What is the point of a cookie? What does it do? A cookie can be used to identify you to a website. It doesn't reveal personal information (because the data in the cookie came from the website's server in the first place) - just identifies you as the same browser that visited earlier.
This is helpful for session-management (keeping you logged-in over the course of a single user-session), login persistence (the "Remember Me" or "Stay Logged In" feature you see in many apps and websites), and multi-tab browsing
What does a cookie look like?A cookie is a small text file, so it looks like a text file. It will usually be named something like email@example.com. If you were to open one of these files, it would just look like some random numbers:
HMP1 1 example.com/ 0 4058205869
384749284 403847430 3449083948 *
The strings of numbers are codes which are only meaningful to the software that generated it. Usually it is little more than a unique identifying string, although sometime they are used for data-storage.
Either way, there is usually nothing meaningful to find when viewing a cookie file.
Why are cookies needed?HTTP - the primary protocol used in web browsing to communicate with a web server - is an inherently stateless, sessionless computing experience.
That means that each page load, each request, is an independent event, unrelated to the events that come before or after it.
This is fine for viewing a few documents that someone put on their server, but anything more complicated - like logging in and getting user-specific content - requires some kind of persistence mechanism, something that will alert the server that the current request from you is related to the previous one, that they are both from the same person on the same computer.
Cookies accomplish this. The server generates one the first time you visit a site. It sends it to your browser, and your browser stores it. On subsequent page loads, the browser informs the server of the relevant cookies currently being stored. The server reads them and knows that this is the same browser as before.
Are there different sorts of cookies? Yes. There are a few different types of cookies.
The most common are session cookies, which are temporary. They are used by nearly all commercial websites to manage a single browsing session. This allows thing like shopping carts to work, even if you aren't logged in. They simply tell the server that all of your requests within a period of time came from the same computer and should be treated as a single session.
Session cookies are sometimes called transient cookies or temporary cookies. They are not stored on your hard drive, but are rather kept in active memory. They are deleted when your session closes, or after a period of inactivity (usually 20 minutes or so).
Also common are permanent cookies, also called persistent cookies. These cookies are used to identify you over multiple independent sessions. These are the ones the handle the "Remember Me" or "Keep Me Logged In" functionality of many websites and apps.
They are also used to customize content to you, especially ads.
Besides affecting your browsing experience, persistent cookies are also used for analysis and performance data tracking. They can be used to tell how long you stay on a site, how you move through the site, and other behavioral patterns. They are also used to count the number of individual, unique visitors to a site, as well as how often returning visitors come back. Website owners use all of this information to guide their decision making regarding everything from site design to image choice to page length.
Finally, there are Flash cookies. Flash cookies are generated and stored differently than "regular" (or "HTTP") cookies - they are created and stored in the Adobe Flash browser app.
The problem with Flash cookies is that they are not deleted when you clear your browser cookies. Some websites exploit this fact and use Flash cookies as a sort of "backup" for regular cookies (even sites that don't use Flash for any obvious interactive purposes).
Can I get a virus from cookies?No. Cookies are a text-based data format that cannot contain any executable code. They are not a potential security risk.
Can cookies be used to violate my privacy? That depends on how you define "privacy," and what you consider a violation.
Cookies cannot be used to obtain personal information from your computer. The only data in a cookie is the data put into by a website's server. The only site that has access to it is the site that put it there.
However, cookies are used as a part of many large browser tracking schemes which create extremely detailed user profiles. Many websites use third-party ad networks - networks which span multiple sites. This allows central data aggregators to track user activity across many different domains. Cookies are not thing used to handle this tracking, but they do play a central role.
Some people consider this constant activity tracking to be a form of privacy invasion. Other people don't mind it at all. Mostly, the only thing that data generated this way is used for is to serve relevant ads which you are likely to click on.
Who invented cookies? Cookies were invented by Netscape in 1995 as a way to solve the persistence problem in HTTP sessions.
What does the law actually say?The EU itself does not make the law. Rather, the EU creates a directive which the member nations must implement in their own laws.
While each EU member state has their own specific version of the cookie regulation, they are all remarkably similar in their effects.
The UK law was one of the first implementations of the EU privacy directive. It is found in the Privacy and Electronic Communications Regulations 2011.
What does that actually mean?What the law is saying is this:
A website (or app) cannot store information on a visitor's computer (or device), or retrieve information off of it, without the visitor's explicit consent.
This covers HTTP cookies ("regular cookies"), Flash cookies, HTML5 storage, DOM "data-" elements, and pretty much anything else that replicates a cookie-like functionality or aides with session persistence and browser identity. (From here on out, we'll call all these things, collectively "cookies" - even though this law covers a variety of related technologies.)