Frequently asked questions about cookies

May 2011

What is a cookie?

A cookie is a small piece of text that is placed on your computer when you visit a website.  Cookies were created so that information could be saved between visits to a website.  They collect and store information about you based on your browsing patterns and information you provide.  Cookies record language preferences, for example, or let users avoid logging in each time they visit a site.  Almost all of the most popular websites use them.  Cookies can be very useful because, without them, you would have to enter certain bits of your personal information each time you visit your favourite site.

So, what has this got to do with privacy?

Cookies can be used to track what you do on the web – which sites you visit and what you do there.  From this information, third parties, such as advertisers, can build profiles about you.  These profiles can then be used to place advertisements on websites you visit.  These advertisements are thought to be more interesting to you because they are based on what someone thinks you like or who someone thinks you are (a man, a woman, single, married, etc.).  This practice of building profiles of computer users to tailor advertising to them is called “behavioural advertising”.

From a privacy perspective, this is okay – as long as you know what is going on and agree to it.  Many people, however, do not know about cookies and behavioural advertising.  Some people may know about them but may not want such advertisements and are unsure how they can stop them.

Some people may not like the idea of being tracked and profiled online.  They may worry about who has their information and what is going into their profile. 

I’ve heard about other cookies – like third-party cookies, Flash cookies or super cookies.  What are these?

Third-party cookies

At first, cookies were only shared between the website (the “first party”) and the user (the “second party”).  However, the use of cookies was expanded to “third parties”, such as advertising companies that display ads on certain websites. 

When you visit a website that has advertisement on it, a cookie may be passed from the advertising company (the third party) to your computer.  Later, when you revisit that same website, or another site that uses the same advertising company, the third-party cookie can be read by the advertising company.  If the cookie contains a unique identifier, then information about your visits to different websites can be linked together.  In this way, a detailed profile can be built about you (or other people who also use the same computer as you) and your browsing habits.  It can then be used to target advertising to you.

Flash cookies

Flash cookies were created by Adobe’s Flash browser add-on for multimedia.  Flash cookies can be used to save information between sessions and they are also used to track the websites you visit.  They are not normally visible to you.  Options to control or delete them are usually absent or difficult to find.  If web cookies (including third-party cookies) are deleted, Flash cookies can be used to recreate them.

Super cookies

Super cookies use new storage locations built into browsers to save information about you.  The storage mechanisms are larger and more flexible than traditional cookies, so more information can be stored.

What’s the problem with these types of cookies?

These types of cookies – third-party cookies, Flash cookies, and super cookies – raise privacy concerns because they are largely hidden from view, difficult to locate, and hard to delete – if they can be deleted at all.  See Web Tracking with Cookies for more information on the privacy challenges posed by these cookies.

Are cookies the only way to track me?

No. Your browsing history can also be tracked without using cookies.  Beacons (also called “web bugs”) are small, invisible image files included on a web page or hidden in an e-mail message.  When you visit that page or open the e-mail, the image is downloaded and information about you – your Internet address, where you are, the page you’re reading and so on –  are trackable.

I’m not sure I like this.  What can I do about it?

Web browsers provide some tools to control cookies.  You should check your browser, though.  The default may be to store all cookies indefinitely.  Your browser can be set to block cookies, but many websites insist that users accept cookies in order to use the service.  You should know that blocking cookies can impair the experience of some services. 

If you delete stored cookies, this may only clear traditional cookies and not Flash or super cookies.

Some browsers have a “private browsing mode,” but super and Flash cookies are not always covered by these settings.

If you want to clear all forms of cookies and web storage, you may have to install and use special applications.  The good news is that some developers are responding to concerns about cookies and tracking, and are working on ways for users, should they wish, to block and delete cookies.  At this time, however, there is little that can be done to prevent cookie-less tracking.

Date modified: