Internet cookies are an important part of our online shopping journey. They can be used to remember your cart items, login information, or language settings for your convenience. However, they can also be used for tracking your browsing activities and sharing them with other companies, which raises privacy risks.
Learn what internet cookies are and what risks they pose to take your first step toward learning how to protect your online privacy.
Add a customizable cookie banner to your Shopify store in a few clicks
Try TinyCookie freeWhat is a cookie on the internet?
A cookie, or internet cookie, is a text file with a small piece of data that websites send to a user’s web browser. Cookies can be used for user session personalization, analytics, or ad tracking purposes.
For example, cookies can be used to remember cart items and login credentials so users don’t have to re-add products or re-login each time they open a new page on the site. They can also be used for targeted advertising by tracking user behavior across websites and gathering information about their activities.
Web browsers can store cookies only until the user leaves the site or much longer if its purpose is to track users.
How do internet cookies work?
The way internet cookies work is the web server sends a small text file to a user’s browser. This information issues a unique ID specifically to that user. When the user revisits the same site, the server can access the browser cookies, helping it recall information from the previous browsing activities.
To simplify this information, here’s a step-by-step explanation of how it works:
- You visit a website and your browser requests information from the website server.
- The website server sends cookies to your browser.
- Your browser stores the cookie on your computer’s hard drive.
- When you revisit the site, your browser takes the received cookie and sends it back to the website server.
- The website server identifies your computer and shows you the personalized site version.
What are internet cookies used for?
Internet cookies, or HTTP cookies, are used on browsers to track user data during sessions or across websites and personalize their content or experience. Here are the main purposes of internet cookies explained:
- User tracking. Cookies can help websites provide a seamless shopping journey by tracking user actions. For example, cookies track what products the user previously viewed to recommend similar products or they remember cart items that the user added so they don’t disappear as the user continues to browse other pages.
- Analytics. Websites can use cookies to examine user actions, such as button or link clicks, time spent on a page, and other metrics. This helps site owners examine how they can improve their pages to drive more traffic or sales.
- Personalization. Websites leverage cookies to personalize your experience, for example, showing you targeted ads based on products or services you were interested in.
- Sessions. Cookies can differentiate between specific users and their online activity, helping to ensure a convenient session management. For example, session cookies can remember your login credentials so you don’t get logged out each time you open a new page.
What types of cookies are there?
There are many ways we can categorize cookies – by source, duration, functionality, and more. So, let’s take a look at the types of cookies there are and what they do:
Cookie types by source
Internet cookies can be distinguished into two categories based on their source – ones that are added by the visited website and ones that are used by third parties.
First-party cookies
First-party cookies are added to the user’s browser by the website they’re visiting. Their main purpose is to enhance the user experience on the website that placed such cookies, like eliminating the need to re-login on each page or remembering the shopping cart.
Third-party cookies
Third-party cookies can be hosted by ad networks, social media sites, and other third parties. They share data across websites to track user activities and deliver targeted ads. They’re less safe than first-party cookies and raise privacy concerns due to user profiling.
Cookie types by functionality
Different cookies are responsible for different data collection or functionalities. Here are the main types of cookies that websites use and what they’re used for:
Strictly necessary cookies
Strictly necessary cookies, or essential cookies, are crucial for a website to operate and function without issues. They don’t collect any identifiable information about the user or track them. Since websites cannot work without essential cookies, privacy regulations, such as GDPR or CCPA, do not require websites to acquire user consent for using them.
Functional cookies
Functional cookies, also called preference cookies, help improve the user experience and functionality of a website. For example, they can recall language and region settings. They can also be authentication cookies that eliminate the need for users to re-login every visit by remembering login credentials.
Functional cookies are usually placed by first parties and don’t track users across websites. However, in some cases, they can still be added by third-party services that the visited website uses.
Performance cookies
A performance cookie is a type of cookie that tracks how users interact with a website and how it performs. They can’t be used to identify specific visitors and are only used by the website owner to help improve the site and its performance.
