Information Security: Defining Cookies


A Cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognize a user’s device. Cookies are categorized in two ways, the extent of data they store and the website that places the cookie on the user's device.

A session cookie is one which is erased when the user closes the browser. Session cookies are considered to be less privacy intrusive than persistent cookies because they expire after a browser session so would not be stored longer term. For example, session cookies can be used for security when a user is accessing internet banking or to facilitate use of webmail.

Persistent cookies differs from a session cookies. A persistent cookie remains on the user's computer/device for a pre-defined period of time.

Persistent cookies are stored on a users’ device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be stored.

Persistent cookies may be used for a variety of purposes including remembering users’ preferences and choices when using a site or to target advertising.

First-party cookies
are set by the web server of the page the user visits (the website displayed in the URL window).

Second-party cookies are stored by a different domain than the visited page's domain. This can happen when the web-page references a file, such as JavaScript, located outside its domain.

Third party cookies are cookies that are set by a domain other than the one being visited by the user. A common example is an advertising service (ex: AdSense) which creates a third-party cookie in order to monitor which websites were visited by each user.

Common Terms

(f)   Terminal equipment-The device a cookie is placed on – usually a computer or mobile device

(g)  subscriber-This means a person who is a party to a contract with a provider of public electronic communications services for the supply of such services.

(h)   user-This means any individual using a public electronic communications service. In this context a user would be the person sat at a computer or using a mobile.

In another article on this blog, I will provide further details on cookies and privacy settings as well as cookies compliance under GDPR.

Comments

Popular posts from this blog

Labcorp suffers a data breach

Meta (Facebook) is facing major data transfer hurdles

ICO issues additional guidance on Privacy and Electronic Communications Regulations (PECR)