Are cookies crumbling our privacy? We asked an expert to find out

government anti surveilance email online privacy
“Cookies are just a fundamental part of how the Web works, about as essential as Wi-Fi, HTML, or electricity,” explains Silktide founder, Oliver Emberton. “All cookies do is recognize your computer as it travels between Web pages — so you need them for critical things like logging into a website, or buying something from a store.”

Cookies are small text files that reside on your computer, and the information they contain is set and accessed by the servers of the websites that you visit. Cookies allow servers to identify you and remember things about you.

“The problem is that those same cookies can also be used to track people, and do things that many people don’t like, like deliver targeted ads,” says Emberton. “And this has got a lot of people understandably concerned.”

In Europe, it generated so much concern that the European Union legislated in 2011, demanding that websites gain user consent to use cookies. That law is still the subject of much debate, but before we get into it, let’s rewind and take a look at where cookies came from in the first place.

A brief history of cookies

The man responsible for cookies is Lou Montulli. He developed one of the earliest Web browsers, Lynx, in 1991 and joined Mosaic Communications Corporation, later to become Netscape, in 1994. He was responsible for a variety of Web innovations including the blink tag, server push and client pull, HTTP proxying, and cookies.

According to the man himself, cookies are named after the computer science term “magic cookie,” as discovered by Clouseau on Google Answers. The Jargon File describes a magic cookie as “something passed between routines or programs that enables the receiver to perform some operation; a capability ticket or opaque identifier.”

“The vulnerability of systems to damage or snoop by using Web browser cookies is essentially nonexistent.”

Montulli had the idea to use a similar system in the Netscape browser for Web communications, and he used the familiar programming term, cookie. They were first used to verify whether users had visited the Netscape website before, and they enabled websites to remember your preferences. The cookies also presented a handy solution for virtual shopping carts, enabling e-commerce websites to remember what you were shopping for the last time you visited.

The public didn’t really become aware of them until 1996, when the media started reporting on the potential threat to privacy. Concerns focused on the fact that cookies were storing information on user’s computers without their knowledge or consent.

The revelation generated enough fuss that in 1998, the U.S. Department of Energy Computer Incident Advisory Capability released an information bulletin, which included this assessment: “The vulnerability of systems to damage or snooping by using Web browser cookies is essentially nonexistent. Cookies can only tell a Web server if you have been there before and can pass short bits of information (such as a user number) from the Web server back to itself the next time you visit. … Information about where you come from and what Web pages you visit already exists in a Web server’s log files and could also be used to track users browsing habits, cookies just make it easier.”

What is the threat?

Clearly cookies have an important function, and they make Web browsing much more convenient for us, since we don’t have to identify ourselves again every time we visit a website. Many people don’t see much of an issue with cookies, but the potential threat is described succinctly on Cookie Central:

“Unfortunately, the original intent of the cookie has been subverted by some unscrupulous entities who have found a way to use this process to actually track your movements across the Web. They do this by surreptitiously planting their cookies and then retrieving them in such a way that allows them to build detailed profiles of your interests, spending habits, and lifestyle.

Acer Chromebook 15

Bill Roberson/Digital Trends

On the surface, this practice may seem harmless and hardly worth fretting over since the worst thing most imagine is that corporate concerns will use this information to devise annoying, yet relatively innocuous advertising campaigns, targeted towards specific groups or individuals. However, it is rather scary to contemplate how such an intimate knowledge of our personal preferences and private activities might eventually be used to brand each of us as members of a particular group.

But remember a site only knows what information you have entered. Not all cookies are bad, they can also provide useful functions on the Web. The threat posed by cookies is a legitimate concern for people worried about privacy, but it pales in comparison to other threats, particularly in the wake of Edward Snowden’s revelations about the NSA and government surveillance.

Cookies are the thin end of the wedge

“Cookies aren’t the problem,” says Emberton. “There are equivalent or worse technologies that most people don’t know about (like local storage and LSOs), which can do the same thing. Cookies just happen to have caught mainstream awareness. The real issue isn’t the technology, it’s what people choose to do with it, but that’s harder to police.”

“Over 95 percent of websites use cookies, mostly for boring things that never cross our minds, like ensuring a website responds quickly, or counting visitors. The data most sites hold can’t be used to identify you personally,” he explains. “However, a handful of big companies — most notably Google, Facebook, and Amazon — hold a vast amount of personally identifiable information about millions of people. For example, Google’s history might tell someone if you have a medical problem, or your sexual orientation, or what political party you support. This information is likely linked to your real name.”

“Google’s history might tell someone if you have a medical problem, your sexual orientation, or what political party you support.”

The FTC has tangled with Google and others on the issue of online privacy several times in the last few years. In 2012 Google agreed to a $22.5 million settlement over Apple’s Safari Web browser, which has a default setting to block third-party cookies that Google bypassed. A U.K. court recently ruled that Safari users can sue Google over cookie tracking.

In the States, there have been attempts to introduce “Do Not Track” legislation, mirroring the “Do Not Call” law, which prevents telemarketers from contacting people who opt out. The idea is to give users the right to opt out of being tracked by third-party websites. According to its website, as part of its remit to protect consumer privacy, the FTC has been considering the “Do Not Track” proposal, but has yet to vote on whether to support it.

From 2011 various bills have been introduced, but later withdrawn or failed. The difficulty of establishing standards and agreeing workable legislation seems to have scuppered its progress. By contrast, legislation was passed in the EU, but how effective it has been in protecting consumer privacy is highly questionable.

EU Cookie law

In May, 2011, the e-Privacy Directive changed the law with regard to cookies in the European Union. In order to comply with the new law, website owners were charged with telling visitors about the cookies they use and obtaining their consent. In practice, websites that have complied now display a pop-up when you first visit that links to an explanation of their cookie policy and allows you to accept it.

European website owners and online businesses were understandably upset. Particularly because the law could penalize them, but not their competitors beyond EU jurisdiction. At first it wasn’t clear how the legislation would be enforced.

In the U.K., it fell to the Information Commissioner’s Office (ICO) to decide, and the agency gave websites a grace period of a year to comply. Many did comply, in no small part because the ICO was empowered to impose fines of up to £500,000 ($768,000), but the lack of will to enforce the law across the EU soon led to resistance.

Silktide develops software to help measure website quality. It released a free, open source cookie consent plug-in to enable websites to easily comply with the new law, but then it decided to challenge the ICO with, which begins “Dear ICO, Sue us,” and goes on to ridicule the law and explain why it’s largely pointless.

online spending

There was no lawsuit. We contacted the ICO, and Lead Communications Officer Anya Burgess confirmed that “so far the ICO have not issued any fines for ignoring the EU cookie law.”

She also pointed us to ICO’s latest study, which reveals the average website places 34 cookies on your device on your first visit, and 70 percent of them were third-party cookies (set by websites other than the one being visited). The study also raises concerns about the expiry dates on cookies, with some, optimistically, set to expire in the year 9999.

“I find the law misguided, but it has softened over the last couple of years, as the EU wrestled with how to implement it,” says Silktide’s Emberton. “The difference between what was written — which pretty much made every website illegal — and what has been policed is immense. I expect the letter of the law will slowly catch up with reality over time, but I don’t expect the law will actually do anything for user’s privacy.”

That’s the way the cookie crumbles

There are still efforts in motion to get some legislation on the books Stateside, but resistance remains fierce, and even if some kind of “Do Not Track” law is passed, will the FTC have the power or the will to enforce it against big business?

“Improving online privacy would be a noble goal, but regulating cookies would be a terrible way to accomplish it,” says Emberton when asked about the U.S.

“Cookies by themselves pose no threat to the average person, but the information that companies store about you (with or without cookies) is always a concern, and should be protected for good reason.”


Converting files from MKV to MP4 is quick and easy. Just follow these steps

MKV files have their place, but if you would rather convert your videos from MKV to MP4, there are two methods we consider the best and most efficient for getting it done. In this guide, we'll walk you through them step by step.

The 100 best Android apps turn your phone into a jack-of-all-trades

Choosing which apps to download is tricky, especially given how enormous and cluttered the Google Play Store has become. We rounded up 100 of the best Android apps and divided them neatly, with each suited for a different occasion.

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.

These 100 best iPhone apps will turn your phone into a jack-of-all-trades

The iPhone is the most popular smartphone in the world, and we want to bring out the best in yours. Behold our comprehensive list of the best iPhone apps, from time-saving productivity tools to fun apps you won’t be able to put down.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.

Crypto hangover could take blame for Nvidia’s potential GeForce RTX 2060 delay

Nvidia's delay in announcing a ship date for its GeForce RTX 2060 GPU could be due to a burst in the cryptocurrency mining bubble. Executives blamed the crypto hangover for an oversupply of inventory on existing GTX 1060 cards,

Save $900 on the ThinkPad X1 Carbon and more with Lenovo’s Cyber Monday sales

In the latest set of holiday sales, Lenovo is heavily discounting its fifth-generation ThinkPad X1 Carbon and other popular Windows laptops and 2-in-1s for the holiday shopping season.

Want to make one hard drive act like two? Here's how to partition in Windows

If you don't want all of your files stored in one place but only have one drive to work with, partitioning is your best way forward. Here's how to partition a hard drive in Windows 10, step by step.

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up speech-to-text in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.

These cheap laptops will make you wonder why anyone spends more

Looking for a budget notebook for school, work, or play? The best budget laptops, including our top pick -- the Asus ZenBook UX330UA -- will get the job done without digging too deep into your pockets.
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…

Don't use streaming apps? These are the best free players for your local music

Rather than using music streaming apps, you may want something for playing your local music. Good news! There are some good alternatives. These are the best media players you can download for free on Windows.

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $7 to $130. Happy shopping!