One of the most common examples of performance cookies is Google Analytics. The tool can collect information to present data, such as the number of users, session duration, page visit count, or conversion rates.
Tracking cookies
Third-party tracking cookies, or advertising cookies, are used to build a user profile based on their interests and browsing activities and deliver relevant advertisements across websites.
These cookie types are usually persistent and set by third parties, such as advertising services. One example is Google Ads, which can gather such data as your visited sites, used apps, location, and Google searches to improve the website’s marketing strategies.
Secure cookies
Secure cookies refer to an attribute that is used to prevent unauthorized access. It means that the cookie can only be transmitted over encrypted connections. Since it’s not a cookie type but rather an attribute, it can be placed to any other cookies, such as tracking or session cookie, to secure the communication.
Zombie cookies
Zombie cookies are third-party cookies that are persistent and cannot be deleted because, as the name suggests, they can regenerate themselves. The way it works is that these types of cookies create backups in a different location than the usual cookie storage location.
Analytics companies may use such cookies to track the browsing activities of particular users, while websites can leverage them to ban specific users. In rare cases, cyber attackers can deploy zombie cookies to infiltrate your system with malware.
Cookies by duration
Cookies can also be categorized based on their expiry date. Here are the types of internet cookies that can be placed on your browser and for how long:
Session cookies
Session cookies refer to a type of duration-based cookies that track the user’s session. They’re deleted as soon as the session is finished, for example, when the user leaves the website or logs out of their account.
You can check session cookies by opening the Inspect Element on your browser. Here’s an example of session cookies on the Forbes website.
Some types of cookies that can be session-based are strictly necessary or functional cookies – ones that don’t track you on other websites.
Persistent cookies
Persistent cookies, like session cookies, refer to the duration of the cookies and are placed on the user’s computer for a predetermined time. Some cookies can be placed for a few days, while others can last years.
You can check the expiration date of particular cookies by opening the Inspect element on a website and locating the Cookies section. Here’s an example of persistent cookies on the Forbes website.
Types of cookies that are usually persistent are performance, tracking, and zombie cookie types. They continue tracking users even when they leave the website that placed them.
Specialized use cookies
While most cookie types are for web-based communications only, there’s also a specialized use type called magic cookies.
Magic cookies is an older term that refers to data packets used to identify or track a user in a system. The difference between magic and internet cookies is that the former is used in various technology applications and isn’t restricted to web-based communications.
Are internet cookies safe?
Cookies are not inherently harmful and can be used to improve your online experience by remembering user preferences on a website. While there’s no risk of getting malware on your system, cookies raise other concerns, such as unauthorized cyber attackers who can access browsing sessions, steal personal information, or otherwise exploit cookie data.
But there are other privacy concerns being raised not necessarily related to cyber criminals. For example, third-party cookies can create a detailed profile about a specific user. While the purpose of data collection is to deliver relevant ads across the web, users can’t always know how much of their actions are tracked and how the data is used.
Plus, a lot of the time companies are not transparent enough about how exactly the cookies are used, making it hard for users to make the right choice in terms of cookie acceptance.
Internet cookies and privacy regulation compliance
With internet cookies raising privacy concerns, countries around the world created regulations to enforce ethical data collection practices and protect user privacy. Website owners are obligated to comply with these regulations or face large fines or permanent penalties.
Depending on the country or region, there are different cookie laws that apply to businesses. For example, GDPR protects citizens of the European Union, while CCPA ensures the privacy of Californians.
The regulations a business must follow depend on the country in which it operates and its audience. You can check what data protection and privacy legislation apply to specific countries in the UN trade & development map.
While privacy laws protect consumers from different regions, their main compliance requirements are similar:
- Get user consent by placing a cookie banner on the website. Shopify users can leverage the easy-to-use and customizable TinyCookie banner for this.
- Allow withdrawing consent as easily as it is to give consent.
- Store user consent in one place.
- Ensure transparency by writing a cookie policy with explanations of what cookies are used.
- Secure user data to prevent unauthorized cyber criminal access.
- Allow exercising user rights, such as accessing, rectifying, or even deleting the data that was collected.
Should I accept third-party cookies?
You don’t have to accept third-party cookies. The more you decline, the less you’re going to be tracked and it’s less likely that websites will sell your data to other parties. However, keep in mind that rejecting third-party cookies could cause some websites to break.
Other cases when you shouldn’t accept cookies include when the website is unencrypted – there’s no locket by the website URL. This means the website data isn’t secure and can be used by hackers to steal personal data.
Additionally, if you always accept cookies, they can accumulate and slow down your computer as they take up disk space. And since cookies can end up storing cached information, you may not be able to see the most updated version of a page until you delete them.
How to disable internet cookies?
You can disable first and third-party cookies on any browser through their cookie settings. Some browsers, like Safari or Firefox, even block third-party internet cookies by default on both computer and mobile devices. Let’s look at how to block cookies on Chrome, Firefox, Safari, or Edge.
Chrome
To block cookies on Google Chrome, follow this guide:
- Open the Chrome browser and click the three dots in the upper-right corner.
- Go to Settings > Privacy and security > Third-party cookies.
- Click “Block third-party cookies.”
Firefox
Firefox default settings already block such third-party cookies as cross-site tracking or social media trackers. However, it doesn’t disable all sorts of tracking.
To manage your privacy settings, you can block third-party cookies on Firefox by following these steps:
- Open Firefox and go to Settings.
- Click Privacy & Security and press Custom under the Enhanced Tracking Protection section.
- Check mark Cookies and other data you want to block.
Safari
Some types of third-party internet cookies on Safari are disabled by default. However, you can delete the accumulated cookies on your browser by following these steps:
- Open Safari and click the Safari option in the upper-left corner of your browser.
- Go to Settings, open the Privacy tab, and click Manage Website Data.
- Press Remove all.
Edge
You can delete internet cookies on Microsoft Edge with this simple tutorial:
- Open Edge and click the three-dot icon in the upper-right corner of the window.
- Go to Settings > Cookie and site permissions > Manage and delete cookies and site data.
- Toggle on the Block third-party cookies button.
The future of internet cookies
Privacy regulations around the globe are trying to create a safer online environment, pushing for more transparency and regulated internet cookie usage.
Mozilla and Apple are already blocking some third-party cookies on Firefox and Safari. However, one of the most popular Chrome browsers is not going to follow competitor tracks despite promising to do so.
At the end of 2023, Google announced they would “phase out third-party cookies for everyone in the second half of 2024.” Yet, the July 2024 report now states that Google won’t deprecate third-party cookies.
Instead, Google is introducing the Privacy Sandbox initiative, which is designed to help users make more informed choices about their online data. Chrome users can already manage whether they want to allow ad topics based on their browsing history to deliver targeted ads, site-suggested ads, and ad measurements for sites and advertisers.
However, the European Center for Digital Rights states that this initiative is meant to simply direct tracking control to Google itself. So, while the creation of the Privacy Sandbox initiative reduces reliance on third-party cookies, it raises a question of whether it will help create a more private online experience.
Frequently asked questions
Internet cookies aren’t bad by themselves and cannot infiltrate your system with malware. However, if websites don’t have security measures in place to prevent unauthorized access, cyber criminals could get a hold of or misuse your personal information.
If you reject cookie usage, some websites may not allow you to enter them unless you’re a citizen of the EU protected under GDPR. This privacy regulation prohibits websites from blocking access in cases of cookie rejection. Other regulations, like CCPA, PIPEDA, or APPI, don’t explicitly mention this rule.
To clear cookies, open your browser and click More in the upper-right corner. Go to the Privacy and security section, select Delete browsing data, and make sure you checkmark Cookies and other site data. Click Delete data.
