HTTP Cookies - Ori Morningstar's Garden

- **Epistemic status:** #budding HTTP cookies allow small data to be stored for later use as a text string. The data is stored on your browser and can be referenced next time the page is visited. You can store a variety of things in a cookie such as a user ID's, settings (such as dark mode), items in your shopping cart, etc. They can provide critical functionality for some applications, but often attract controversy due to one of the use-cases where it is used to track user activity. An example of a use-case is storing session data when a user authenticates on a website. Next time the user visits the site, the user will be automatically authenticated. These are four classifications of the most common cookies in the wild: - **Session Cookies:** They are temporary cookies that are deleted when the browser is closed. They are used to power e-commerce shopping carts. These cookies are mostly harmless due to only being used for short-term memory. - **Persistent Cookies:** These cookies have an expiration date and when they reach that date they are deleted. When the browser is closed, they won't get deleted. This cookie will return to the issuer of the cookie when you visit the site where it was created and or an ad that you clicked. When used with ads, it's possible to track your activity through many websites, posing a privacy risk. This is how Google and Facebook can tell what ads they will show you that are more relevant to you. They are also used for remembering to leave you logged in to any service. - **First-party Cookies:** They are used only on the site that you are visiting, saving settings, sessions, etc. - **Third-party Cookies:** These are the ones we mentioned for ads. They are used across multiple sites to track users who click on an advertisement, associating them with the referring domain. ## Ways to protect your privacy Not all cookies are bad and blocking all cookies might limit some features on some websites that are necessary, but that doesn't mean we can't be vigilant. You can go to your browser's security and privacy settings and set cookies to be as strict as you can without making it difficult to access the website's features. This varies from browser to browser, and a quick google search will yield the results you need. You can also utilize incognito mode that starts a session with a clean slate, and after you close the incognito session all cookies, even persistent ones, will be deleted. That also means that no sessions that you wanted to remember you, allowing you to log in automatically, won't work. ## Laws when implementing cookies When building a software application, need to be aware of the privacy laws surrounding cookies. Like we mentioned before, they can be used for tracking users without consent, and it's against the law. Following these guidelines will help you be compliant: - If your site is based on EU or targets EU citizens, you must notify the user that cookies are being used and allow them to acknowledge it. - If you have paid advertisement or the placement of affiliate ads on your site, you need to disclose that information in an obvious way. - If you track user activity or collect any user data, you need to have a privacy policy explaining what data you gather and how it's being used. Following these guidelines will make sure that you are on the right side of the law. We aren't lawyers and are not providing legal advice. If you have any questions about the topic, consult a lawyer before collecting any data. --- ## References - “C11-519232-00_online_privacy_WP_v4b.Pdf.” Accessed April 26, 2022. <https://www.cisco.com/c/dam/en_us/about/facts_info/docs/C11-519232-00_online_privacy_WP_v4b.pdf>. - “What Are Cookies?” Accessed April 26, 2022. <https://us.norton.com/internetsecurity-how-to-what-are-cookies.html>. - “What Is an Internet ‘Cookie’? | HowStuffWorks.” Accessed April 26, 2022. <https://computer.howstuffworks.com/internet/basics/question82.htm>.