Cookies always appear at the beginning of a page on the web. Sometimes you are asked to accept them all or to personalize them. But what is really going on?
Table of Contents
What is it?
The cookies or cookies HTTP cookies are tiny text files, composed of bits of data. They are deposited on web browsers. From this data, the web browser tracks the user’s browsing history. This allows them to plan customizations for future browsing sessions for each user. They are therefore the basis of web functionality and are generally useful for commercial browsing.
The initial objective of cookies is to prepare web pages related to personalized topics. But they are also used to record login information for certain sites. They can be useful.
When you log in, you are presented with a form. You have to fill it in with your personal data, such as your name, email, interests, etc. Then, this completed form will be sent to the website as a cookie. Then, the site keeps it in stock for future navigations. Each time the browser loads a page, this message is sent back to the server.
The server has no memory, which is why the cookies allow the browser to remember your preferences. From these, personalized web pages are presented to you.
Why do we need to understand what cookies are?
It is necessary to understand the basics of these trackers for all Internet users, whether they are amateur users or web developers. A good understanding allows to use them wisely and thus to avoid security and privacy risks. It is therefore necessary to know what they are used for and how to manage them to avoid any bad experience related to cookies.
What makes up a cookie?
The cookies are usually composed of specific bits of data. A cookie must contain at least two bits of data: an identifier and data related to that identifier.
The different types of cookies
Different types of cookies Cookies exist and for different reasons. However, we will present the four most popular types: session cookies, persistent cookies, proprietary cookies and cookies third parties.
They are temporary, and are stored in the browser’s memory only while you are browsing. When you close the browser, the cookies session cookies are deleted from the history. So they don’t present much of a security risk. They are often found in online shopping carts. And they control what the user sees in a single site on multiple pages.
These cookies are used over a longer period of time, they have an expiration date submitted by an issuer. This means that even if you close your browser, the cookies persistent cookies will still be stored there. Every time the user visits the site that sent the tracker, the data will be sent back to the sender. And this tracking can also be done in different sites from the one that sent the cookies. This is the case for Facebook and Google which generate a history of user activities on their websites and on other different websites.
When one clicks on “Remember me”, one creates cookies persistent cookies. This stores the user’s login information in the browser. Their longer survival period increases the security risks.
These cookies Cookies allow certain websites to achieve a specific goal. For example, filling a shopping cart on a site for online orders. If these cookies are disabled, when adding another item to the cart, it will be seen as a new order. It will not be possible to make multiple purchases in a single transaction.
They come from a site that the user does not visit at the time. The cookies Third-party cookies are used to track a user who has clicked on an advertisement and linked to it.
What are the risks associated with cookies and how can I protect myself?
Because they collect information about the user and his or her preferences cookies represent instruments that can affect the security and privacy of users. The risks associated with these elements can be divided into two categories: fraud and privacy risks.
This method is frequently used to exploit users. Fraud on cookies is either in the form of a malicious site attacking another website through the proxy. Or by tampering with the activity of a legitimate user with a fake session ID for game tracking. Four types of fraud have been identified for a better understanding: cross-site scripting (XSS), session fixing, cross-site request forgery (CSRF) and cookie throwing attacks.
Cross-site scripting (XSS)
The user receives a cookie after a visit to a malicious site. This cookie generated will contain a script load that will target another web site. However, this cookie malicious cookie disguises itself and falsifies its source. Later, when a visitor visits the targeted site, the fraudulent tracker is sent to the targeted site’s server. Attackers usually take advantage of this vulnerable browsing to bypass access controls.
It is based on the fraud of the identifier. The user receives a cookie malicious cookie in the form of the session ID of the cookie. When he visits other websites, they will not record his session ID, but the ID of the cookie malicious cookie issued. The user will then think that he is performing his own actions when in fact the sender is performing them on his back. This fraud allows attackers to control valid user sessions.
Cross-site request forgery (CSRF) attack
After visiting a legitimate site and sending cookies legitimate, the user goes to a malicious site that will ask the malicious site to attack the legitimate site.
The cookie-throwing attack
The user receives cookies from a malicious site that appears to be from a subdomain of the targeted site. When he goes to the targeted site, all his data will be sent. But the cookie interpreted first will be the one of the subdomain.
How to protect yourself?
The best way to protect yourself is to make sure your browser is updated as well as simply avoiding risky sites. Trust the warnings at the beginning of your browsing.
Invasion of privacy
This risk of privacy violation is of much greater concern to users than fraud. Potential invasions are reflected in the targeted and untimely advertisements that are displayed throughout browsing. The user community refers to this as “constant tracking” of browser activities.
How to protect your privacy online?
It is not possible to completely reduce the risks but one can limit access to privacy by taking care to limit the cookies. Taking the time to read your browser’s privacy and security settings is the first thing you should do. This will allow you to control the privacy and security of your browsing with respect to cookies. The second option is “private browsing” or incognito. This option prevents the exploitation of cookies persistent.
What about viewing and deleting cookies?
This process is simple. Just go to your browser settings, in the privacy and security section. An option “show the cookies ” is found there. The user will be able to view the trackers stored in the browser and at the same time delete them permanently.
It is impossible to delete these types of cookies from your browser. The problem is that deleting them automatically recreates them. If they are not always malicious, the majority of Internet users disapprove of their indelible nature. Therefore, you have to be patient to remove them. Doing a Google search on the subject can help. Other users or developers have already been able to delete cookies zombies. The challenge is to find the location of the tracker recreation script. Once found, deleting this script will prevent the rebirth of the disruptive tracker.
The control policy
It is important to know that the user can control the policy of his cookies. The Internet user should look for the policy on cookies that is appropriate to him to reduce the risks related to them. This management varies depending on the browser the user uses. It is also possible to control trackers via browsers on mobile devices.
Source: html – Credit: