A cookie is a technology for remembering information
A cookie is a small text file which is stored by the user’s browser.
The cookie only contains data, not code, so it can’t contain a virus or spyware, they can only ever store information.
A cookie remembers information about a specific website, this information is restricted to a specific domain. The domain prevents other websites from accessing each other’s cookies.
However there are ways that websites can share information as we’ll see.
A session cookie expires when the user closes their browser, and sometimes just after a certain period of time has elapsed (for example, on mobile devices, where the concept of ‘closing your browser’ is less relevant).
Sessions are therefore ideal to remember – for example – if a user has logged in to a website. When they close their browser they are automatically logged out. They are usually considered relatively unobtrusive from a privacy perspective.
A persistent cookie expires after a fixed date, for example after one year. They are not cleared when the user closes their browser.
A common use of a persistent cookie is the “Keep me logged in” box found beneath many login areas. For this to work, the cookie must be stored after the user closes their browser.
However persistent cookies are also used to track users in unexpected ways. For example, if you visit Google they give you a unique cookie to track you with. They can then use this cookie to recognise and link your behaviour between their many sites – they might for example know what you search for, what websites you visit etc. They can then use this information to target advertising at you on those same sites.
First party cookies
A first party cookie is restricted to the same domain as the website you are viewing. For example, if you were visiting www.silktide.com, a first party cookie would only be readable by pages inside www.silktide.com.
Third party cookies
A third party cookie is set by a domain other than the one the user is visiting. For example, if a user visits www.example-one.com, a third party cookie might be set by www.example-analytics.com. Now if the user visits www.example-two.com, this website could also use the third party cookie set by www.example-analytics.com. In effect, the user is recognised between sites.
The reality is more complex. In this example neither www.example-one.com or www.example-two.com can actually see the cookies being set, only www.example-analytics.com can. However there is nothing stopping www.example-analytics.com from collecting information in this way and sharing it with others, including the other two websites.
Third party cookies are most commonly used for tracking users by advertising networks, search engines and social media sites. For something like the Facebook Like button to work on websites other than Facebook’s, third party cookies are essential. However, because they allow tracking between websites that a user may not expect, they are generally frowned upon by privacy advocates.
How browsers control cookies
All major browsers provide security controls for cookies. Generally these allow users to choose to block all cookies, to only allow specific cookies, or to block third party cookies.