Cookies are small text files stored on a user's device when they visit a website.
They contain information about the user's preferences, browsing history and other data enabling the online experience to be personalised.
There are 2 types of cookies:
- proprietary cookies (first-party cookies)
- Created and deposited by the website you visit directly
- Used to improve the user experience on this specific site
- Limited to tracking Internet users only on the site where they are stored
- third-party cookies (third-party cookies)
- Created and registered by domains other than the one visited
- Used mainly for commercial and advertising purposes
- Capable of tracking user behaviour across several websites
How it works
-
- When a user visits a site for the first time, the server sends a cookie to the browser.
- The browser stores this cookie on the user's device
- On subsequent visits, the browser sends the cookie back to the server. This enables the server to recognise the user and personalise their experience.
Risks associated with cookies
Although cookies have legitimate uses, they also present risks for the security and privacy of users:
- Invasion of privacy: thehird-party cookies can track the browsing behaviour of users on several sites, collecting personal data without their knowledge.
- Data theft sensitive : some cookies may store sensitive information such as login details, which could be exploited by hackers.
- Identity theft If hackers gain access to cookie data, they can potentially usurp the user's identity on certain sites.
- Gateway to malicious software Cookies can be used as a vector to introduce malicious software onto the user's device..
- Session hijacking : a technique known as "cookie hijacking" enables a hacker to intercept a user's cookies to impersonate them and access their accounts.
Examples of risks
-
-
- A hacker intercepting a user's cookies on a public Wi-Fi network could potentially access their online accounts
- Third-party cookies could track a user's shopping habits on several e-commerce sites, creating a detailed profile without their knowledge.
- A malicious software could exploit security loopholes in cookies to install themselves on the user's device
-
💉 Protection and remedies
Browser settings
- Configure your browser to block third-party cookies
- Activate the "Do not track me" option
- Delete cookies and browsing history regularly
Use of protective tools
- Install browser extensions that block trackers
- Using a VPN to encrypt network traffic
- Use up-to-date antivirus software
Best practice
- Be vigilant about the sites visited and the authorisations granted
- Use private browsing for sensitive activities
- Logging out of online accounts after use
📊 Cookie statistics
- In 2021, around 41 % of French Internet users said that they systematically refused cookies on websites they visit.
- Worldwide, it is estimated that more than 30 % of users regularly delete their cookies
- Third-party cookies are gradually being phased out by the major browsers, with Google Chrome planning to do away with them altogether by 2024.