CYBERSECURITY FACT SHEET: Cookies

Feb. 13, 2018

What are cookies and what do they do?

A cookie is information a website saves to your computer using your web browser. A cookie allows sites to record your browsing activities –what pages and content you've looked at, when you visited each site, what you searched for, and whether you clicked on an advertisement. Data collected by cookies can be combined to create a profile of your online activities.

How can cookies be used maliciously?
Cookies are a useful tool, but they come with a lot of potential for abuse. Not only will advertisers attempt to track your online activities, but poorly designed web applications inadvertently create security holes that malicious attackers can exploit to gain access to your account data. Since cookies are saved in plain text, and can be easily altered, cookies must never be used to store sensitive data. Poor cookie design can lead to exposed user information and financial loss.

What can a user do to stop cookies from being used maliciously?
Web browser programs have different ways to let you delete cookies or limit the kinds of cookies that can be placed on your computer. When you choose your browser, you may want to consider which suits your privacy preferences best.

To check out the settings in a browser, use the “Help” tab or look under “Tools” for settings such as “Options” or “Privacy.” From there, you may be able to delete cookies or control when they can be placed. Some browsers allow add-on software tools to block, delete or control cookies. And security software often includes options to make cookie control easier.

If you disable cookies entirely, you may limit your browsing experience. For example, you may need to enter information repeatedly, or you might not get personalized content or ads that are meaningful to you. However, most browsers' settings will allow you to block third-party cookies without also disabling first-party cookies.

Many browsers offer private browsing settings to keep your web activities hidden from other people who use the same computer. With private browsing turned on, your browser won't retain cookies, browsing history, search records or downloaded files. Privacy modes aren't uniform, though; it's a good idea to check your browser to see what types of data it stores. Although it won't keep cookies after the private browsing session ends, cookies used during the private browsing session can communicate information about your browsing behavior to third parties.

 

SOURCE: National Cyber Security Alliance Cyber Threat Resources booklet, November 2012

PDF



Useful Links