Internet cookies, often called website cookies, computer cookies, or just cookies, are small text files that websites store on your computer or device when you visit them. These files contain data that websites use to remember and track information about your browsing activity.

In this article, we look at what cookies are and how they are used. Third-party cookies, in particular, can pose a threat to your online privacy, so we’ll discuss them in more detail. 

What is a browser cookie?

Cookies are small text files that websites you visit store on your browser. Cookies can store various types of information, including login credentials, browsing history, user preferences, and shopping cart contents. Most cookies are benign and help improve your overall browsing experience.

Cookies typically don’t contain personally identifiable information (PII(new window)), such as your real name or address. Instead, they use unique identifiers to associate the stored data with a specific user or device. However, advertisers and Big Tech can use these unique identifiers to track you as you move between websites. 

Cookies can be broadly classified into two types:

Session cookies

Session cookies are temporary and are stored only during your browsing session. They enable a website to remember your actions and preferences within a single session, such as the items you add to a shopping cart. Once you close your browser, it deletes your session cookies.

Persistent cookies

Unlike session cookies, persistent cookies are stored on your device over multiple browsing sessions. They’re used to remember your preferences and settings for future visits. For example, persistent cookies may remember your login information or language preference on a website. Third-party cookies (see below) are almost always persistent cookies.

Get Proton VPN

First-party and third-party cookies

Another way of classifying cookies is whether they are first-party or third-party cookies.

First-party cookies

First-party cookies are created by the website you’re currently visiting. They enhance the website’s functionality and remember your preferences, payment details, and other logistical data.

As you can see, first-party cookies are usually beneficial to you, the visitor, and any attempt to block them will likely damage the website’s functionality or even break it altogether. 

Third-party cookies

Third-party cookies are set by domains other than the website you’re visiting. They’re often used for advertising and tracking purposes. For example, a website may include third-party advertising or social media plugins that set cookies to track your interactions across different websites.

Third-party cookies typically belong to advertising companies such as Google or social media networks such as Facebook, TikTok, and Twitter. These companies have  business models that rely on knowing as much about you as possible so that they can target you with ever-more personalized ads. 

This kind of internet cookie presents a serious privacy risk while offering little benefit to you, the website visitor. It’s usually safe (and arguably advisable) to block third-party cookies. Most web browsers provide options to manage and control cookies, allowing you to delete or block them selectively. 

Learn more about third-party cookies and how to block them on all browsers

The “EU cookie law”

If you live in a European Union (EU) country (or the UK), you’re probably  used to being asked to consent to the use of cookies when you visit websites. This is primarily due to the ePrivacy Directive(new window), which requires all websites to ask anyone who visits them using an EU IP address for explicit consent before placing cookies on their browser. It was designed to reign in privacy abuses from third-party cookies. 

Since cookies can be used to identify you, they’re also considered “personal data” and subject to GDPR(new window). This allows companies to process data gathered via cookies as long as that data is considered to be of legitimate interest(new window) to the website. 

In practice, EU attempts to regulate cookie abuse have been less effective than hoped for. Many websites simply ignore the law while others refuse to load unless you accept third-party cookies. Another problem is that many people agree to cookies without ever bothering to look at what they’re doing. 

Final thoughts

A good rule of the thumb for thinking about cookies is “first-party cookies: good; third-party cookies: bad”. First-party cookies play a crucial role in enhancing the user experience and personalizing website content, but third-party cookies often raise serious privacy concerns. 

Frequently asked questions

Does a VPN protect against cookies?

A standard virtual private network (VPN) hides your real IP address from websites you visit but does not, on its own, provide any protection against cookies. 

However, Proton VPN offers a feature called NetShield Ad-blocker. This filters DNS queries from domains known to host ads, malware, and trackers, effectively blocking many malicious cookies. 

Learn more about NetShield Ad-blocker 

How do I stop internet cookies from tracking me?

Using Proton VPN with Netshield enabled (see above) is a highly effective way to prevent cookies from tracking you. You can also block third-party cookies in your browser. Just be aware that doing this may occasionally prevent some websites from working correctly.

Are cookies the only way that websites can track me?

No. As more people become aware of the dangers of cookies and take action to mitigate their abuse, websites, advertisers, and Big Tech have all developed other ways to track people against their will. The most common techniques are browser and device fingerprinting(new window), but other sneaky tactics include HTTP E-Tags(new window), web (or DOM) storage(new window), and browser history sniffing(new window)

How do I block third-party internet cookies in my browser?

Most web browsers allow you to manage how they handle cookies, including enabling you  to block all third-party cookies. Please see our article on how to block third-party cookies on all browsers for a detailed look at this subject.

Are third-party cookies ever useful to website visitors?

Not really. Some of the scripts that set third-party cookies might be useful (for example, a script that loads a live chat support window), but the cookies themselves are almost invariably designed to track your online activity as you visit different websites on the web.

Protect your privacy and security online
Get Proton VPN free

Related articles

VPN on mobile device
Growing public awareness about the threat posed to our fundamental right to privacy by online trackers has fueled a surge in VPN adoption, a trend that has been boosted thanks to people spending more time online due to the Covid-19 pandemic. Althoug
Tor over VPN
  • Privacy deep dives
Tor is a powerful privacy tool, but you may not want to use Tor all by itself. Learn why you may want to connect to Tor over a VPN. When you connect to the Internet, especially if you’re using public WiFi, there’s a good chance people are watching y
Smart TV privacy
Smart TVs are essentially televisions that can watch you. Their surge in popularity, along with smart speakers, means corporations (and anyone that can hack these devices) have another window through which they can view your private activity. The dat
Expats should use a VPN
Living abroad can be an adventure, but it also presents unique online privacy obstacles. A VPN can help expats stay in touch with their family and avoid Internet censorship. In the age of the “digital nomad” more and more people are moving abroad. L
The internet is full of information, but some of it is inappropriate, especially for kids and sensitive adults. SafeSearch can help filter out this content to make browsing safer and improve your children’s privacy online. This article explains how
IP whitelisting best practices
IP whitelisting is a security mechanism that restricts access to networks, systems, or applications based on approved IP addresses. Only IP addresses on the whitelist are permitted to connect, while all others are denied access. This method is typica