You are agreeing to have special files installed on your computer that will store certain information for the website to access. For example, a cookie file might store your account information when you check the ‘remember me’ box while logging into your account.

First a definition: A cookie is a short piece of data – less than 100 bytes typically – that the server assigned to the browser. Then for each page loaded from the same web site the browsers sends that same cookie value back to the server as a way for the server to say “this is the same browser/person as last time”. This will usually persist as you turn your computer off/on, change internet providers, or just roam between Wifi and cellular in the case of phones.

It’s essential for web pages where you can log in with an account so that you stay associated with your account, but any web site can do it for any reason. Some web sites let you have preferences without an account – these are stored in the cookie in some way. Other web sites just give everyone a unique number in a cookie and let the analytics bot have its way with them.

Since this constitutes user tracking there are privacy laws that get involved and this is the disclaimer. It’s really picked up since the European GDPR law came into effect.

Can someone please remind me of how some people recommend to deal with these? Like an extension to Accept all automatically then delete cookies upon exit or something. Been meaning to do this, get sick of clicking Accept all the time.

You agree to let them put tiny files on your computer that they can later read again.

Normally when your computer talks to a website each new page you open is like the computer talks to the website for the first time.

Imagine having a conversation with a complete amnesiac.

Every time you introduce yourself and start talking to them they immediately forget what you just said and you either have to start over again or live with the fact that amnesiac you are talking to has no idea who you are or what you have been talking with them about.

This sort of works for the sort of stuff the web originally was designed for: Static stuff that is completely anonymous and without context.

It works less well for modern websites where you want to adjust what they show you based on who you are and remember what you have done before and even do stuff like e-commerce in a non stupid way.

You could preface each sentence you say to the amnesiac with your name and where you last where in the conversation, but that gets cumbersome really fast, requires you to remember stuff that ideally the other side should remember and has big security flaw in allowing somebody else to imitate you and pretend they are you.

Cookies are a way to work around the amnesia.

It is like the web-server guy handing you a name badge when you first start talking and asks you to put it on. the badge may contain your name and an identifiable number and some other info, so every time you start talking to the amnesia they look at the badge as you talk to them and immediately remember who you are and may even be able to look up what you said before.

It makes things easier.

Of course there are potential threats too.

Some people may enjoy their anonymity and having a complete stranger slap a name-tag on you as you walk by to track who you are seems rude.

This is why the EU mandate that websites should at least ask people first before they put a tag on them and not just do it without asking first.

A website like reddit needs to use cookies to tag their users and tell them apart, but other websites that you don’t really want to remember who you are and build a profile of you and what parts of their website interest you have less of an excuse.

It is balance between being useful to make websites easier and more secure to use and simply tagging users like wildlife to track them and study their behavior. You may want one but not the other.

Ideally only the websites that put a tag on you can see that tag. So CNN.com does not know what tag Reddit.com has given you, but in practice people have found ways around that. Especially advertisers with their ads on all sorts of sites you visit have an interest in figuring out all sorts of personal stuff about you that you might not want them to know.

In a perfect world we would only let websites put cookies into out browsers when it is necessary to make the site work, but too many websites claim that they need it to work when they really don’t in order to invade your privacy.

Even worse big advertisers have found ways around the whole needing a cookie to track you think.

Normally a webserver is not just amnesic, but also completely faceblind. To prosopagnosic amnesiac everyone looks alike and without the cookies they should have no way to figure out who is who. However they do notice certain things about the person they are talking to, like what webbrowser they are using and stuff like that and based of that they might be able to built a profile of everyone they talk to tell people apart without needing cookies.

This is bad if you care about privacy and don’t want google to know what weird shit you are into and sell that info to the highest bidder.

“Can we put a badge on you with a number that will identify you, so that when you come back to this – or a related – website, we can tell who you were and when you last came to that website, etc.?”

They know that badge number 2389473 visited them on Tues, Fri, went to this page, that page, clicked here, bought this item, came from this Google search, etc. but they don’t know *everything*, only what you’ve given them (what you did while you were wearing the badge).

Clearing cookies is removing all the badges from yourself. You’ll get new ones instead, so they “shouldn’t” be able to link back to whatever number you had before. But you will likely “log in” to a lot of websites, so they will know that your website account was also associated with badge 2389473 and is now being logged into by badge 967493748 too.

It’s a harmless number, on its own, but it provides a lot of links to what you do on them and their sister websites – but bear in mind that you’re ALREADY DOING THOSE THINGS ON THOSE WEBSITES, they know you are, because it’s their website! So it’s not really all as drastic as people make out. It just means they can join together a lot of information that would otherwise look like separate website visitors, knowing that it was all “you”.

website cookies are about storing information locally on your personal device, it’s typically useful when it comes to any user specific data that would be helpful if it persisted beyond the current session

that means if you close your browser, open it back up, go back to the site – the site can use cookies to remember things about you and personalize the experience a bit based on your previous session(s)

a common example is clicking on a “remember me” checkbox – this usually means the site will store your login info locally on your device inside a cookie that the site can access and make it easier to log back in… But if you went to the same website on a different device, it won’t have your login details pre-filled – or maybe even have someone else’s… That’s because the site is pulling that info from the device, locally. A different device means a different cookie, either empty and new or pre-populated with someone else’s info

It could also even be made to remember session data, and communicate with the server if you didn’t log out soon after closing the browser. If the session data in the cookie hasn’t expired, a website’s server might allow you to continue on with your last session without logging back in, even if you accidentally closed the browser window…

It’s good for remedying convenience issues like that, but if you share the device you’re using with others, then allowing cookies could be a risk for identity theft… anything you enter into a site can be stored on a cookie and can potentially be accessed later on by anyone else using that machine unless you deleted your cookies

From a technical perspective (not a legal one): It really bugs me that websites feel the need to put these warnings up.

Your browser is something *you* control. The web server is something that someone else controls.

You are a customer going to a place. The place is giving you a loyalty card because they aren’t going to remember for you.

It’s on you (and your browser) to keep and return (or not) that loyalty card.

So if you really care about privacy, tell your browser to not store or give back loyalty cards. Don’t trust them to tell you “don’t worry, we won’t give you a loyalty card, or use any you happen to give to us”.

However, you’re going to have a hard time using websites normally if you disable cookies entirely. Most websites require them, at least within a single “visit”, to work properly. Fortunately all browsers these days have a common option: “clear cookies on exit”

For the curious, on Chrome you can see cookies by:

1. Right-mouse click > Inspect
2. Application Tab
3. Expand the cookies option on the left side menu
4. Click into any of them to see what’s being stored

Explaining like you’re truly 5: Agree with the cookies company to let them know where you put your cookies, which kind of cookies you like the most, which time do you usually eat your cookies, which pant you’re wearing eating cookies, and many more info you wouldn’t think you want to share with them.

It’s like when you meet a neighbour for the first time in a new neighborhood and they give you a name tag so they’ll remember who you are next time, and other people on that street will also know who you are and what your name is.