Thursday, May 30, 2024

I haven’t entered my Google account username and password for a long time, even though I use their services every day. The same goes for other websites I regularly visit—my browser remembers me and no longer prompts me to enter details. There’s no need for authentication because these sites use Web Cookies.

Now I’ll explain what they are, what information they can remember, when it’s best to delete them, and how to do it.

If you want to dive deeper into this topic, you might be interested in an article for more advanced users, where we’ll touch upon the standards describing this technology and even try to create an application that uses cookies.


What are Web Cookies Technology?

Cookies are small text files that websites store on your computer through your browser. Every time you visit a site, your browser sends cookies back to the website server to exchange information.

Cookies are needed to identify the user. When you return to a site, it recognizes you and adjusts automatically. Registration forms will be filled in, language and regional settings will be set. If you’ve selected products on the site, new ones will be suggested based on your preferences.

Here’s how it works: After you enter the address of the desired page in the browser, the browser looks for the cookie file of that site on the device. If this file is found, it is sent to the server of the resource. The site receives it and starts using it. If the browser does not find a cookie, the site considers you a new visitor and asks for permission to create files on the device. These files contain various data such as information about your session, preferences, and identifiers.

What information is stored in Web Cookies?

The information stored in cookie files can be almost anything, depending on what the site you’re visiting needs. Each site has its own set of cookies, but online stores collect and store the most information. Let’s focus on the main data:

  • Individual settings: These could be language, city, page scale, currency. Cookies save you from having to reconfigure the site each time you log in.
  • Authentication data: If the site has a personal account feature, cookies store the login and password.
  • Personal data: Sites can store phone numbers, passport details, addresses, payment details. All this is done so that you don’t have to enter the same information every time you make a purchase or order a service.
  • Device data: This information is needed by site owners to optimize the operation of their resources. Session time on the site, device model, browser version are stored.
  • Transitions and clicks: When you visit a site, you’re assigned an identifier that is stored in cookie files. This identifier can be used to track your movements on the site or clicks on advertising banners. This information is necessary to make sites more user-friendly.

The origin of the term “cookie”

The origin of the term for these files is uncertain.

One theory suggests it might be a reference to the fairy tale “Hansel and Gretel” by the Brothers Grimm. In the story, the children marked their path home with breadcrumbs. This resembles tracking a user’s actions on the internet using cookie files.

Another version traces it back to the late 1970s with Unix programmers. They referred to a small package of data passed from one program to another as a “magic cookie.” The term was coined by analogy with fortune cookies—Chinese cookies containing a magical fortune inside each one.

In 1994, programmer Lou Montulli, while developing the Netscape Navigator browser, created cookie files. He was the first to come up with using a text file to store information about online purchases on a user’s computer. This allowed for the creation of a virtual shopping cart. The name for this file was borrowed from his colleagues.

Where are Web Cookies stored?

Cookie files are stored on the hard drive of your computer in the browser’s folder. You can open them using the “Notepad” program and read them, but you won’t be able to configure cookies in the folder. So it’s not necessary to know the exact path to them. You can manage cookies directly in your browser— for example, clear them or disable them. We’ll tell you how to find these settings in the most popular browsers.

Types of Web Cookies

  • Temporary: These cookies are only used while you’re actively using the website. For example, they might contain records of form submissions or data about the pages you’ve viewed. These files are deleted after you close the browser window.
  • Persistent: These cookie files are stored for an extended period. The duration is set by the website owner, but typically it’s around a year. Persistent cookies may contain passwords, usernames, phone numbers, addresses, and payment details. They may also be used by advertising services to gather information about your online behavior and preferences.
  • Third-party: These cookies belong to organizations other than the website you’re visiting. Often, these are advertising companies whose banners are displayed on the website. They track your clicks and analyze your preferences to understand what ads to show you. Additionally, services like Google Analytics use such cookies to collect data for analytics purposes.

Myths about Web Cookies

Some believe that cookies can carry viruses and affect the amount of advertising you see. This is not the case. Cookies themselves are not harmful—they’re just plain text files. They cannot execute processes on your computer or interact with the operating system.

However, they can be intercepted or stolen to track your previous actions online or access your accounts without authorization. Usually, the information stored in cookies is encrypted before transmission, and the cookies themselves are transmitted via the HTTPS protocol. This helps protect user data, but it’s the responsibility of the website developer to implement encryption and ensure secure transmission.

Cookies do not transmit viruses. For a virus to work, it must reside in a program that can launch a process. Cookies, on the other hand, are recorded in a static TXT format. For the same reason, cookies themselves cannot steal your data.

Additionally, cookie files do not directly influence the amount of advertising shown to you, but they do affect its relevance, and website owners are responsible for displaying ads.

The dangers of Web Cookies files

As we’ve discussed, the files themselves pose no threat, but malicious actors can intercept cookie files and use the information stored in them. There are several ways this can happen:

  • Session hijacking: If HTTPS encrypted connection isn’t used, hackers can intercept traffic and extract private data.
  • Cookie tampering: Cookie files should be saved and returned to the server unchanged. However, malicious actors can alter the cookie file before sending it back.
  • Cross-site cookies: In this case, hackers attack the browser itself, and instead of one site’s cookie, another site’s cookie is stored. This allows fraudsters to gain access to your session identifier on the site.
  • Cookie theft: Special programs can steal your cookies with login and password information. This would allow attackers to access your account.

The consequences of cookie file theft may include:

  • Leakage of passport data, bank card details, and other personal information;
  • Fraud using your personal data;
  • Aggressive advertising of products you’ve previously shown interest in;
  • Unauthorized access to your computer for installing malware;
  • Spam in social networks and email.

