Internet cookies, often called website cookies, computer cookies, or just cookies, are small text files that websites store on your computer or device when you visit them. These files contain data that websites use to remember and track information about your browsing activity.
In this article, we look at what cookies are and how they are used. Third-party cookies, in particular, can pose a threat to your online privacy, so we’ll discuss them in more detail.
- What is a browser cookie?
- First-party and third-party cookies
- The “EU cookie law”
- Frequently asked questions
What is a browser cookie?
Cookies are small text files that websites you visit store on your browser. Cookies can store various types of information, including login credentials, browsing history, user preferences, and shopping cart contents. Most cookies are benign and help improve your overall browsing experience.
Cookies typically don’t contain personally identifiable information (PII), such as your real name or address. Instead, they use unique identifiers to associate the stored data with a specific user or device. However, advertisers and Big Tech can use these unique identifiers to track you as you move between websites.
Cookies can be broadly classified into two types:
Session cookies are temporary and are stored only during your browsing session. They enable a website to remember your actions and preferences within a single session, such as the items you add to a shopping cart. Once you close your browser, it deletes your session cookies.
Unlike session cookies, persistent cookies are stored on your device over multiple browsing sessions. They’re used to remember your preferences and settings for future visits. For example, persistent cookies may remember your login information or language preference on a website. Third-party cookies (see below) are almost always persistent cookies.
First-party and third-party cookies
Another way of classifying cookies is whether they are first-party or third-party cookies.
First-party cookies are created by the website you’re currently visiting. They enhance the website’s functionality and remember your preferences, payment details, and other logistical data.
As you can see, first-party cookies are usually beneficial to you, the visitor, and any attempt to block them will likely damage the website’s functionality or even break it altogether.
Third-party cookies are set by domains other than the website you’re visiting. They’re often used for advertising and tracking purposes. For example, a website may include third-party advertising or social media plugins that set cookies to track your interactions across different websites.
Third-party cookies typically belong to advertising companies such as Google or social media networks such as Facebook, TikTok, and Twitter. These companies have business models that rely on knowing as much about you as possible so that they can target you with ever-more personalized ads.
This kind of internet cookie presents a serious privacy risk while offering little benefit to you, the website visitor. It’s usually safe (and arguably advisable) to block third-party cookies. Most web browsers provide options to manage and control cookies, allowing you to delete or block them selectively.
The “EU cookie law”
Since cookies can be used to identify you, they’re also considered “personal data” and subject to GDPR. This allows companies to process data gathered via cookies as long as that data is considered to be of legitimate interest to the website.
In practice, EU attempts to regulate cookie abuse have been less effective than hoped for. Many websites simply ignore the law while others refuse to load unless you accept third-party cookies. Another problem is that many people agree to cookies without ever bothering to look at what they’re doing.
A good rule of the thumb for thinking about cookies is “first-party cookies: good; third-party cookies: bad”. First-party cookies play a crucial role in enhancing the user experience and personalizing website content, but third-party cookies often raise serious privacy concerns.
Frequently asked questions
Does a VPN protect against cookies?
A standard virtual private network (VPN) hides your real IP address from websites you visit but does not, on its own, provide any protection against cookies.
However, Proton VPN offers a feature called NetShield Ad-blocker. This filters DNS queries from domains known to host ads, malware, and trackers, effectively blocking many malicious cookies.
How do I stop internet cookies from tracking me?
Using Proton VPN with Netshield enabled (see above) is a highly effective way to prevent cookies from tracking you. You can also block third-party cookies in your browser. Just be aware that doing this may occasionally prevent some websites from working correctly.
Are cookies the only way that websites can track me?
No. As more people become aware of the dangers of cookies and take action to mitigate their abuse, websites, advertisers, and Big Tech have all developed other ways to track people against their will. The most common techniques are browser and device fingerprinting, but other sneaky tactics include HTTP E-Tags, web (or DOM) storage, and browser history sniffing.
How do I block third-party internet cookies in my browser?
Most web browsers allow you to manage how they handle cookies, including enabling you to block all third-party cookies. Please see our article on how to block third-party cookies on all browsers for a detailed look at this subject.
Are third-party cookies ever useful to website visitors?
Not really. Some of the scripts that set third-party cookies might be useful (for example, a script that loads a live chat support window), but the cookies themselves are almost invariably designed to track your online activity as you visit different websites on the web.