Over the past few years, changes to our data protection laws means we are being presented (incessantly) with options to ‘manage our cookies’ when we’re online. Companies are rightly worried that they will be hit with massive fines if they don’t give their users a way to opt out.
If you’re anything like us, you probably get a bit irritated and just click ‘Accept All’ so you can continue on your way. But what are you actually agreeing to? Are you putting your personal data at risk and if so, how can you protect your information and your systems? More importantly, what actually happens if you DON’T accept the cookies?
To test that theory, one of our Stackers cleared their cache and spent an entire day rejecting everyone’s cookies. And guess what? There was no noticeable or immediate difference to their browsing experience.*
To understand how that was possible, we probably need to understand exactly what a cookie is.
Cookies are little text files sent by the website you are visiting to the device you are using. When you accept a cookie, the text file is stored in the web browser on your device. It then tracks and collect data from your browser on your activity and send it back to the owner of the website.
This data is labelled with an ID unique to you and your computer. When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you, in theory, making your browsing experience better.
‘Session’ cookies are only stored on your browser while your session is active and are deleted when the session ends. ‘Persistent’ cookies are the ones to watch out for – these cookies are used for authentication and tracking and can sometimes store sensitive personal information.
To a certain extent, whether the cookies are dangerous depends on who owns the website or server, how secure it is and what they might do with the data. In most cases, cookies are perfectly safe.
However, it is possible for cyberattackers to hijack cookies and gain access to your browsing sessions and the information contained in the stored cookies.
Your choice on whether to accept the cookies, will probably also depend on how much functionality will be affected on the website if you refuse the cookies. In some rare cases websites can be set to refuse users access if cookies are not accepted.
In some cases, cookies can be helpful to the user and can really help enhance your browsing experience. Websites use the information they collect to personalise the browsing experience for their users, which can mean less time filling out forms and a faster, smoother experience.
It also means potentially higher engagement and sales for the website owner so there’s no such thing as a free lunch. It is important to remember that you are allowing these businesses to use YOUR data to sell more to you and increase their sales and retention rates. It’s even more important to remember that no system or platform is 100% secure.
Examples of some of the data that can be collected by cookies to improve and personalise a user’s online experience are below.
- Website name
- Unique user ID
- Browsing habits and history
- Personal preferences and interests
- Links clicked
- Number of times a website is visited
- Time spent on a website
- Settings selected
- Shopping cart items
- Account log-in information, including your username and password
- Online identifiers like your location and IP address
- Personal data like your phone number and address
Obviously, the last three on the list are potentially the most worrying but there are things you can do to make sure you are being as safe as possible online, even if you do accept the cookies.
Look out for the lock…
Never accept cookies from unencrypted websites – that little lock is there for a reason. Essentially, it means that the website owner has taken steps to ensure any data collected by the site is encrypted and secured and therefore less likely to be accessed or stolen by hackers. If you don’t see the lock, don’t accept the cookies.
Say NO to third party cookies!
Cookies can be placed on your browser by advertisers. If you are presented with the option to accept or decline ‘third party cookies’ you should ALWAYS politely decline – this means that your data could potentially be sold to third parties, other than the website you are visiting, and you have no control over who they are or how they use your data. Did you know that visiting a site with 10 ads may generate 10 cookies, even if users never click on those ads!? If you see a ton of ads on a webpage, move on!
That’s a bit personal…
If you are inputting sensitive or highly personal data on a website, don’t accept the cookies. The risk is higher for identity theft, fraud, and data breaches where the information is more valuable – for example, with your PPS number or banking passwords. The safest bet on sites that require this information is to err on the side of caution and ‘reject all’.
And then there’s The Zombie Cookie…
“Zombie cookies are from a third-party and are permanently installed on users’ computers, even when they opt not to install cookies. They also reappear after they’ve been deleted. When zombie cookies first appeared, they were created from data stored in the Adobe Flash storage bin. They are sometimes called “flash cookies” and are extremely difficult to remove. Like other third-party cookies, zombie cookies can be used by web analytics companies to track unique individuals’ browsing histories. Websites may also use zombies to ban specific users.”
Image Source: @FavePlushie, Twitter
It is also important to do a clear out every so often. Your cookies can build up, take up valuable space and slow down your system. It’s also just good practice. Do a clean up once a month and make sure you keep your security software and operating system up to date.
Your operating and security software will routinely scan for and flag dangerous cookies.
According to Forbes;
“VPN software protects your information by masking your device’s IP address, encrypting your data and routing it through secure networks to servers in faraway states or even other countries. In doing so it hides your online identity, ensuring that you are able to browse the Internet securely and anonymously.”
Using a (paid) VPN or Virtual Private Network can protect you from criminals looking to spy on your activity via your cookies as cookies are labelled for the remote server in another country, instead of your local computer.
So, whether you should or shouldn’t accept cookies depends entirely on the information you are submitting online, what sites you are accessing and whether or not you believe they are trustworthy. It also depends on how much you value a fast, personalised browsing experience.
It would be wise to put aside some time to check your current settings, update your browser preferences and make sure your software and security is up to date.
And now you know.
References:
https://techcrunch.com/2021/05/30/europes-cookie-consent-reckoning-is-coming/
https://us.norton.com/internetsecurity-privacy-should-i-accept-cookies.html
https://www.kaspersky.com/resource-center/definitions/cookies
https://www.forbes.com/advisor/business/software/why-use-a-vpn/
*There was no noticeable difference to the browsing experience on the sites that were accessed by Stacked in the specific time frame that the sites were accessed. We cannot guarantee that this will be the case for all users.