More articles

HTTP cookies are getting a bad rep

Written by
Published on

The internet for the most part is a stateless system of information getting transferred through a medium to countless nodes. Once you leave a webpage any interaction that you had with controls and elements on that page is vanquished from memory. At least, from your local memory. And that's a browser issue as opposed to an internet issue. What do I mean by that?

Think of it like this. If you fill out a form online, any form, such as a registration form, it used to be that the data entered would not be stored anywhere, and if you made a mistake and the page had to refresh itself, then you had to start all over again and refill out the form. Because again, the internet is relatively stateless.

In order for the form to 'remember' this content, the website itself would have to know what that information is in order to rerender it. Either that, or browsers would need to begin to store that data by default, which they have begun to do with pre-populated form fields. However, that functionality is still relatively new and can be a hit or a miss. Say hello to cookies. While the server halfway across the world might not know or care about you, the cookie will live locally on your OS and the website will be able to read this data and do whatever it wishes with it.

It's what allows you to log into a website without having to re-login on each and every page load. The website creates a unique ID, puts it in a cookie for you, and the next time you visit the page it validates this ID to make sure that it in fact is you. The safety of this can be debated for years to come and is outside the scope of this blog post. Just know that that's how cookie's work for the most part.

So cookies are pretty important in order to make the internet function more smoothly. You fill out forms and configure sites to your liking, add items to your shopping cart without having to log in or create an account all without having to think about it. This was the original sole intent of cookies back when they were first implemented during the Netscape days. The other benefit of cookies being that companies with websites back in the early 90's didn't have to store all of this extra information on their servers with limited resources. Not so much a problem anymore with the amount of storage that we are able to leverage.

Now enter the tracking cookie. Sounds ominous, I know. A tracking cookie, is just a cookie. There is no 'special' file with a .trackingcookie extension. The term refers to 'how' the cookie is being used by a website as opposed to what it actually is.

And how they work is very similar to how they work when logging in to a website. An ad agency (or some other 3rd party) will assign a unique ID to your cookie/browser (to you essentially). This ad agency is more than likely running ads on many different websites on the internet, which means that they can read this ID of yours, along with the page that you are on, and serve you ads related to your particular habits online. This can be ongoing as long as the same ID is being tracked. And the longer the sessions the more thorough your online profile becomes and the more the likelihood of landing the sale. Because that's the whole point of this ad/tracking/cookie debacle. Someone somewhere wants to sell you something. Whether you buy it or someone else buys it is irrelevant.

This is similar to the various grocery store loyalty programs that you find throughout big cities. If stores know what you are buying, they can better source and display products to increase sales. And not only does that one particular store know what you are into, but more than likely that information can be sold to other stores in that area so that they too know what to purchase to increase overall sales.

In it of itself, this doesn't sound too bad. Because you might be unaware of certain brands or products in your area that you might be interested in and in the long term the more stores carry the products that you like, the more convenient it is for you. Also, these days, many of these ads are essentially discounts and coupons to products that you might want. So you save a few bucks in the process. The biggest problem currently comes with not knowing just who is seeing this data of yours and how many different hands it will transfer through in its lifetime. And more recently, as new technologies emerge, certain metrics such as your location during various times of the day can be tracked, or at least estimated.

All of this creates a digital "fingerprint" to further help and identify you online, to again, better target ads and sell you something. And this is the main concern with privacy in this day and age. This is why you have pop-ups left and right warning you of potential cookie use. But really, it's no different than making a purchase with a credit card, a payment app, or using a loyalty card. It is the exact same mechanism. Your location, purchases and habits are kept and used for future sales.

But that's just the one 'focus' that we put on cookies. Cookies are pretty much needed to login to a website. Or to add items to a shopping cart. Or to stop showing you pop-ups when you click on the 'no thanks!' button. They are a great tool for temporary storage of data.

In this new decade, let's stop being so afraid of the cookie. Let's prevent 3rd party cookies if need be and ensure they are cleared out once a session ends. Most browsers these days have this functionality built-in and a few quick settings can handle the job. Some browsers, like Firefox even have this on by default. But let's stop pretending like the cookie is the root of all evil on websites and that we need dozens of pages of legal terms in order to use them.

Comments & Questions

No messages posted yet

New articles published each week. Sign up for my newsletter and stay up to date.

Sign up

Search for your next big coding job.

Enjoying the content?

Add a comment

Send me your weekly newsletter filled with awesome ideas
Post comment