If you’ve done any web browsing in recent years, you’ve likely encountered the ubiquitous notifications informing you when a website is using “cookies,” and asking if you consent to their use.
It can be far easier to click “accept all cookies” than combing through and disabling unnecessary trackers one by one. But doing so without regard to the integrity of the website can put your privacy and personal information at risk, experts tell the Star.
“My recommendation usually would be to deny all cookies where possible, and only allow those from trusted sites that are necessary for the functioning of the website,” said Florian Kerschbaum, a professor of computer science at the University of Waterloo and the NSERC/RBC Chair in Data Security.
Here’s why — and what’s actually being done with your personal information.
What are internet cookies?
Unlike the tasty confectionary after which it’s named, internet cookies are tiny packages of data transmitted from websites you visit to your device, designed to monitor your activity and remember certain information about you — like your login credentials, browsing history or past purchases.
The data is stored in your browser and can be used to customize your experience whenever you revisit the page. Websites might be able to remember your username or password on subsequent visits, for example.
Cookies can be essential to the functioning of websites, like providing authentication — “You could not run an online banking site securely without something like cookies, for example,” Kerschbaum explained.
In the early days of the web, most sites used cookies solely for their essential utilities, added Rodney Ruddock, VP of Engineering at Waterloo-based cybersecurity company BicDroid. But as online sales and services began to surge, advertisers seized on cookies as a tool to track consumers and tailor ads to their activities.
Some websites began selling user data to a myriad of third parties: “If you look at cookie disclosures, you might see a lot of third party vendors — sometimes hundreds of stores,” Kerschbaum said. “And you’re providing your cookies to all of them.”
These trackers can follow you from one site to another, allowing for targeted advertising — it’s why you might see a proliferation of ads for dog training supplies after reading an article on how to train your puppy, for example.
“Your information now is more broadly known across the internet, rather than it being a 1 to 1 relationship with a website,” Ruddock told the Star. “And with that broader relationship, that also means there’s more leaking and more people collecting information about you.”
Privacy concerns around online cookies
There are likely vast stores of information about you and your browsing habits collected through cookies in online databases, Ruddock explained.
“This more personalized information can give a profile about what a person’s habits are,” he said, “and things that they may want to be private can be revealed because people just assume they’re anonymously going on the internet when they’re not.”
Should your cookie data get leaked or stolen by malicious actors, they can get access to a wealth of information about you. Because usernames and passwords are stored in cookies, for example, cybercriminals could use them to impersonate you online and login to your accounts.
E-commerce websites may also save your credit card information using cookies. “That can be accidentally exposed if someone were to, say, grab your cookie information and present it to that particular website,” Ruddock said. “Somebody could buy something on your credit card without you even knowing.”
Ian McWilliam, Senior Cybersecurity Advisor with Rogers Cybersecure Catalyst and a program coordinator at Georgian College, notes malicious actors could also gain access to your private medical or financial information via cookies.Â
“Using that information, they could definitely start scamming people,” he said. “Like they could start impersonating people close to you, they could start sending you (personalized) emails and then it’s gonna get dangerous.”
How to protect your data
The key thing to do, the experts say, is to decline all unnecessary cookies when possible. Websites began notifying users about cookies around 2018 with the passing of the European General Data Protection Regulation (GDPR) — a European privacy law aimed at informing users about the data companies are collecting about them, and allowing them a chance to consent.
These notifications allow you to disable all but the necessary cookies vital for a website’s functioning. “If they’re an ethical site, they’re not going to track you on the cookies and you can still use their site,” Ruddock explained. “A lot of people think if they refuse the cookies that they won’t be allowed to (use the site), but in most cases they can.”
That said, other “unethical” sites may still track you even if you decline cookies, Ruddock continued. In 2015, a report by the Belgian Privacy Commission alleged Facebook tracked the cookies of European users even when they explicitly asked it not to. This applied to people logged out of the site and even to those without an account.
How to delete cookies
You can check what cookies are tracking you on your web browser and delete them — something the experts recommend you practice regularly, although it may interfere with the functioning of some websites.
The process looks a little different for each browser. For Chrome, first navigate to “settings” in the top right drop-down menu and select “privacy and security” in the left column. From here, click “clear browsing data,” select “cookies and other site data” and proceed to clear the data.
“If you choose to accept cookies, you’re revealing essentially the exact identity of who you are,” Kerschbaum said. “The choice is pretty clear from a privacy perspective.”
To join the conversation set a first and last name in your user profile.
Sign in or register for free to join the Conversation