Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

What are cookies?

MacBH928

MacBH928

macrumors G3
Original poster
May 17, 2008
8,762
3,913
Not sure where to post this but,
What are cookies and what information do they hold and how they share that information?

I used to believe cookies are mini files that store website preferences like your username/password so you won't have to login everytime you leave the page but it seems it does a lot more than that nowdays.
 
The basics (as you say) are that a cookie is a small text file created by a website that is stored on the user's computer that provide a way for the website to recognize you and keep track of your preferences.

Where it gets murky is how much information is stored and what websites can access the information. If website A stores a cookie that keeps basic information (login, what stories you read, when you were last there) and only uses that for its own purposes, that is one thing. But if suddenly websites B, C, and D can also see that information as well as track you from one website to the next and what you did at each and so forth, then it becomes a bit more overbearing.
 
  • Like
Reactions: MacBH928
biker4mac said:
The basics (as you say) are that a cookie is a small text file created by a website that is stored on the user's computer that provide a way for the website to recognize you and keep track of your preferences.

Where it gets murky is how much information is stored and what websites can access the information. If website A stores a cookie that keeps basic information (login, what stories you read, when you were last there) and only uses that for its own purposes, that is one thing. But if suddenly websites B, C, and D can also see that information as well as track you from one website to the next and what you did at each and so forth, then it becomes a bit more overbearing.
Click to expand...

does it identify you personally or does it identify the browser? As in if I visit Google then Amazon, does it know I(personally) was on Google prior, or it knows that "the user of this browser" was on Google earlier on.
 
Basically, it knows the browser. However, if you were logged into Google or Amazon then it would also have the potential to link that login to the browser and thus determine that you were the one visiting subsequent sites.
 
biker4mac said:
The basics (as you say) are that a cookie is a small text file created by a website that is stored on the user's computer that provide a way for the website to recognize you and keep track of your preferences.

Where it gets murky is how much information is stored and what websites can access the information. If website A stores a cookie that keeps basic information (login, what stories you read, when you were last there) and only uses that for its own purposes, that is one thing. But if suddenly websites B, C, and D can also see that information as well as track you from one website to the next and what you did at each and so forth, then it becomes a bit more overbearing.
Click to expand...


Browser implementation and Cross-Domain Policy (assuming everything is working as designed) prevents a website from reading the cookies created by a different website, i.e., Website A Cookie cannot be read by Website B.
 
If everything worked as designed and everyone used the technologies in an open and honest manner, we wouldn't have any problems... ;)

However, tracking cookies do exist and it's best to be aware of them.
 
biker4mac said:
If everything worked as designed and everyone used the technologies in an open and honest manner, we wouldn't have any problems... ;)

However, tracking cookies do exist and it's best to be aware of them.
Click to expand...
I think what you may be thinking of is certain advertising services tracking you across websites. The way they do this is when you visit a site with their advertisements displayed on it, a cookie is sent to your browser that helps to identify you, and then when you go to another site that they advertise on, they can more easily identify you and serve up advertisements to you, along with other factors such as your web browser's user agent, IP address, history, and various other factors. Different services (Facebook, Amazon, Google, etc) also share and sell information on users to build a better background of users to try to serve up more enticing ads catered to each person.

Browsers only send cookies to the domain they were originally sent from, and websites being able to read each others' cookies would be a massive security flaw, as literally any website you visited could scrape your login cookies for anything and then use them for their own purposes.
 
Shadow Jolteon said:
Browsers only send cookies to the domain they were originally sent from, and websites being able to read each others' cookies would be a massive security flaw, as literally any website you visited could scrape your login cookies for anything and then use them for their own purposes.
Click to expand...

True. I was talking about the ad cookies and sharing between sites in response to the question about Google and Amazon.
 
Shadow Jolteon said:
I think what you may be thinking of is certain advertising services tracking you across websites.

[...]

Browsers only send cookies to the domain they were originally sent from, and websites being able to read each others' cookies would be a massive security flaw, as literally any website you visited could scrape your login cookies for anything and then use them for their own purposes.
Click to expand...

Right, good reply. Basically there's a 3rd entity that's a bridge between Site A and Site B, even though A and B are sand boxed (prevented) from reading cookies across domains (and may not be "aware" of the dynamic ad content). That's a big difference vs. having access to site specific cookie values - especially when there's a significant amount of personal/account data dumped into cookies (that's generally pretty poor implementation).

Starship67 said:
What are cookies?

I was thinking somewhere along the lines of tasty baked treat ;)
Click to expand...


I consulted with one of my engineers who's an expert on the subject ...


7Goc4cho_400x400.jpg
 
  • Like
Reactions: Starship67
Shadow Jolteon said:
I think what you may be thinking of is certain advertising services tracking you across websites. The way they do this is when you visit a site with their advertisements displayed on it, a cookie is sent to your browser that helps to identify you, and then when you go to another site that they advertise on, they can more easily identify you and serve up advertisements to you, along with other factors such as your web browser's user agent, IP address, history, and various other factors. Different services (Facebook, Amazon, Google, etc) also share and sell information on users to build a better background of users to try to serve up more enticing ads catered to each person.

Browsers only send cookies to the domain they were originally sent from, and websites being able to read each others' cookies would be a massive security flaw, as literally any website you visited could scrape your login cookies for anything and then use them for their own purposes.
Click to expand...

I am confused at first you said cookies generated by a specific domain will not be shared with another site, but then you said they can track you and see where you went. They can also see my history.
 
  • Like
Reactions: damponting44
Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.
 
MacBH928 said:
I am confused at first you said cookies generated by a specific domain will not be shared with another site, but then you said they can track you and see where you went. They can also see my history.
Click to expand...

I'll see if I can explain this without getting too far into the weeds :)

So let's say you've got Website A (where is a specific, unique domain), it can read-write cookies that only Website A can access. Pretty clear, right?

Now this website, let's say they sell headphones, are all sorts of assets loaded from the sites servers: markup/HTML, scripts, images - the servers provide storage for the sites products, user accounts, etc. Again, simple.

So one of the things the site loads is some ad code - the implementation particulars aren't important for this discussion - but think of it like it's own small website embedded into Website A. It can't read the cookies, but it can read some browser behavior, like the URL for a search page result from Site A. Also note, that while Site can't override the rules that prevent the ad from reading Site A cookies, Site +can+ share the same data it's storing in a cookie.

Additionally, the ad - again, which like a mini-site bundle with many of the same rules and functionality - an write it's own cookie for the "ad domain". Just like the ad can't read Site A cookies, Site A can't read the ad cookies.

Here's where the black magic occurs: when you go to Site B, also running the same ad engine, the ad can read the ad specific cookie, any Site A data that was allowed/given, ID you on the new site (Site B doesn't ID you, the ad does, again, like a mini version of the same website now running in Site B). So now, that ad in Site B, parses your search data from Site A, shows you on Site B the same headphones you were shopping on Site A. Site B and the ad could also, potentially share data as well - all within the limits of what Site B decides to allow and still enforcing core technology limitations like a cookie from a different domain can't be read.
 
  • Like
Reactions: Shadow Jolteon
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back