Internet Cookies Aren’t Evil: 6 Myths Busted

Viruses, Trojan horses, worms, phishers, spam e-mails, and online fraud; these are the perfect ingredients to scare the unaware users of the Internet. And I am not talking about a certain group or country here. It seems like anywhere around the world, people have heard of such threats and have become more afraid to the point that they even take too much a precaution with (or against) their most trusted websites. Sadly, innocence played the bad guy’s role this time, and one of its victims is the tiny little chunk of data we call Internet cookie.

Today, let’s play myth busters and help our dear Internet cookies rid themselves of a number of accusations. Let’s investigate such misconceptions one by one.

Misconception #1: Internet cookies are a form of virus or worm that can cause damage to your computer.

For those who believe and are going overboard on thinking that Internet cookies are destructive viruses or worms, then I’m sorry for breaking the news to you. Internet cookies cannot cause damage, unlike a computer virus or worm. In fact, cookies do not really have anything to do with your computer system, as it is only composed of text understandable by both your browser and the web server that sent it. In short, Internet cookies are composed of only data, not programmed or programmable code.

Misconception #2: Internet cookies are spywares that give away your private information to the entirety of the web.

Don’t instantly believe your anti-spyware when it detects “something malicious” from certain websites, for it might just be judging your cookies by mistake. Internet cookies contain information like browser type, IP addresses, and some private information, like usernames, that you provided (out of your own free will, of course), and that fact makes you afraid of Internet cookies being spywares themselves. But fear not, for the reason why Internet cookies took such information about you is because they only want to customize your surfing activities to your own liking.

For example, most websites that require registration for you to visit them have an option of whether to remember you or not. This means that the web server of one of those websites can use Internet cookies to identify you among their database of users. The Internet cookie for that website will then customize your surfing activity by remembering your login information for you, so you don’t have to type them again. However, as mentioned in number one, Internet cookies are non-programmable and non-configurable, so there’s really no need to worry about them being spywares.

On a personal note, I must warn you not to fully trust such “auto-remember” features of a website especially when you are using public or office computers. My warning is not because your Internet cookie might be a spyware (which it is not), but you should avoid being remembered by the Internet cookie of a website because some malicious others can easily access your accounts once they use the computer where you are the last one who logged in to.

Misconception #3: Internet cookies produce pop-ups or allow their entrance to your browser.

This is definitely a “no-can-do” for Internet cookies. Simply put, pop-ups comprises an online advertising scheme that increase Internet traffic, as they are contained in a separate browser window once its link is clicked. I find it rather doubtful that an Internet cookie could be triggered, not to mention open a web browser and burden the fast-paced Internet traffic that has always been loaded with server requests and replies.

Misconception #4: Internet cookies give way to spamming.

Spamming, according to Wikipedia, is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. In relation to Internet cookies, this, certainly, is not one of the functions of an Internet cookie, especially since an Internet cookie is just a group of data, not a programmed or programmable code (this seems to be the best explanation for all the misconceptions people have against Internet cookies). Also, they can only serve as informative tools browsers use for the computer user and nothing more.

Misconception #5: Internet cookies are for advertising purposes only, causing alarm on the consumer’s part.

Internet cookies serve a lot of purpose other than advertising. While it is true that advertisers somehow make use of the cookies’ ability to store browsing behaviors of users who click on their advertisements in a web page, Internet cookies are more than what we thought. Actually, Internet cookies care a lot about the consumers in this virtual market.

Like any form of media there is today, the Internet also runs on advertisements to make browsing websites free for consumers. It would be too hard for you, a consumer, if you need to pay a website before browsing it every single time, right? It would also be too hard for online publishers if they should generate revenues of their own, similar with advertisers if they cannot reach their audience. Internet cookies make this seemingly triangular problem by allowing advertisers to promote on different publishers’ websites for consumers. Through watching a consumer’s surfing behavior, the cookies ensure that, while keeping enough ads for advertisers to catch an audience and for publishers to generate income, consumers will not be bombarded by too much promotion.

This means that website publishers’ revenues will remain constant (if not increase), which will maintain the good qualities of websites and website contents. Also, advertisers will continue supplying resources to the publishers. In turn, Internet surfing will remain free of subscription for us consumers. I believe everyone will agree with me that the last premise is for everybody’s own good!

Misconception #6: The best way to avoid any damage caused by Internet cookies is to disable and delete them.

You don’t want to do this, believe me. Internet cookies make our virtual lives easier by giving us an option to remember all our seemingly repetitive details we keep on typing on websites’ textboxes. Imagine your Internet life without cookies to aid you. You have to type every single detail about you whenever you have to log on some website.

This holds true for online buyers who do not have time for sorting out details and figuring out where their desired products are. Online buyers tend to just browse at a specific category of online products, get some news on what’s latest about their purchase, learn about the stock prices, and know exchange rates and other involved fees. Internet cookies actually do all those things for online buyers because, as mentioned earlier, the cookies observe the surfing behavior of a person. In the case of our online buyer above, the cookies will give highest priority to the types of products the consumer usually look for, setting the web page to that product as if by default. Also, other online services the consumer is fond of requesting for will be “suggested” by cookies through website elements like advertisements and safe pop-ups.

In relation with hindering cookie activities, a lot of Internet users believe that they will be safe from computer viruses, worms, and Trojan horses if they do disable and delete their Internet cookies. That is so wrong, because cookies cannot carry any other information than that of your browser and its web host. Computer threats like viruses need not require cookies to infect your computer. We will discuss those computer risks some other time.

Companies behind it?

Let me remind you that the misconceptions above are often abused by certain software companies for their gain. There are online software companies that overstate security threats because of the misconceptions above, persuading you to install their program to fight such “devilish tracking device” which we all know as Internet cookies. Don’t believe them, especially now that you know there is nothing to worry about regarding cookies. Be the harbinger of good news for Internet cookies, and educate those who are sticking with their false beliefs. I can only hope that someday, one of the online security organizations will look into this issue and bring Internet cookies to salvation.

Anyway, let me end this article with older findings of surveys that still speak the truth even up to now. In a study entitled “Users Don’t Understand, Can’t Delete Cookies,” by Brian Quinton of Direct Online Magazine last May 2005, a number of online companies and security watchers published reports on behavior of consumers towards cookies. Starting with a report by Jupiter Research, research entities published their own studies, all of which consistently points that roughly 35 to 50 % of online users delete their computer cookies at least once a month.

Moving along within the study, Insight Express, an Internet marketing research firm published all of their findings. Here are figures about how Internet cookies are wrongly perceived:

The indication that users are ascribing evil intent to cookies was made clearer in another portion of the InsightExpress survey. Asked to check off all the reasons that they delete cookies, two-thirds of respondents—66.5%– said they erase cookies to “protect my privacy/ prevent tracking.” That response was the second most widely given in the survey, following only “clean computer/ free up disk or memory”, something 77.4% of those polled said they agreed with.

At least the privacy/ tracking prevention answer has the virtue of being valid. Other choices from the list of reasons to delete cookies show a serious misunderstanding of the technology’s capabilities. About 57.2% said they get rid of cookies to “remove spyware/ adware” from their hard drives. About 43% said doing so “eliminates spam”; 38.7% said it prevents pop-ups; and 33.8% said it prevents computer viruses. Fifty percent of those polled also said they deleted cookies because it was “recommended”.

And finally, on June of 2005, BURST Media published a report about cookies entitled “Don’t Understand Them, Can Be Good, But, Should Be Deleted” and I would like to wrap this article up the same way they did. Here’s the last paragraph, a quote, from their report:

“Privacy and security issues taint online users overall perception of Internet cookies. Nevertheless, only one-out-of-four say they want Internet cookies ‘eliminated’,” says Chuck Moran, BURST! Media’s Market Research Manager. “There is significant opportunity for the Interactive industry - including content publishers, agencies and clients as well as third parties to build user understanding of and trust in Internet cookies.”

Loki on December 27, 2007 Subscribe to our RSS Feed

Bookmark

16 Responses to “Internet Cookies Aren’t Evil: 6 Myths Busted”

Cookie Hater on December 27th, 2007 10:07 pm

These are lies. Everyone “knows” how bad cookies are. It is fact that cookies can get your IP address and then spam it all over the web. Next thing you know, you have trojans breaking down your firewalls and worms chewing through your files. Cookies attract worms just like honey attracts bees. Spyware and cookies are the same thing. The spyware sees the cookies on your computer and knows that there is free access to everything on your computer. It doesn’t matter if you are running mac windows or linux, you must NEVER ACCEPT COOKIES. I read this all on the internet too.
Arun on December 28th, 2007 12:23 am

I agree with the intention of the author that Cookies as such are not techniques developed to aid in the propagation of malware or exploitation of the user. Cookies are about storing session information. Essentially Cookies are used for saving information on a user’s browsing session which can perhaps be used for advertising or for login or for any other personalized activity. This also makes them prone to be misused since they contain data on the user after all.

