Cookies: Delicious Treat or Malicious Threat?


Ever since 2013, when Edward Snowden blew the whistle on the Nation Security Agency’s data mining practices, people have been concerned about online privacy violations. The fear that Snowden’s disclosures evoked “resonated with Americans from day one,” according to The Guardian. The leak revealed to the world the extent to which U.S. intelligence is able to conduct surveillance on the internet. “Cell phones, laptops, Facebook, Skype, chat-rooms: all allow the NSA to build what it calls ‘a pattern of life,’ a detailed profile of a target and anyone associated with them,” The Guardian reported. And one of the biggest culprits in this ongoing privacy battle is cookies.

As the Parks and Recreation clip above stated, cookies are used to collect information about a person in order to collect data and provide targeted advertising to them. But “contrary to what some users may think, cookies are not inherently malicious or dangerous,” says Symantec. Cookies are files stored on your computer’s hard disk, and yes, they are used to track your internet usage, but probably not in the way you think.

According to How Stuff Works, when you go online to a website, that website creates a “cookie” on your computer. This cookie is a text file and logs information about your internet usage based only on that website. So, it can include your IP address (essentially your computer’s ID), any links you click on from that website, anything you search for on that website, your shopping cart, how much time you spent on that website, etc. What it doesn’t include is the tabs you might have open on other websites, where you go when you leave that website, your webcam, etc.

For example: if you visit Plugged In’s website, it will create a cookie. If you click on a movie review from our home page, it will keep a record of that click. If you then type another movie into the search bar, it will take a note of that as well. But then if you go to a different website or close your Internet browser, the cookie stops. It will track what time you got onto Plugged In and what time you got off, but it has no way of knowing where you went or what you did before or after that point.

Companies use cookies for a variety of reasons. One of those reasons is to remember who you are. How Stuff Works lets us know that by creating a cookie unique to your computer’s user profile and IP address, websites can customize your experience by remembering what your preferences are. Online stores use them to remember what’s in your shopping cart even if you forget to log in or choose to shop as a guest. Banks use them to make the login process go faster. If you’ve ever had to answer security questions to confirm your identity on a website, it’s probably because there’s no cookie to let the website know you are who you say you are.

Cookies are not inherently dangerous. They’re helpful even. It’s when cookies get misused or mismanaged that they can be troublesome. How Stuff Works additionally describes cookies like a traditional mail order catalog. The catalog company has your name, address, phone number, and a list of what you purchased. It can now sell that information to a third party vendor, who can directly contact you with telemarketing calls and junk mail. Cookies can be abused the same way.

Many people are guilty of plugging their e-mail address into a website along with a bunch of other information about themselves, such as age, gender and marital status. This information might seem arbitrary, but it places you into a demographic. The next thing you know—because cookies track everything you buy or even just look at—you receive a flood of e-mails from companies selling similar products. You can also become a target for spear phishing through this process, which is where hackers attempt to trick you into revealing more sensitive information such as your Social Security number or bank account number.

Luckily, many websites’ privacy policies prevent them from selling your information to third parties. According to How Stuff Works, the European Union created a new data privacy law that went into effect on May 25, 2018. This law, the General Data Protection Regulation, requires all tech companies with users in the E.U. to comply with strict regulations intended to give personal data control back to the users. The law enforces a plain language policy (not “baffling legalese”) as well as requiring prior consent to collect and process a user’s data. So before you delete that privacy policy e-mail, maybe give it a once-over to see what you’re actually agreeing to by continuing to use the website.

Although you have full control over what data you do or don’t share, some companies still find work-arounds to get money from third-party advertisers. TechCrunch reports how services such as Facebook Exchange and Google’s DoubleClick use advertisements to drop cookies onto your computer. Because these cookies are attached to the ads, not the website, they can track your movement across several sites (any that feature the same advertisement), gathering information about everything you type in or click on. This is why you might see an advertisement for cameras on your Facebook feed after visiting a camera website, or why your child might accidentally see a trailer for an R-rated movie on YouTube.

Now, before you throw your computer away like Parks and Rec’s Ron Swanson, there are a few steps you can take to protect yourself and your family.

First, you can delete all of your cookies and adjust your browser settings to prevent future cookies. Most Internet browsers have the option to delete your browsing history, cookies, and cached files in one fell swoop. Browsers such as Google Chrome also allow you to control which sites can have cookies and which can’t and even see which sites have stored cookies on your computer (including those pesky third-party hidden advertisement cookies).

Another step you can take is to install a firewall on your computer. You can configure a firewall to filter out websites that might otherwise install a cookie you don’t want. Similarly, certain Add-Ons for your Internet browser can prevent advertisements from popping up on your screen and loading a cookie in the process. Finally, if you don’t want companies like Facebook displaying ads from all over the Internet, thanks to the GDPR, you now have the option to disable those advertisements in the website’s settings.

If you’re feeling particularly hard-core, you can also install a VPN, or Virtual Private Network. VPNbase’s website explains how a VPN essentially masks your internet presence so that it can’t be tracked, even by cookies.

But if all these options still aren’t cutting it for you, then by all means, pull a Ron Swanson and trash the computer.

Emily Clark

Emily studied film and writing when she was in college. And when she isn’t being way too competitive while playing board games, she enjoys food, sleep, and geeking out with her fiancé indulging in their “nerdoms,” which is the collective fan cultures of everything they love, such as Star Wars, Star Trek, Stargate and Lord of the Rings.