Skip to main content

Privacy and Cookies

January 17th, 2019

We’re not talking about baked goods when we say that cookies are everywhere on the internet. Well, you can probably order a lot of them from Amazon, but we’re talking about computer cookies here. Cookies are encrypted text files that websites place on users’ computing devices to help websites remember your presence, login information, and activity, and help keep user experiences consistent. Cookies can also collect user information, enable targeted marketing, and serve ads, and make search suggestions relevant to your browsing history.

There are “good cookies” that improve the performance of websites, such as remembering the pages that you visited to make them easy for you to find. But cookies can also be used for marketing and potentially unwanted advertisements. As you might imagine, the information associated with cookies often is exploited to build a profile of your preferences and provide unwanted marketing and advertisements. Entities that collect cookies can also sell your profile and preferences, leading to additional unwanted emails and targeted marketing.  

Cookies aren’t viruses, but they can be used as a form of spyware. To avoid being spied on, make sure you keep your antivirus/anti-malware software up to date. Most antivirus/anti-malware software includes detection and deletion of cookies as part of its routine processes. Also keep your web browsers up to date; a recent patch may be able to close a loophole that could have been exploited to steal your info. Typically, browsers will update themselves, but if the update settings are somehow set to manual, you will have to change it to automatic or check for updates yourself. To find out how to update your browsers, follow the links below:

You can also routinely delete cookies yourself and manage how they’re collected. To find out how to delete and manage cookies and install patches for each web browser, click the link below:

Computer hackers like to use cookies for a number of nefarious schemes.  An example of how hackers use cookies is called “cookie theft.” Cookies are supposed to be sent only between a user's web browser and the server the user is communicating with. A hacker might post compromising code to a website. Then, when a user clicks on the link and logs in to the compromised website, the compromising code steals the user's cookie and sends it to the hacker. The hacker can then use the stolen cookie, which includes the user’s login credentials, to connect to the same website posing as the user.

You’ve probably recently received a number of notices about cookies as well as requests to consent to the use of cookies on websites. These notifications and consents are required by a new European Union privacy regulation, the GDPR, that took effect in May of 2018. The GDPR requires some websites to inform users of what cookies and tags are collected and how they are used. The regulation requires certain websites to obtain consent from users before collecting their information.

Cookies can make browsing the web convenient, but like any helpful thing, they can be exploited. Make sure to manage them and avoid unwanted online solicitations, or worse, the theft of important, personal information.

Make sure to follow UTO on Twitter @ASU_UTO.