How to protect yourself

Most cookie thefts occur due to the negligence of website owners or users themselves. While you can’t influence website owners, you can protect yourself.

  1. The main recommendation is to avoid visiting suspicious sites. These include all sites that may be fraudulent: very similar to bank or social media sites, without HTTPS.
  2. Download programs and plugins only from official sites or app stores of your browser. When visiting a company’s website, check the domain in the address bar.
  3. Also, pay attention to the security of your connection. Keep your browser up to date, use antivirus software on your computer, and don’t enter personal data if you’re using public Wi-Fi.

If you really need to visit a site you don’t trust, enable incognito mode and don’t provide any personal information on the site. This way, all cookie files will be automatically deleted after the session ends.

When to clear Web Cookies?

Cookie files are cleared for various reasons. For example, if:

  • Several people use the computer. Clearing cookies prevents someone else from using your login and password.
  • The computer’s hard drive is full. Deleting cookie files frees up extra space, which improves device performance.
  • The website is experiencing errors. Clearing cookies can restore its functionality.
  • Your browser is sluggish. Clearing cookies speeds up its performance.
  • You’re tired of personalized ads. Were you searching for something online that others shouldn’t know about? Clearing and disabling cookies will give you more privacy online.

How to clear and disable cookies: You can disable cookie files in your browser settings, but completely disabling cookie files can make internet browsing less convenient. You’ll have to customize each site every time or enter data manually. In most cases, cleaning the files is sufficient. You can use special programs for this purpose. You can also clear cookies in your browser. If you use multiple browsers, remember that each one saves its own cookies. Therefore, you need to configure them separately. Let’s learn how to clear cookies in different browsers.

Laws and regulations

In Europe and the USA, there are various laws and regulations governing the use of cookies on websites and the protection of user data. Below are the key laws in both jurisdictions:

European Union:

  • General Data Protection Regulation (GDPR): This law, which came into force in 2018, imposes obligations on organizations collecting and processing the personal data of European Union citizens. It also pertains to the use of cookies, requiring user consent for their use and granting users the right to access and delete their data.

  • ePrivacy Directive: This directive complements the GDPR, establishing rules for the use of cookies and similar technologies. According to the ePrivacy Directive, websites must obtain user consent before using cookies, except when necessary for the functioning of the website or for collecting anonymous statistical information.

United States:

  • Children’s Online Privacy Protection Act (COPPA): This law regulates the collection of personal information from children under the age of 13. It requires parental consent before collecting such data, including the use of cookies to track children’s online activities.

  • California Consumer Privacy Act (CCPA): Enacted in 2020, it establishes rights for California residents regarding their personal information, including the right to access and delete it. Although CCPA does not directly relate to cookies, they may fall under the categories of personal data protected by this law.

  • Federal Trade Commission (FTC): The FTC oversees compliance with privacy and consumer protection laws in the United States. They can take action against organizations violating cookie usage policies or collecting and using personal data without consent.

The common trend in both jurisdictions is that websites must inform users about how they use cookies and obtain their consent for such usage, especially when these cookies contain personal data.

How to clear Web Cookies?

Following these steps will clear the cookies from your browser, which can help resolve issues with accessing websites or enhance privacy online.

Google Chrome:

  1. Open the Chrome browser.
  2. Click on the three dots in the top right corner of the browser window.
  3. Select History (Ctrl + H). Then click “History” one more time.
  4. Click Clear data.
  5. Ensure that the checkbox next to Cookies and other site data is checked, then click Clear data.

Microsoft Edge:

  1. Open the Edge browser.
  2. Click on the three dots in the top right corner of the browser window.
  3. Select Settings > Privacy, search, and services.
  4. Select Choose what to clear under Clear browsing data > Clear browsing data now.
  5. Under Time range, choose a time range from the list.
  6. Select Cookies and other site data, and then select Clear now.

Mozilla Firefox:

  1. Open the Firefox browser.
  2. Click on the three horizontal lines in the top right corner of the browser window.
  3. Select Options.
  4. Go to the Privacy & Security tab.
  5. Scroll down to the “History” section and click on Clear History.
  6. Ensure that Cookies and Site Data is selected and click Clear Now.

Apple Safari:

  1. Open the Safari browser.
  2. Click on  Settings…
  3. A new dialogue box will open
  4. Click Privacy
  5. Click on the Manage Website Data button
  6. To remove any cached data and cookies from your computer, click Remove all
  7. A new dialogue box will open
  8. Click Remove Now

In summary, cookies are text files stored by websites on a user’s computer through their browser, containing information about visited sites and stored on the computer’s hard drive. They can be temporary, permanent, or third-party, with temporary cookies being deleted after browser closure, permanent ones stored for a specific period, and third-party cookies belonging to third parties rather than the site itself.

While cookies themselves are not malicious and cannot carry viruses, intercepted cookies can pose risks by providing access to users’ personal information. To mitigate these threats, users should adhere to security practices such as avoiding suspicious sites, using official software, and regularly updating browsers.

Clearing cookies may become necessary if a site malfunctions or the hard drive becomes full, achievable through specialized software or browser settings. Thus, while cookies are integral to web browsing, their use requires user awareness and caution to ensure security.

Choose your TOTP token


Subscribe our Newsletter for new blog posts & tips. Let's stay updated!


Leave a Comment


John McHacker

John was a computer programmer and hacker known for his expertise in breaking into secure computer systems. He developed a reputation as a master of computer security and was often hired by companies to test the strength of their cybersecurity measures.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept