Skip to content

What Information Do Cookies Collect? An Expert Guide

As an experienced cybersecurity professional, I often get asked: what kinds of personal information do cookies collect? Cookies are small files that websites place on your device to store data about you and your visit. But how much do they really track? And should you be concerned?

In this comprehensive guide, I‘ll explain what info cookies gather, different cookie types, risks and benefits, and how to control these sneaky little files. My goal is to break down cookie tracking in simple terms so you can make informed choices about your privacy.

What Exactly Are Cookies Collecting About You?

When you visit a website, dozens or even hundreds of cookies may be saved to your computer or smartphone. According to recent surveys, the average website places over 45 tracking cookies on visitors‘ devices. But what data are they actually recording?

Cookies can collect a wide range of personal information:

  • Unique IDs: Each cookie places a tracking ID on your device so you can be identified and monitored across websites.

  • Browsing history: Cookies log every site and page you view, when you visited, time spent, and browsing patterns.

  • Clickstream data: The cookie tracks each link you click, taps and swipes. This shows your interests.

  • Search terms: It records keywords you searched for and queries you entered into site search bars.

  • Videos/audio: It notes which video and audio content you‘ve accessed.

  • Ads viewed: Cookies record which ads you‘ve seen, clicked or hovered over.

  • Shopping behavior: It remembers products you viewed, added to cart or purchased.

  • Geolocation: Your location, zip code, city, region and IP address are tracked.

  • Device details: Cookies pick up operating system, browser type, screen resolution, language and other device specifics.

  • Personal info: Some cookies can access your name, email, phone number, address and more if you provide it.

This extensive tracking allows websites to analyze usage patterns, personalize your experience, and enable targeted advertising based on your interests and demographics. While it can feel invasive, some of this cookie data also has benefits, like remembering login details or items in your cart. But other more advanced cookie types have concerning privacy implications, as we‘ll explore next.

Not All Cookies Are Created Equal: Understanding the Different Types

There are several kinds of cookie files that have varying security risks and data collection levels:

Session vs. Persistent Cookies

Session cookies only last while your browser tab is open and are deleted when you close it. They temporarily store technical data needed for site functionality.

Persistent cookies remain on your laptop or mobile device for a set period of time ranging from a few minutes to years. They remember settings and preferences across browsing sessions.

According to Mozilla, session cookies account for about 65% of cookies while 35% are persistent cookies.

First-Party vs. Third-Party Cookies

First-party cookies are from websites you directly interact with. For example, when you visit examplesite.com, that domain places their own cookie file on your computer. These are generally more trustworthy.

Third-party cookies are placed on your device by external parties that you aren‘t visiting directly. For instance, many websites allow third-party services like ad networks, social media widgets, analytics services, etc. to set cookies. These follow you between websites to target ads and gather data for other purposes.

Over 91% of cookies today are from third parties rather than the site domain you are browsing. These raise the most serious privacy issues.

Flash or Zombie Cookies

Flash or zombie cookies reinstall themselves after being deleted. They resurrect because a backup copy is stored in other locations like your hard drive or Flash storage cache. This makes them virtually impossible to get rid of.

Zombie cookies account for around 1% of all cookies but their hardcore tracking abilities are concerning. Clearing cookies continuously can help remove them.

Supercookies

Supercookies are virtually indestructible cookies with their own storage file rather than storing data within a normal browser-managed cookie. This makes them inaccessible to cookie deletion tools.

For example, Verizon uses a supercookie called the PrecisionID to indelibly track users on mobile devices across the web. These are highly threatening to privacy.

Browser Fingerprinting

Browser fingerprinting is an advanced hidden tracking technique that does not use cookies at all. Rather than storing a file, it captures unique characteristics about your device like screen size, plugins, time zone and more to digitally fingerprint your browser.

Why Do Sites Request Cookie Consent?

You‘ve probably noticed cookie consent notices popping up on almost every site you visit. This is because regulations like the EU‘s General Data Protection Regulation (GDPR) and California‘s CCPA require websites to get opt-in consent before placing non-essential cookies.

By asking you to click "Accept Cookies", they are informing you of tracking while also covering themselves legally.

Some key stats on cookie consent laws:

  • 92% of websites worldwide now display cookie consent notices due to privacy regulations

  • $758 million in GDPR fines have been issued since 2018, incentivizing compliance

  • 25% of internet users say they always reject cookie tracking when prompted

So next time a cookie notice interrupts your browsing, you can blame the complex web of modern privacy laws.

