Cookies are small text files placed by websites on their users’ computers. These are not executable and so cannot serve as malware, worms, or viruses. Cookies come in many flavours:
(1) Usually, cookies are designed to do nice usability enhancements like: allowing the website to recognise its users on subsequent visits, helping users retain shopping carts when they come back later, render appropriately for mobile devices as opposed to PCs, help time out certain sessions for security, remember the default language to use, etc. These cookies are normally set by the company that serves you the website. These are “first party” cookies.
(2) Sometimes, websites might allow cookies of domains other than the one the user is currently browsing. Browsers usually detect and block such cookies.
(3) There is a type of third-party cookies that help display online ads that are relevant to the users’ interest. Some of these cookies collect data anonymously and some don’t. The anonymous help detect browsing patterns and approximate geographical location to improve user experience or serve targeted ads. For instance, let’s assume that you searched for a “toaster” on your favourite webshop and then moved on to your favourite news site. If the webshop and the news site use the same ad service and/or analytics service, you may see a banner ad with a toaster on the news site. Cookies are designed to be set, read, and managed by the same domain. But as ad cookies work by an ad service’s widget being used by multiple domains, these cookies can be read by all domains that share the same ad service.
(4) Some websites use images called ‘web beacons’ or ‘clear gifs’, which collect limited information such as a cookie number, a timestamp, and a record of the page on which they are placed. These beacons do not carry any personally identifiable information and are normally used to track the effectiveness of a given ad campaign, by counting the number of unique visitors. Third party web beacons may also be hosted by websites.
From the preceding discussion, it is clear that information collected by cookies and web beacons is not personally identifiable in almost all cases. But being followed by ads and campaigns as in 3 and 4 above are off-putting to some users. Hence, cookie management is a topic of importance.
Any of the above types of cookies may be session cookies or persistent cookies. Session cookies are those that determine (for instance) whether you are browsing from a mobile device or not (to render pages for that screen size), or to set your current language of browsing, etc. Also included are authentication cookies, and other security or configuration-related cookies. These cookies will be automatically destroyed when you close the browser. Persistent cookies stay on to help you pick up where you left off during your last visit. Additionally, type (1) above are also called “strictly necessary cookies”, without which the site will not function properly.