Cookies are everywhere, get to know when it was created? Why? What purpose it serves today and how it is being used for tracking purposes?
We have herd all the times how Facebook and Google track us on the internet to know much about us, our behavior so they can offer us better service or ads to be specific. Cookies are the tool they use to do so and in a pretty fine way.
What is a cookie?
Cookies are small information stored by sites or certain sites on your browser so your browser knows your preference for future use. For example, the site says example.com offers you to set the dark mode in their website, so when you switch to a dark theme, it stores values in your browser say
dark_mode = on
On every new visit to the same site, your browser sends them cookies stored by them, so when that site reads you have stored dark_mode=on, it will choose dark theme style for you to see. Pretty simple right.
History of browser cookies.
Cookies were created by Netscape company in 1994 for a certain use case. They simply want to store shopping cart item list on the browser instead of the server so the server won’t have to store everyone’s data and thus save storage and cost. It was rapidly adopted by Internet explorer in the year 1995 and so on.
Why HTTP cookie?
HTTP is a stateless protocol, that means, every page you visit to a website, or click on the link, it does not know about your previous activity at all.
Take a scenario of logging in to any website say facebook.com
You provide
username: tonny
Password: *************
Your browser will send this information to Facebook and Facebook verifies it yes both details are correct, so it will send you to Feed page right.
This is what we see, there is something in between.
Since your login page validates you but feeds page doesn’t have an idea who you are, stateless again.
Let us get back to the login page and see the process again.
You provide
Username: tonny
Password: *************
And hit Login
Your browser sends this information to Facebook.
- Facebook verifies you as Valid user
- Facebook generates an authentication key and sends back to your browser
- And redirects to feed page.
- Your browser will request feed page with that key facebook has provided on login page.
- Facebook checks that key and finds it correct, so gets to know your identity who logged in to the previous page
- Thus gets your notification, friends, photos for you only.
So you seen without cookies, Facebook doesn’t know you, no website can save your information without you providing who you are by sending cookies they set.
Who can read cookies?
Websites who set cookies on your browser will able to read those cookies only, no other websites can read cookies from any other website.
So Google won’t be reading your cookies from Facebook and so on. So the question arises is:
How Google/Facebook tracks you?
By placing their content/code on sites you visit. Most of the sites nowadays using Google analytics to see their site usage and other information. So they place the analytics code given by Google on their own website which tells the website owner who visited your website.
- Let’s make it simpler, say you visit a website called example.com.
- It has the Google Analytics code, which calls the google server in the background to send information like, hey Google, the person from this browser is visiting example.com
- So when Google service runs on example.com, google can access their own cookies set on your browser and gets to know ohh he is tonny.
- So Google knows tonny visited example.com.
- Same in case of Facebook,
- Many websites keep Facebook Like button and comment button or share button on their website.
- Those button needs to contact Facebook in order to know if you have already liked that button or not, so it tells, hey Facebook, I am like button on example.com, this person wants to Click me, let me know if he already liked or not.
- When Facebook is called, it now can read cookies is stored in your browser and thus know: Wow, its tonny.
What happens when you clear cookies?
The site will forget you. You will be logged out of the site you are clearing cookies for, and if you clear cookies of your browser, you will be logged out of all sites you logged in to.
What information cookies stores?
Cookies along with login token, can store some of the information which may provide a better experience on the websites.
For example:
- Cookies store products page you visit so it lets you know your recently viewed products.
- Cookies can store items you add to the shopping cart.
- Your personal preference on the website, say theme, language, currency etc.
Limitations?
A website can store a maximum of 300 cookies, and size must not exceed 4096 bytes per cookies and should be accessible by the same domain name only.
What you can do to protect your privacy?
Some website offers you to manage your cookies to allow control over what they know about you. Additionally, you can:
- Turn on DNT mode in your browser, which sends information to the website about DO NOT TRACK, however, this is totally on the website how they respect your flag.
- Use incognito mode as often as possible, for searching for things, flight tickets, bus tickets, hotels, I strongly recommend using incognito mode, so the site won’t know who you are unless you log in, and thus show you best offer which regularly you might not see.
- Use some of the browser extension which will detect tracking cookies and may block those.
Bottom line
Cookies are an essential tool for browser/website, you can not simply live on the internet without it, to check cookies, you can open Dev tools in chrome > Go to Application tab > Click on cookies from the sidebar, and play with stores key, values by cookies.
If you find this article helpful, please share it, tweet it and help your peers know what you have just known.
http://Inteligentcomp.com