Cookies are small files that websites send to the user’s device, say a mobile or computer, to monitor the user and remember certain information about him/her, e.g. login information or shopping cart information.
These first party cookies are useful since these software snippets lets a website recognise individuals allowing them to do automatic login subsequently while they are on line. Otherwise, an individual would be treated as if he/she were visiting the website first time.
HTTP cookies or web-cookies are small block of data created by a webserver in the course of browsing by a user. These are placed on the user’s device by the user’s web browser. It is possible to place more than one cookie on a user’s device.
Originally, they were meant to shield people rather than do cyber snooping.
A California-based engineer-webbrowser programmer, working in Netscape coined the term cookies. For the first time the cookies were used in June, 1994 and a patent was applied for in 1995 which was granted in the US in 1998. Cookies were integrated with IE in 1995. They came by default. The public learnt about them in 1996. Privacy issues were then highlighted. Even FTC discussed them.
There were efforts to formulate specifications. Montoulli decided to use Netscape specification as the starting point. The efforts commenced in 1996, and the specifications were published in 1997. There is specification that no third party cookies will be used, and even when used, they will not be enabled by default.
Third party cookies, or tracking cookies compile long term records of individuals browsing history. They violate the privacy of individuals.
Advertising agencies were already using third party cookies. Netscape and IE did not comply with specifications. New specifications were laid down in 2000.
A third party cookie comes from a domain name different from the domain name used in the web browser’s address bar. Web browsers have privacy settings that can block third party cookies.
Session cookies or in-memory cookies exist only in temporary memory while web is being browsed. Persistent cookies continue for a specific length of time. Secure cookies are transmitted over encrypted connection. An Http-only cookie cannot be accessed by client-side APIs such as Java Script. Authentication cookies authenticate a logged-in user.
Google Chrome and later MS Edge introduced Same-site cookies (2016). Super cookies originate from top-level domain or public suffix. They are often blocked by browsers, as they are a security threat. A zombie cookie does not reside in dedicated cookie storage location. Its data and code are placed on a hidden location of a visitor’s device.
Google and Facebook have been fined by the French authorities over the use of cookies. The cookies could be stopped if targeted ads are stopped and online services are funded through subscriptions. But all this could drive advertisers to use stealthy tactics. They will find away. Even small websites will be starved of funds, and Big Tech will flourish. The middle way is to make it possible for the users to opt in or out of sharing data. Though web without cookies is not possible, we can learn to use them in a nuanced manner.