Mikel Coreclark

Categories

Tags

Archives

Blogs » Technology » Cookies: on your devices.

Cookies: on your devices.

  • click to rate
    Posted by Mikel Coreclark November 16, 2021 - Filed in Technology - #cookies  - 4,242 views

    I was doing some updating on my cookie policy last week. Gathering some intel. I came across some interesting cookies i did not know about or knew existed.

     

    Im not saying anything like a conspiracy theory or anti-trust. This is just some info incase you may also not have heard of some of these cookies.

     

    Il post my findings.

     

    The Benefits of Cookies

    Cookies are used in many different ways, and many of them make the web experience much better. However, most of this can be summed up on one word – personalisation.

    The online store Amazon is a great example of this. The more you use the site, the more Amazon understands what kind of products you search for and buy. This allows it to make recommendations of products you might like – which could help prevent extensive searching in such a big store.

    If you have bought from Amazon and don’t actively sign out from your account, it will remember you when you return – greeting you by name even. It also remembers any items you have put in your shopping basket but not purchased – making it quicker to go through the checkout.

    Of course they are doing it for their own benefit as well – all of this increases their sales, but it does benefit users.

    In fact online shopping would not be possible without cookies. If we didn’t have cookies, you could not effectively login to a website. Instead you would have to tell it who you are every time you went to a new page, which would be extremely tedious.

    Cookies can personalise a website in all sorts of other ways as well – without having to be about shopping. For example, they can be used to remember a user prefers a larger font size than normal. A news website might remember that you like certain types of stories and promote them to the home page.

    There are also more subtle uses of cookies that bring benefits that are less tangible.

     

     

    Analytics

    Websites use cookies to work out how popular the different pages of their sites are, sometimes even which parts of different pages. They do this by tracking pretty much every visitor to the site – the page they entered, where they came from to get there, the pages they looked at, in which order, the links clicked on, the time spent on each page, and the point of exit from the site.

    Some services even claim they can work out which part of a page users spend most time looking at, even without clicking anything. This is because they can track where in the page the mouse pointer is, and many users tend to place the pointer near where they are looking at.

    Aggregating all that data into useful information is known as ‘web analytics’, and it gives website owners real understanding about how people user their site, which are the most and least popular pages, and how this changes over time. Doing this enables them to improve the site – doing more of what visitors like and less of what they don’t. Ultimately this benefits visitors through better content and services targeted at their needs.

    However cookies do also raise a number of privacy concerns that people ought to be aware of.

     

    Types of Cookies

    There are many different types and uses of cookies, but most can be classified in a number of different ways.

     

    First Party Cookies

    One of the key attributes of a cookie is its 'Host' - this is the domain name of the site that ultimately sets the cookie. Only the host domain can retrieve and read the contents of the cookie once it has been set.

    If the host name is the same as the domain in the browser address bar when it is set or retrieved, then it is a First Party Cookie.

    First party cookies are only set or retrieved by the website while you are visiting it, so they cannot normally be used to track activity or pass data from one site to another.

    However the owner of that website can still collect data through their cookies and use that to change how the website appears to the user, or the information it displays.

    Of course they can also collect the data and use it outside their website, and even sell it on to other organisations. However, if they do this it must be explained in the site's privacy policy.

    Most desktop browsers allow you to see a list of the cookies that have been set – and they will normally be listed by the host domain value.

     

    Third Party Cookies

    If the host domain for a cookie is different to the one in the browser bar when it was downloaded, then it is a third party cookie.

    They are usually placed in a website via scripts or tags added into the web page. Sometimes these scripts will also bring additional functionality to the site, such as enabling content to be shared via social networks.

    For example, if you visit a site that has a YouTube video in one of its pages. This has been included by the website owner, using a piece of code provided by YouTube. YouTube will then be able to set cookies through this code, and know that you have watched that video, or even just visited the page the video is in.

    Online advertising is the most common use of third party cookies. By adding their tags to a page, which may or may not display adverts, advertisers can track a user (or their device) across many of the websites they visit.

    This allows them to build up a 'behavioural profile' of the user, which can then be used to target them with online ads based around their 'calculated' interests.

    Use of cookies for this purpose is often seen as intrusive and an invasion of privacy. Such activity is one of the drivers behind the development of new privacy laws, especially the EU Cookie Law.

     

    Session Cookies

    Session Cookies are only stored temporarily in the browser's memory, and are destroyed when it is closed down, although they will survive navigating away from the website they came from.

    If you have to login to a website every time you open your browser and visit it - then it is using a session cookie to store your login credentials.

    Many websites use session cookies for essential site functions, and to make sure pages are sent to the browser as quickly and efficiently as possible. 

     

    Persistent Cookies

    As the name suggests, this type of cookie is saved on your computer so that when you close it down and start it up again, it can still be there.

    Persistent cookies are created by giving them an expiry date. If that expiry date is reached, it will be destroyed by the computer. If the expiry date is not set then it is automatically a session cookie.

