7 Types of cookies (and how they affect privacy)

This happens every time you open a new website. It will show a popup that will ask for your consent so it can save cookies on your device. If you opt out, the website will not let you access its contents. So most people click on “I accept” even if they’re not willing to store cookies on their device. 

Why do you see this popup?

A few years ago, the European Union made it mandatory for websites to take consent from people before storing cookies on their systems. Ever since then, websites have to ask for your permission before they store their cookies on your computer. 

But the thing is, they say they need consent to store cookies. They don’t mention what type of cookies. Because not all cookies are the same. Let’s find out the types of cookies. But first, let’s briefly discuss what cookies are.

What are cookies?

When you visit a website, it will place a small file on your computer or phone. This file will collect personal data about you. Websites generally use cookies to find out if a user is new or a frequent visitor. While they help websites, they also enhance user experience. For example, if you save some preferences on a website, they will be saved in the cookies stored in your device.

Let’s discuss the 7 types of browser cookies.

1. Session cookies

These are temporary cookies that let a website recognize its users. These cookies store your temporary details and they’re deleted when the browser window is closed. So for example, you’re visiting an eCommerce site as a guest. You’ve added an item in the cart and are looking for more. Now you click on another link on this website. If it wasn’t for session cookies, your checkout basket would be empty as soon as you clicked away. With the help of session cookies, you can add things while you’re on the website. As soon as you close the window, they’ll be deleted and you’ll need to start again.

2. Persistent cookies

These cookies are more persistent, and hence the name. They stay in the system for long. They will not be gone when you close the session. They’ll help the website remember your preferences even if you close the session and open it two days later. These cookies usually die out after a couple of years. So if you don’t visit that website in a year or two, they will be deleted automatically. Of course, you can delete them manually as well.

These are the cookies that store your login data. So if you delete them, you’ll need to sign in with your username and password each time you visit the website. They record your browsing habits until they’re active. 

3. Third party cookies

These are also called tracking cookies. As you might have guessed, these are the bad guys we often talk about. The cookies that track you and collect your data, no matter which website you visit. They sell this data to advertisers. They keep a track of several things such as your age, location, search trends, and other things that can be sold to marketers.

Since they leak your data to the marketers, they are pesky and annoying. They’re good for marketers, though. They use your information to throw the right ads your way. You might notice ads on Facebook or other websites. These ads appear because third party cookies reside on your system and they give your details to advertising companies.

4. Secure cookies

The top three cookies are the most common. But there are other types of cookies as well, for example, secure cookies. These cookies are transmitted only if the connection is encrypted. While generally these cookies are sent only on an https connection instead of an http one, it doesn’t always mean that they are secure.

They are named secure but they don’t always have to be. Once the cookies are stored on your computer, a hacker can overwrite them even from an unsecured connection, especially if a site has http and https versions. So it’s best if the developer of the website doesn’t keep confidential data in them.

5. HTTP only cookies

While HTTP only cookies are different than secure cookies, but secure cookies can be HTTP only. These two properties reduce the chances of an XSS (cross-site scripting) attack. When there’s a CSS attack, the hacker will inject malware into a good or trusted website. When a cookie is secured, it will not be affected by scripting languages, and hence secure and HTTPS only cookies will stay unaffected. 

Developers create secure and HTTP only cookies so that the data stored on them cannot be stolen or changed by hackers.

6. Flash cookies

Flash cookies come in a different category. They’re a kind of supercookie. A supercookie will track you and keep your information just like a regular cookie. But these cookies are more difficult to detect, and thus delete. A browser comes with cookie management tools. To hide these cookies from being deleted, developers might use the flash plugin. Also, supercookies can hold 100KB data instead of the regular 4KB of a regular cookie. Flash cookies are available for most major browsers.

7. Zombie cookies

Zombie cookies are pretty much like flash cookies. Except they can recreate if they get deleted. They have backups stored outside the cookie folder in the browser and that’s how it becomes possible to recreate them.

Can cookies be blocked?

It’s possible to erase or block most cookies. You can find the folder where cookies are stored and simply delete them. Most browsers also give you the option to delete cookies right from the browser window. Session cookies are automatically deleted when you close the session. You can use the incognito mode because it treats other cookies also like session cookies and they are deleted as soon as the session is closed.

Or you can use a privacy based browser such as Kingpin. It will always work in incognito. So if you browse the internet, it will not save your browsing history or cookies. It’s important to understand that not all cookies are bad. They remember your data so it’s easier for you when you revisit a website. However, if you’re sending some sensitive information on the internet and you don’t want a website to remember it, you can use a private browser such as Kingpin.

How to manage cookies

If you’re on a regular browser, you can delete cookies by visiting the cookie section. It’s available in Chrome, Firefox, Safari, Opera, and all other browsers. For private browsers, you won’t need to delete cookies because there won’t be any cookies in the first place.