And if you should block or allow them.
Recently, the conversation around digital privacy has centered on a pretty confusing concept. By now, you’ve probably heard of cookies (the digital kind, not of the chocolate-chip variety) but you’re certainly not alone if you don’t fully grasp what they are.
Believe it or not, cookies have been around since the ’90s and have become a vital part of our web-surfing experience. Say, for instance, you’re shopping on Amazon and put a couple of items in your cart. You then get distracted and close out of that window to check your Facebook or watch the new season of Stranger Things. When you return to Amazon, you’ll notice your cart is still full and ready for you to check out. That’s thanks to cookies, explains Joseph Steinberg, a cybersecurity expert and the author of Cybersecurity for Dummies.
Wait, what are cookies?
Cookies are files that contain your activity and are sent by a web server to your phone, tablet, or laptop when you’re visiting that server’s website. Your device stores those cookies, so that when you return to the webpage the server will recognize you as a user. This enables sites to create a log of your activity on their page — allowing them to remember your preferences or keep you logged in.
That was the original intent, at least. But they’re now also being used to track your behavior across the web — not just on specific sites, which is why they’ve got such a bad rap, says Patrick Jackson, the CTO of Disconnect, a Bay Area-based company that develops online privacy software. These are known as third-party cookies, which are generated by websites that are different from the web pages you’re currently using. Third-party cookies typically get stored on your browser through ads, or even features like a Facebook “like” button, that appear on web pages you visit.
Companies, like data brokers or advertising technology firms, can take that data to build a profile about you. That data is valuable to marketers, who want to know about your shopping habits or your favorite brands, so they can learn what things you might be interested in buying and serve you targeted advertisements to entice you. (This explains why after you shop online for a new crew-neck sweater, for example, ads for crew-neck sweaters seem to follow you around the net.) But your browsing data can reveal more than just your preference for Adidas over Nike, for example. By tracking when you’re online, they can determine your sleeping habits, or by tracking which news sites you visit, they can guess your political affiliation, Jackson says.
“There are companies that are collecting this data that will sell it to whoever,” he says. “And they don’t really care if they’re using it for targeted ads or if they have some nefarious purpose — it could be used for anything. That’s really the ugly side of cookies.”
There’s been some effort to crack down on this. The toughest set of rules to date, the General Data Protection Regulation (GDPR), was recently enacted in the E.U. (You’ve probably noticed that in the past couple of years, the large majority of sites now have a pop-up asking you to accept their cookies. That’s because of the GDPR.) California also has its own law, called the California Consumer Privacy Act (CCPA), which went into effect in 2020 and regulates the sale of data. (Any company that sells data has to give users the chance to opt out by adding a “do not sell my data button” on their sites.) But by and large, the practice of selling digital profiles in the U.S. is legal.
Should you allow or remove cookies?
As we mentioned before, cookies have really come to shape how we use the web, and removing them can make browsing much more tedious. You won’t even be able to fully use some sites if you disable them.
“So you don’t necessarily want to block all cookies,” Steinberg says. You should, however, weigh whether or not you want a certain site or app to have your data and use that to determine whether or not to accept their cookies.
There are other measures you can take too, like occasionally clearing your cache and cookies, which would wipe any third-party tracking cookies. (A cache is a collection of files your browser stores from webpages you’ve visited to speed up your experience on those sites. Clearing your cache every once in a while is also a good general practice, because it can help free up a little storage on your devices.) Check out PCMag’s guide on how to execute this on different browsers.
For iPhone users, Jackson recommends using a privacy feature called “Ask App not to Track,” which is located in your device’s settings. (CNet has a helpful tutorial on how to enable this.)
Another simple step you can take is to use a browser that has strong privacy defaults like Safari or Firefox, Jackson says. Firefox recently rolled out its “Total Cookie Protection” feature, which prevents third-party cookies from tracking you across the web, without fully blocking cookies.
At the end of the day, however, cookies are just one of a myriad of tools companies have at their disposal to monitor your activity. So simply blocking cookies won’t make you invisible on the web. And importantly, though they get a lot of negative attention, they’re not necessarily a bad thing, Steinberg says. Cookies make it so you don’t have to log in to Netflix every other hour and help news sites remember your preferences, so you can see more about the topics you care about. Who knows, those targeted ads might even lead you to that perfect crew-neck sweater.
“There’s always a trade-off when it comes to using a website or an app,” Jackson says. “The more you know about that trade-off, the better decisions you can make.”