Should You Accept or Reject Cookies?

I‘m often asked whether cookies should be allowed or blocked. There are arguments on both sides:

Potential Benefits of Allowing Cookies

  • Remembersusername, passwords and site preferences
  • Saves shopping cart items between visits
  • Enables personalized recommendations
  • Storestechnical user data like language settings
  • Supportsfree site content through advertising

Potential Risks of Allowing Cookie Tracking

  • Third-party ad targeting and retargeting
  • Cross-site tracking and behavior profiling
  • Identifying and tracking individuals across devices
  • Political disinformation microtargeting
  • Price discrimination and dynamic pricing
  • Data leaks, cookie theft and session hijacking

Given these pros and cons, here are my tips on when accepting cookies makes sense and when you should reject them:

Accept First-Party Session Cookies on Trusted Sites

Accept strictly necessary first-party session cookies only on reputable sites you actively engage with for functionality like staying logged into your accounts. Always log out and clear cookies afterwards when using public devices.

Reject Unnecessary Third-Party Cookies

Say no to third-party cookies from ad exchanges, data brokers, social networks and other services that track you between sites without your knowledge. This includes analytic cookies that aren‘t critical for site performance.

Reject Cookies from Unsecured Sites

Never accept cookies on HTTP sites or public Wi-Fi networks that aren‘t encrypted. This leaves you vulnerable to cookie hijacking and MITM attacks. For privacy, only use HTTPS sites with the lock icon when browsing.

Review Cookie Permissions

Audit your browser or app cookie settings to block unnecessary tracking cookies by default across all sites and manually whitelist trustworthy first-party cookies as needed.

Use a Cookie Manager

Install a dedicated cookie manager browser extension that gives you granular control over cookie blocking. This lets you customize permissions rather than all-or-nothing approaches. Popular choices include Ghostery, Cookie AutoDelete and I Don‘t Care About Cookies.

Clear Cookies Frequently

Manually clearing your cookies regularly helps remove persistent tracking cookies and limits profiling of your activities over time.

What Happens If You Disable Cookie Tracking?

If you fully block cookies, whether through browser settings or extensions, websites cannot store any information about you or your visit. What kinds of functionality might break without cookies?

  • Re-entering login credentials and preferences on each visit
  • Shopping carts not saving added items
  • Loss of personalized services like recommendations
  • Some websites may not load properly or block access entirely

You can also selectively clear cookies manually after each browsing session as a balancing act. But expect to lose some convenience if disabling cookies across the board.

How Can You Control Cookie Settings?

Every major browser lets you configure cookie permissions, retention and blocking. Here are quick steps for how to manage cookie privacy settings on:

Google Chrome

  1. Click the 3-dot menu > Settings > Privacy and security
  2. Click Cookies and other site data
  3. Toggle Block third-party cookies in Incognito
  4. Clear cookies and data as needed

Mozilla Firefox

  1. Click the 3-line menu > Options
  2. Go to Privacy & Security > Enhanced Tracking Protection
  3. Select Custom and pick cookie blocking options
  4. Clear cookies now or set it to clear automatically

Microsoft Edge

  1. Click the 3-dot menu > Settings
  2. Select Cookies and site permissions
  3. Under Allow cookies, pick Block only third-party cookies
  4. Review and clear cookies

Apple Safari

  1. Click Safari > Preferences > Privacy
  2. Pick Prevent cross-site tracking
  3. Customize cookie settings or clear cookies

You can also install a dedicated cookie manager extension for advanced control. Adjust settings until you find the right privacy balance for your browsing needs.

Key Takeaways on Cookie Tracking

I hope this guide gave you a transparent look at the inner workings of cookies and the surprising amount of information they can collect about you as you browse. While some basic first-party cookies provide helpful functionality, third-party tracking and profiling cookies pose concerning privacy risks to be aware of.

Here are some important tips to manage cookie tracking:

  • Only accept essential first-party cookies from sites you fully trust
  • Reject unnecessary third-party advertising and analytics cookies
  • Never accept cookies on unsecured public Wi-Fi
  • Use antivirus software and cookie managers to block dangerous cookies
  • Frequently clear cookies to protect your privacy over time

Stay vigilant about controlling cookie consent settings in your browsers and apps. Taking a few minutes to manage permissions and clear cookies regularly goes a long way towards covering your digital tracks!

Tags:
nv-author-image

Streamr Go

StreamrGo is always about privacy, specifically protecting your privacy online by increasing security and better standard privacy practices.