    The expiry date will normally be saved as the time the cookie was first created plus a number of seconds, determined by the programmer who wrote the code for the cookie. However, there is no real limit on the expiry date - so it could be set to be 20 years in the future. In addition, if you revisit the website that served up the cookie, it may automatically place an updated version on your computer - with a revised future expiry date.

    If you login into a website, then shut down your computer, start it up again, and go back to the website to find you are still logged in - then it is using a persistent cookie to remember you.

    Persistent cookies are also used to track visitor behaviour as you move around a site, and this data is used to try and understand what people do and don't like about a site so it can be improved. This practice is known as Web Analytics. Since Google started providing its own analytics technology free of charge to website owners, almost all websites use some form of it - although there are also paid-for services available to rival Google's.

    Analytics cookies are probably the most common form of persistent cookies in use today.

    However, persistent cookies can also, oddly, have a shorter life span than some session cookies, as they can be coded to be destroyed within a second or two of being set, whereas a session cookie will always last until you close down your browser.

     

    Secure Cookies

    Secure cookies are only transmitted via HTTPS - which you will typically find in the checkout pages of online shopping sites.

    This ensures that any data in the cookie will be encrypted as it passes between the website and the browser. As you might imagine – cookies that are used by e-commerce sites to remember credit card details, or manage the transaction process in some way, would normally be secure, but any other cookie might also be made secure.

     

    HTTP Only Cookies

    When a cookie has an 'HTTP Only' attribute set, the browser will prevent any client script in the page (like JavaScript) from accessing the contents of the cookie.

    This protects it from so-called cross-site-scripting (XSS) attacks, where a malicious script tries to send the content of a cookie to a third party website.

     

     

    Online Tracking technologies

    Cookies are the most well known and common type of tracking web tracking technologies. However, many websites, advertisers, and analytic tools use other types of technologies to track users or monitor website performance. Below are some examples of other tracking technologies.

     

     

    Web Beacons and Pixels

    A Web beacon, often referred to as a pixel tag, is a clear GIF or web bug, usually no more than 1-pixel x 1-pixel transparent image, that is placed on a website or in an email to monitor the behavior of the user visiting the website or receiving the email. They are often used in combination with cookies.

    Web beacons work by sending information along with the request to the web server with the image. For example, when the browser connects to a site with the web beacon, the browser requests the web server to download the image – included in this request can be details such as IP address, type of browser, time of access, or previously set cookies.

    Sites generally use web beacons to understand how users travel on the site and use this information to give more personalized content or make browsing more efficient and easier.

    If cookies are turned off, web beacons will not be able to track a user, however, they can still be used to account for anonymous visits.

     

     

    Fingerprinting

    This method of tracking is generally used in conjunction with web beacons. The idea behind fingerprinting is that even with cookies turned off specific information about the user’s device, browser, language, plugins, and other settings can be sufficient to identify a single user.

     

     

    Local Storage Objects

    Local Storage Objects or LSOs are similar to cookies in that they are placed on a visitors browser and used to store information. Much of the same information that is stored in a cookie could be stored in a local storage object.

    The main differences between local storage objects and cookies are LSOs do not have an expiration date, they store information in key-value pairs, and they have higher data limits than cookies.

     

     

    Super Cookies

    The term 'Super Cookie' (or sometimes Supercookie) is usually applied to tracking technologies that are not regular HTTP cookies and are stored in a different way on a user’s machine.

    This makes them harder to find and get rid of - because they can't be removed using the regular privacy controls found in most browsers.

    Adobe Flash applications sometimes use local file storage to optimise performance - and these files, known as Local Storage Objects, can also be used for tracking purposes, so they are sometimes labelled as 'supercookies'.

     

     

    Zombie Cookies

    So called zombie cookies, are technologies that are used to re-spawn regular http cookies after they have been deleted by users.

    The practice of using zombie cookies is clearly intended to circumvent users’ attempts at controlling their privacy, and therefore is widely frowned upon. In many circumstances the use of zombie cookies would be a breach of privacy laws and regulations. However their use is rare.

     

     

    Ultrasound Beacons

    Ultrasound Beacons are inaudible signals sent out by TVs, smart phones, or other device to track users outside of the web. For example, a signal could be sent out by a TV advertisement, this signal would be a low frequency that can’t be heard by humans, however, an app in a smartphone could listen for this signal to know that a user has seen a certain TV commercial.

    Ultrasound Beacons are also used to connect users in the physical and digital world by having, for example, an ultrasonic beacon installed at a store which can then be used by apps to know if a user has visited a certain store and target ads based on the user’s location.

Comments

5 comments
  • Web Diva likes this
  • View more comments
  • Web Diva Some cookies are good, whereas some are nefarious, agreed. I really don't think websites should have anything other then the basic cookies for the best functionality for the user's experience. I understand your point about the difference in cookies. I...  more
  • Mikel Coreclark Hei Tiffany. I only use the basic cookies. just allow members to login, signup and move around my site. Anything else i dont want to know about or need. Most companies such as your local coffee house (bobs coffeehouse) for example with a website wont need cookies.
  • Web Diva I'm still processing this cookie thing....where did the internet get so crazy!!
  • Web Diva That's refreshing you keep it simple.