Those are just some examples of messages that pop up whenever you visit a new website. Many of you probably just ignore them and hit "Accept," but the "cookie" part probably sticks with you.
What kinds of cookies are website actually talking about? Well, it's not the tasty kind we all love, but something different. In this article, we'll discuss all you need to know about cookies.
- What Are Cookies?
- What Are the Most Common Types of Cookies?
- Are Cookies Legal?
- Are Cookies Bad for Your Privacy?
- Can VPNs Protect You from Cookies?
- How to Clear Cookies
- Additional Ways to Deal With Cookies
- What Are Supercookies?
- How to Get Rid of Supercookies
- Bottom Line – Are Cookies Bad or Good?
What Are Cookies?
It sounds shady when you think about it, but most cookies are rather harmless. They usually contain information like:
- The cookie's expiration date.
- The name of the website that placed the cookie on your device.
- A unique number that helps the website identify you as a returning visitor.
The last part might sound problematic, but it's not really something to worry about. Here's an example to show you what we mean:
You visit website X and make an account. The website will store a cookie on your device that helps it recognize you as a logged-in user. When you visit the website again, the cookie will authenticate you as a user who successfully logged in before. So, you won't need to do it again.
What Are the Most Common Types of Cookies?
Based on our research, these are the most common cookies you're likely to deal with:
Privacy-wise, these cookies are pretty harmless. They have a temporary lifespan, and usually expire a few seconds or minutes after you close the web browser or web page.
eCommerce websites use session cookies the most. It's how they can remember which products you place in the shopping cart. Without them, these sites would remove the items by the time you get to the checkout page. What's more, they'd end up treating you like a new visitor.
Websites store these cookies for a longer period on your device, so they don't get deleted when you exit the web page or browser. They're normally required to have an expiration period, and it's usually a few years.
Every time you'll visit the website in question, these cookies will be delivered to it so that it can recognize you as a unique user. The site will also receive the cookies if you happen to view a resource issued by it (like an ad) on a different web page.
So persistent cookies kind of help websites track your behavior, and see how you interact with their ads.
Despite that, persistent cookies are also pretty helpful. It's thanks to them that you don't need to repeatedly log into your account when you visit a website. Or that a website remembers your preferred settings (like the language you chose).
As a general rule of thumb, you can expect a persistent cookie to end up on your device if you see a "Remember Me" option when you log in or sign up on a site.
So without them, you wouldn't get a personalized experience when you use a website often.
These are any cookies that are only issued by the website you visit. They're normally used for calculating:
- Page views
- User numbers
Websites can share the data they gather with first-party cookies with advertisers. Also, analytics tools use these cookies to understand user behavior.
These are cookies that a website you visit uses but doesn't own. Instead, they belong to third-party elements the site integrates on their platform - like ads, live chat, and social media plugins.
Advertisers generally use these cookies a lot for cross-site user tracking to serve people with targeted ads.
HTTPS websites use these kinds of cookies to secure valuable customer data. For example, an eCommerce website might use them on the checkout or payment pages to offer safer transactions.
Are Cookies Legal?
Cookies themselves are legal. After all, they're needed for websites to offer users a great experience.
- The EU has regulations like the GDPR and the ePrivacy Directive that require websites to notify users about their cookies (usually through cookie banners) to comply with the law. Also, pre-checked consent boxes or notifications that a cookie was placed on your device aren't legal.
- Canada's PIPEDA and CASL laws don't force websites to display cookie banners, but they still need to ask for consent.
If you want to learn more about the legal status of cookie usage around the world, just follow this link.
Are Cookies Bad for Your Privacy?
Normally, cookies are not inherently problematic. They just make life easier by making your interactions with a website more convenient.
However, if a site's goal is to profit by sharing data about you with advertisers, any kind of cookie will be bad for your privacy- especially all the third-party cookies that will track you. After all, if you browse a website that displays 15 ads, 15 different cookies will be placed on your device even if you don't interact with them.
And advertisers can use those cookies alongside the data they buy from the sites you browse to spam you with annoying personalized ads.
So from that point of view, cookies and privacy don't go hand in hand.
All in all, if you really value your privacy, you shouldn't let cookies live rent-free on your device.
What About Security, Though?
Well, in theory, a hacker could intercept cookies over unsecured connections, and inject malicious code into them. However, that wouldn't really do much since they need to be executed to cause damage. That could only happen if there was some kind of vulnerability the hacker could exploit to force your browser to execute the cookie file.
But those kinds of bugs are not likely to happen in major browsers.
Still, you're not out of the woods yet. A hacker could actually intercept your cookies to create a forged cookie that tricks websites into letting them log into your accounts - like they did with Yahoo! accounts.
Can VPNs Protect You from Cookies?
- Hackers from eavesdropping on your web traffic.
- ISPs from keeping tabs on your online browsing.
- Government agencies from spying on your Internet activities.
- Advertisers from tracking your IP address and associating it with your browsing habits.
But it can't stop cookies from landing on your device. The VPN server won't intercept them for you since it's not designed to work that way.
Still, there are some good news - a VPN could theoretically prevent hackers from creating forged cookies. They usually do that by intercepting your cookies over unsecured WiFi (which is basically any network nowadays). Since a VPN encrypts all your traffic, cybercriminals shouldn't be able to monitor it and intercept data packets.
How to Clear Cookies
We'll show you step-by-step tutorials for both computers and mobile devices. Also, we're going to assume you're using the latest browser versions and mobile OS versions.
