years or never.
Session cookies only last while that particular browser tab/window is open. These are the ones you expect to see on banking websites. Once you close the window or tab, the cookie expires and you need to log in again, and some might even expire before you close the tab (you might see something like ‘you’ll be signed out automatically in 120 seconds’).
Third-party cookies are cookies that are created with the purpose of sending/selling your personal browser history (which websites you visit, what you look at, what you search for, etc) to third-party companies like advertisers or other websites interested in knowing what you do on the internet.
Good Cookies vs. Bad Cookies
Cookies actually serve many functions on the web and some are required for websites to function properly or just generally give you a good experience using the site.
An example of a good persistent cookie might be like when you go to check your Amazon orders for the 34th time to see when your Bonne Maman 2022 Limited Edition Advent Calendar will finally arrive and you don’t need to sign in every time—it just remembers you. Yummy jam-filled cookie!
Or maybe you’re shopping online and you’ve added a few things to your shopping cart. In order for the site to remember what you’ve put in your cart (particularly when you don’t have an account or you’re not signed in), it sets a tasty cookie! This cookie might be persistent or session. Once you close the browser window, your cart would be cleared if it was a session cookie. Get it?
Tracking cookies, aka third-party persistent cookies, are the icky cookies that do things like show you the same ad on every website you visit for that pair of glasses you looked at that one time on EyeBuyDirect. These cookies are just barfing up your privacy all over the place.
Now, what about those cookie notifications that are suddenly everywhere? What are they for?
So, not too long ago in a land far, far away (Europe), there was new legislation created by the EU called GDPR (General Data Protection Regulation) and these new rules sought to prohibit personal data collection and sharing/selling that information without explicit consent by the users. Good, right?
Right! But ever since that fateful day, you’ve probably been bombarded with popups that tell you either “accept our cookies or get lost,” or tricked you into accepting their cookies rather than going through a long, confusing list of cookies that you can accept or reject individually. You know the ones right?
Now, this is where you get some control on a website-by-website basis which cookies you’d like to have implanted in your browser. Some sites require you to just accept their cookies or leave, and others might have an option for you to control your cookie settings.
So what can you do about cookies?
Take a minute to say ‘no’ to third-party cookies on those annoying pop-ups… if they let you. As we talked about above, those pop-ups often (but not always) have a way for you to choose which cookies you want and which ones you don’t. They will try to trick you into accepting all the cookies, but you don’t have to. In general, it’s best to only accept the required cookies and then you can get back to reading about the 10 Reasons Why Cats Make Better Pets Than Dogs.
Use a third-party cookie blocking browser extension. Browser extensions are easy to install and typically run in the background so you don’t have to think about them. If you want a shortcut to manage all those cookie pop-ups from above, check out the Consent-O-Matic browser extension. It automatically applies your preferred cookie settings to all the sites with those pop-ups. uBlock Origin and Privacy Badger are also both great extensions that just block third-party cookies in general.
Use a web browser that automatically blocks third-party tracking cookies (ICYMI, I recommend Brave). This is the simplest way to block all third-party icky cookies while maintaining the helpful yummy cookies.
Clear your cookies occasionally. We went over how persistent cookies stick around for however long they’re set to stick around for, some maybe even indefinitely. If you want to start fresh, go ahead and clear your cookies (here are some instructions for tons of browsers and devices). Just a note: you’ll probably be signed out of most/all of your accounts, so you’ll need to sign in again when you visit your favorite websites.
Use a VPN. I’ll get into this in an upcoming post for a more detailed description, but the tl;dr is that a VPN is like putting up a privacy fence around everything that you do on the internet. I recommend Proton VPN which has a feature called NetShield that blocks ads and third-party trackers and doesn’t log or record any of your internet activity.
TL;DR
Cookies are a small piece of code that identifies you as a particular user. Some cookies are helpful and keep us logged into our favorite websites, but some cookies can be real privacy downers selling your web history to advertisers or really anyone willing to pay for it.
Well, all this talk of cookies has got me craving some. I’m gonna go grab myself a frozen Thin Mint and call this entry baked.
I’d love to hear what you thought of this explainer and if you’d like to see more content like this or if you prefer strictly tips, or if there’s something altogether different you’d like to see! Email me at womensprivacyproject@pm.me with your ideas!