Many websites require you to enable cookies before reading and interacting with them. They’re omnipresent, often unnoticed, and sometimes can get a bad rap. However, not that many people really know what they are, what they do, and whether or not you should even really be afraid of them.
“Cookies,” known more technically as HTTP cookies, are basically little bits of data that a web server makes to keep track of certain kinds of information about you. In most cases, this is basic metadata, like which pages you’ve viewed on their site, how that relates to their recommendation algorithms, what you have in your shopping cart, etc..
Cookies allow a web page to make a viewing experience more pleasant and usable to visitors. Things like what kinds of content you’re more likely to want to see, not having to rewrite your password every time you want to log in, and even things like not resetting your cart when you change pages on Amazon.
With that in mind, it’s really important to not pathologize something that’s basically just a tool. We’re about to talk about some ways that cookies can be used nefariously; however, getting rid of cookies or disabling them entirely is a totally untenable solution to what may not even be a significant problem. That being said, how bad are the threats?
The most classic, traditional threat is called a “zombie cookie.” Zombie cookies essentially survive being deleted by installing themselves in harder to reach places on your computer. This isn’t necessarily bad on its own, but when combined with the more subtle threat, makes for a rather annoying problem.
Since browser cookies take and keep track of user information, that information can be revealing or exploitative to users. Things like your identity in the form of your digital footprint is collected and sold by these websites, having a bad effect on your privacy. A zombie cookie feeding this information to a bad actor can represent a serious problem depending on how anonymous you want your online interactions to be.
To reiterate a previous point - removing or deleting cookies altogether is not a workable solution. Instead, regularly deleting your cookies is basically good enough. If you’ve been infected with zombie cookies, there’s nothing you can really do other than wait for a security update from the relevant party - the browser, phone provider, or OS.