For the same reason, deletion of cookies does not guarantee you any protection from spam or malware. But not having cookies does negate the little bits of information on your browsing experience that reside on the system.
Akhil Tandulwadikar on December 28th, 2007 9:12 am

I know cookies are harmless. But is there a chance that a virus/spyware/Trojan could read through them and send the data to a server or something?
Daniel on December 28th, 2007 9:42 am

Akhil, I don’t think so. As explained in the article you can’t put code in a cookie.

What could happen is someone getting your private information stored in a cookie and use it (like a password) to put a trojan horse on your machine. But this should be rare.
Loki on December 28th, 2007 9:49 am

To Mr. Cookie Hater, you shouldn’t really hate cookies. Although cookies conatain data about anyone virtually present, only the web browser can really read your cookie’s information. Other than that, cookies are just irrecognizable data even to you.

If you choose not to accept cookies, then that’s your choice. But then again, be prepared on repeated typing and customization of things you want to browse.

If you think cookies attract worms just like honey attracts bees, then maybe you’re right, given that your bees can understand cookies the way web browsers do. Other than that, without cookies, your Internet will be just like the universe, so vast and yet so empty.
Loki on December 28th, 2007 9:54 am

Arun, thanks for the compliment. I would just like to reiterate, deletion of cookies is no guarantee that a user cannot be attacked by other malicious web programs out there. After all, cookies are just bits of data for your browser, it has no significance to the Internet whatsoever.
Loki on December 28th, 2007 10:00 am

Akhil, there is a very, very small chance that any of those malicious programs use cookies for exploit, as Daniel stated.

However, there are ways wherein cookies are used not for their data but for their ability to reside in a system. But such discussion is better seen in a form of another article, a follow-up on this one.
Akhil Tandulwadikar on December 29th, 2007 7:43 am

Thank you, Daniel and Loki! That was helpful.
mmhan on December 30th, 2007 11:28 am

I’m aware that Cookies aren’t “Big Threat” for privacy, the only thing I’m worried is that, I could see sometimes, the cookie stores a Password and Log In name in plain sight with no encryption whatsoever.

Isn’t there a way that a website of certain domain could read the cookie of another domain?
Or like injecting a javascript to do so?
Loki on January 1st, 2008 11:05 am

mmhan, only the website that sent the cookie can read it, since cookies are data sent by a server to a browser, and understood only by both.

With regards to the Javascript question, I think it can only create a cookie for the website in place of the web server. Maybe if a person has all the time in the world to figure out a website’s cookie creation process, then he can. But I believe there is more important things to life than that.
mmhan on January 2nd, 2008 7:54 am

Thanks for the reply. I was a wee bit concerned with that.
bayoujim on January 24th, 2008 8:01 pm

Cookies are intrusive crap usually put on a computer without the owners permission.
Loki on January 25th, 2008 1:40 am

Lol, bayoujim, that was a bit mean. It doesn’t really follow that since you don’t understand what Internet cookies are, you should dismiss it as, in the way you put it, “intrusive crap.”

What has an Internet cookie done to you in the first place? I’m just interested, because so far, I haven’t been put in trouble by any Internet cookies. Well, it might be that, or I’m just very cautios. Anyway, please do share. It will be very much appreciated.
Paul (dfw-tx) on September 26th, 2008 2:21 pm

I can see that the author of the article is in bed with the advertising community and trying to make a case for me to have a “much more enjoyable” time at a particular site…well that is BS IMHO …. personally I can care less what the advertisement is I NEVER click on an ad and for sure NEVER buy anything from them …

my biggest gripe about the cookies and no one can seem to answer the question, why do they expire in 25+ yrs, that to me makes them that more dangerous to the computer owner than anything else

I use Firefox browser mainly for the reason that when a site wants me to swallow a cookie, unless it is a “session” cookie it is rejected, that is the reason I don’t use IE because you dont have that choice, its accept or reject and normally I reject if the date on the cookie is longer than a few days.

I look at it this way … its my computer what ever goes on it has to have my permission, and if a particular site does not like the idea of me rejecting their cookies for the site to work … then I will take my business elsewhere there is plenty of fish in the sea for me to spend spend my time and money on …. will just go down the road to some other site that does not make any difference to.
Loki on September 29th, 2008 3:26 am

Paul, cookies are utilized by the browser, maybe that’s the reason why they have such lifetime. I am not removing your right to decide for your computer, but you also have to understand that you are not the only one concerned here. Internet sites are run by advertisement and without them, I doubt we would have anything on the Internet at all.

Just a reminder, I’d like to reiterate what I wrote in Misconception #6. “Cookies cannot carry any other information than that of your browser and its web host.”

And no, I am not in bed with the advertising community and trying to make a case for you to have a “much more enjoyable” time at a particular site. Sorry for breaking your heart on that one.

Got something to say?

Our Network