Cookies

Cookies are small text files stored on a user's device when they visit a website.

They contain information about the user's preferences, browsing history and other data enabling the online experience to be personalised.

 

Types of cookies

There are 2 types of cookies:

 

🍪 proprietary cookies (first-party cookies)

  • Created and deposited by the website you visit directly
  • Used to improve the user experience on this specific site
  • Limited to tracking Internet users only on the site where they are stored

🍪 third-party cookies (third-party cookies)

  • Created and registered by domains other than the one visited
  • Used mainly for commercial and advertising purposes
  • Capable of tracking user behaviour across several websites

 

Google - Noto Color Emoji 15.0 (Animated) How it works

  • When a user visits a site for the first time, the server sends a cookie to the browser.
  • The browser stores this cookie on the user's device
  • On subsequent visits, the browser sends the cookie back to the server. This enables the server to recognise the user and personalise their experience.

 

💥 Risks associated with cookies

Although cookies have legitimate uses, they also present risks for the security and privacy of users:

  • Invasion of privacy : third-party cookies can track users' browsing behaviour on several sites, collecting personal data without their knowledge.
  • Data theft sensitive : some cookies may store sensitive information such as login details, which could be exploited by hackers.
  • Identity theft If hackers gain access to cookie data, they can potentially usurp the user's identity on certain sites.
  • Gateway to malicious software Cookies can be used as a vector to introduce malicious software onto the user's device..
  • Session hijacking : a technique known as "cookie hijacking" enables a hacker to intercept a user's cookies to impersonate them and access their accounts.

Examples of risks

  • A hacker intercepting a user's cookies on a public Wi-Fi network could potentially access their online accounts
  • Third-party cookies could track a user's shopping habits on several e-commerce sites, creating a detailed profile without their knowledge.
  • A malicious software could exploit security loopholes in cookies to install themselves on the user's device

💉 Protection and remedies

Browser settings

  • Configure your browser to block third-party cookies
  • Activate the "Do not track me" option
  • Delete cookies and browsing history regularly

Use of protective tools

  • Install browser extensions that block trackers
  • Using a VPN to encrypt network traffic
  • Use up-to-date antivirus software

 

Best practice

  • Be vigilant about the sites visited and the authorisations granted
  • Use private browsing for sensitive activities
  • Logging out of online accounts after use

📊 Cookie statistics

  • Of the 1.1 billion websites in existence, around 42 % actively use cookies
  • 46 % of French people accept all cookies to save time (NordVPN study)
  • Only 6 % of French Internet users systematically refuse all cookies (NordVPN study)
  • Worldwide, it is estimated that more than 30 % of users regularly delete their cookies
  • Third-party cookies are gradually being phased out by the main browsers, with Google Chrome planning to do away with them altogether.
Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity