Thoughts and tips on information security and privacy in an increasingly digital life

Cookies,Privacy,What is

What are cookies?

28 Mar , 2017, 12.05 Linus Nyman


Poor Leonard has a hard life – he forgets things. And by things I mean absolutely everything. Leonard has something called anterograde amnesia, which means that he is incapable of creating new memories.

The good news for Leonard is that he is the protagonist in the movie Memento, and his lack of actual existence is likely to at least somewhat decrease his suffering. But something that does exist is the Internet. And the Internet is a bit like Leonard’s digital cousin.

When we surf the web our computer communicates with the computers that store the information – the websites – we want to access. This communication happens in a language (or protocol) called HTTP.

In an earlier blog I wrote about HTTP being unencrypted. But HTTP is also, like poor old Leonard, incapable of remembering things. (Or, to get a bit more technical, HTTP is something called a stateless protocol.)

What are cookies? They are poor Leonard's tattoos.

What are cookies? They are poor Leonard’s tattoos. (Pic: Guy Ritchie in Memento [2000])

Cookies and tattoos

Leonard has an important mission – he needs to find his wife’s killer. Which isn’t exactly a stroll in the park when you are incapable of remembering where the park is, or if in fact there even is a park. But Leonard has developed a coping system involving taking Polaroid pictures and writing notes. And the really important stuff he tattoos on his body.

The Internet (or, rather, HTTP) also has a system for dealing with its amnesia: cookies. In practice, a cookie is a small string of characters that is tattooed (um, saved) onto your hard drive.

Say you are on Amazon and you want to buy the movie Memento. You find it and put it in your shopping cart. Then you go to check out – but when you get to the page to pay for it, it has disappeared from your cart. You give Amazon a good talking to about your shopping cart being empty even though you just put a movie in it. Amazon looks at you dumbfounded, replying that you can’t possibly have done that since it has never seen you before in its life.

That’s what life would be like without cookies. Cookies are used by the pages we visit to remember things about us. Things like what we have in our shopping carts, or our username, password, or credit card information if we don’t want to have to re-enter them every time we visit the site.

The darker side of cookies

Everything isn’t hunky-dory with cookies. We want a store we visit to remember what we have in our shopping cart, but we don’t want a bunch of random sites or companies to be able to tattoo their metaphorical bodies with information about what sites we’ve visited and what we’ve done on them. And yet, thanks to cookies, companies can do just that.

One commonly differentiates between first party cookies and third party cookies (or “tracking” cookies). First party cookies “belong to” the page you visit, and do things like remember your preferences. Third party cookies are put on a site by some other (third) party – commonly in order to track your movements and interests. This information would then be used, for instance, to show ads they think will be more effective in getting you to buy their stuff.

You can change your browser’s preferences regarding what cookies to allow, delete cookies, etc. (I’ll go through that stuff in a later blog.) If you want a quick and easy fix for limiting how much you are tracked, and want to see who is trying to track you, I recommend installing Privacy Badger or Ghostery. And regardless of whether or not you are interested in what companies are tracking you, I would warmly recommend watching the movie Memento. I seem to recall it being one of my absolute favourites.

Leave a Reply

Your email address will not be published. Required fields are marked *