eli5: What are cookies on websites?

217 views

What exactly are cookies that you get to/have to agree or disagree with on websites and how do they work?

In: 0

3 Answers

Anonymous 0 Comments

A cookie is a small piece of information that the webpage wants to save to your browser so that it can repeat something the next time you visit. For instance, turning on dark mode as a preference saves that as a cookie, and the next time you visit, it can see that you turned it on last time and turn it on for you automatically.

The controversial aspect is that some cookies are used to track your movement across the internet. Facebook famously uses tracking cookies on every website that has a “log in with Facebook” option. From Facebooks perspective, they can use this information to see who is accessing their account from which sites. It can also check for cookies added by other affiliated sites to know that you were on a different page before this, and can use that information to target you with more relevant ads

Anonymous 0 Comments

Cookies are small files that live on your computer that store information about your website visits or activity that can be accessed by the websites you visit. They are most often used to store preferences or history for when you visit a website again. So, for example, if you put something in your shopping cart on a site, close the webpage, and then navigate back you’ll often see your shopping cart persist – that is because a cookie “saved” that cart for you.

Cookies can be used for more nefarious purposes, though. They can give a website a history of the other sites you visit and can be used to identify you even if you never give a website any personal info. Many countries have enacted legislation limiting the use of cookies – particularly cookies used without a user’s consent. The warnings you see are the website asking for your consent to use cookies to comply with these laws.

Anonymous 0 Comments

The idea of a “cookie” in general, not just on the web, is a tiny piece of data you give to someone when you meet them. Then, next time they see you, they give the piece of data back to you, and you can instantly recall things about them without them having to tell you again.

The classic real world case for this would be dry cleaning. You show up, drop off your coat or whatever, and they give you a piece of paper with a number on it. The number is not special, it doesn’t mean anything intrinsically about you, it’s just a random number. You wait for some time, then come back to pick up your coat. Instead of explaining to the person at the store who you are and what your coat looks like, you just hand them the number. They instantly know who you are, which coat is yours, and they go get it and bring it to you, no more questions asked.

If you’ve ever eaten at a restaurant where you order at a counter and the server takes the food out to the table, and they give you one of those little numbered table tents, that’s also an example of a cookie.

On the web, every time you click on anything that does something on a website, even if it’s taking you to the same website, you’re essentially doing the digital version of going up to the drycleaner’s counter or the restaurant counter and ordering something. And every time you do that, the person behind the counter has no recollection of who you are. It’s like that by design, as they’re busy serving possibly hundreds or thousands of people every second. Instead, you have to tell them who you are every single time. That can get extremely tedious or even dangerous if that means sending your login details every time you do literally anything at all. So instead, when you access the website for the first time, it gives you a big, looooong random number on it (or possibly some other data) that the website associates with your information. Any time you come back after that point, you can just flash that random number or whatever, the website can just look it up, and it will know exactly who you are.

This is why if you’ve ever gone into your browser settings and “cleared cookies”, you become logged out of all of your websites. You basically did the computer version of throwing away all of your drycleaning tags. Now all the drycleaners you may have been using will have no idea who you are next time you go back.

If you want to actually see your cookies, go to some website in your browser on a PC. If you’re on Chrome or Edge, you can click on the settings menu in the top right corner, go to “More Tools”, then “Developer Tools”. Then, find the tab labeled “Application”, look to the right, and look for the dropdown that says “Cookies”, and click on one of the websites that appears. You’ll get a list of little records, each with a name and value. Each of those is a cookie. Chances are most of them will be a bunch of gobbledegook, because they’re not really meant to mean anything to you, they’re only meant to mean something to the website that gave it to you.

As for the whole thing about accepting cookies and how they “track you”, it’s a lot simpler than you’d think.

See, when you go to more modern websites, many of them won’t just be sending you data just from that website alone. More likely, they’ll be instructing your computer to go get bits and pieces from other places all over the web, because they’re using pieces of code that someone else made. In general, this tends to be a pretty good thing. But every place your computer goes to get things, there’s a chance those places will give your computer a cookie. And every time you connect to them after the fact, your computer will dutifully bring that cookie with it every time it asks for something, so those extra websites know who you are. And again, that in itself is not a bad thing, that’s just the system working the way it should.

The nefarious part comes in when you factor in how certain very large websites are becoming extremely common warehouses for “extra bits” on the web. Google and Facebook come to mind as big contenders. Lots of websites use code built by Google or Facebook, often as alternative ways to log in. And since your computer is going out to fetch these components from them over and over, it’s showing up to Google and Facebook, equipped with a little nametag indicating exactly who you are, and you’re telling them where you’re calling from. Effectively, this tips off Google and Facebook to exactly which websites you’re visiting, allowing them to track every website with their code in it that you’re visiting. And it’s all because your computer is just doing what it’s supposed to, by dutifully reporting who you are by flashing that little dry cleaner’s ticket.

The whole thing about “accepting cookies” is due to a law in the European Union that forces website owners to ask this to all users, in an attempt to curb this kind of tracking. Though, it’s a bit controversial since it “solves” the problem in a clumsy way. It’d be somewhat like if people just always flashed their dry cleaner slips to anyone who asked for them by default, so they wrote a law that makes it illegal for dry cleaners to give you tags without asking for your consent.

Oh, and if you’re wondering why the hell we call it a “cookie” of all things, well, no one really knows. [We have some guesses.](http://www.catb.org/~esr/jargon/html/C/cookie.html) For all we know, some hackerman in the 80s probably pulled it out of their rear end, it caught on, and here we are.