So, let's get started:
How to Clear Cookies on Computers
Here's how you can do this on the most popular browsers:
Start Chrome, and click the three-dots icon in the upper right corner (the one next to your user account). Look for "More tools" and pick "Clear browsing data..."
Now, pick a time range from the dropdown menu - like the past week or month. If you want to delete cookies over a big period of time, just pick "All time." Make sure the boxes next to "Cookies and other site data" and "Cached images and files" are ticked.
All that's left is to hit "Clear data," and you're done.
To get rid of cookies, open the browser and click the menu icon (the one with three lines in the upper right corner). Look for "Options" and click it.
Now click the "Privacy & Security" tab, scroll down to "Cookies and Site Data," and click "Clear Data...". If you don't want to do this every time you use Firefox, feel free to tick the "Delete cookies and site data when Firefox is closed" option.
Lastly, make sure both "Cookies and Site Data" and "Cached Web Content" are ticked, and hit "Clear."
Hit Alt + P on your keyboard to go to Settings, or pick "Settings" from the dropdown menu (the Opera icon in the upper left corner). Scroll down until you see "Privacy and security." Look for "Clear browsing data" and click the field.
Pick the time range, make sure "Cookies and other site data" and "Cached images and files" are ticked, and click "Clear data."
Run Safari, and go to Safari > Preferences, and click "Privacy." Next, click "Manage Website Data."
Pick the websites you want to delete cookies for, and hit "Remove." Or just click "Remove All."
Safari also lets you take extra measures like preventing sites from storing cookies on your device (the "Block all cookies" option). You can also make it delete cookies from tracking websites if you don't interact with or visit them (the "Prevent cross-site tracking" option).
The screenshots are from Catalina 10.15. If you run Mojave 10.14 or High Sierra, the steps shouldn't be very different. Feel free to check Apple's support article on how to remove cookies on those versions.
In the upper right corner, click the menu icon (the one with three lines). Next, select "Settings."
Scroll down and click "Advanced settings." Under "Privacy and security," click "Clear browsing data."
To finish up, pick the time range you want, and make sure "Cookies and other site data" and "Cached images and files" are selected. Click "Clear data" to get rid of cookies.
Start out by clicking the Vivaldi icon in the upper left corner. Then, go to Tools > Settings...
Next, look for the "Privacy" tab and click it. Scroll down a bit until you reach the "COOKIES" section, and click "Delete All Cookies."
To start, open the "Settings and more" menu (the three dots in the upper right corner), and click "Settings."
On the left, hit "Privacy and services." Under "Clear browsing data" on the right, click "Choose what to clear."
Pick a time range that suits you, and tick "Cookies and other site data" and "Cached images and files." Lastly, click "Clear now."
How to Clear Cookies on Mobile Devices
Here's what you need to do on the most popular mobile browsers:
Open the app, and tap the "More" icon (the three dots in the upper right corner), and select "Settings."
Now, tap "Privacy" and then "Clear browsing data."
Finish up by choosing a time range, selecting the "Cookies and site data" and "Cached images and files" options, and tapping "Clear data."
When you open the app, tap the "More" icon (the three dots), and choose "Settings." Next, go to Privacy > Clear Browsing Data.
Make sure "Cookies, Site Data" is checked. Now all that's left is to tap "Clear Browsing Data."
Tap the menu icon (the one with three lines in the bottom right), and pick "Settings." Look for the "Privacy" section, and tap "Data Management."
Now use the slider to pick which data you want to delete. In this case, it'd be "Cookies" and "Cache." To wrap this up, tap "Clear Private Data."
Open the app, tap the "More" icon (the three dots), and then tap "Settings."
Scroll down a bit until you see "Clear private data." Tap that option, pick "Cookies & active logins" and "Cache," and tap "CLEAR DATA" to finish up. If you want to delete more data, just pick the options you want to get rid of.
The process is pretty simple. First, go to Settings > Safari > Advanced.
Next, tap "Website Data." To get rid of all cookies, tap "Remove All Website Data."
Additional Ways to Deal With Cookies
Besides manually clearing cookies, there are other things you can do:
Use Time-Saving Extensions
Instead of having to manually delete cookies every time you close your browser, you can just use an extension that lets you do it quickly. Cookie AutoDelete is one of the most popular ones. It's open-source, and it automatically deletes cookies when you close a tab.
It's only available on Firefox, Chrome, and Microsoft Edge for now. On Opera, you can either get Self-Destructing Cookies (the extension Cookie AutoDelete got inspiration from), or use this tool that lets you install Chrome extensions on the browser.
Alternatively, if you use CyberGhost, you can use their Cookie Cleaner extension on Chrome and Firefox. It's got a nice look, and it's very straightforward. Plus, it's free to use so you don't need a subscription if you're not a CyberGhost user.
Browse in Incognito Mode
Also called private mode on other browsers, it won't save any cookies and site data when you use it. Basically, when you close the browser, it will automatically delete all cookies.
Just keep in mind that incognito mode won't make your online browsing more private.
CCleaner is a pretty cool tool that can delete all the cookies on your computer. Even better, it removes them across all platforms, so you don't need to manually delete them on each browser.
Besides that, it can clear other data that is a memory-hog, and even fix registry errors. Plus, it's easy to use, has a free version, and its paid service is only $20 per year.
I Don't Care About Cookies
More than just a simple statement, this is a pretty useful tool for anyone who deletes cookies on a regular basis.
Here's the idea - this extension will get rid of all cookie warnings from a lot of websites. It's time-efficient because you don't need to constantly click "OK" or "I accept" on cookie banners and pop-ups. And you will see them all the time if you delete cookies every time you close a browser.
Just make sure you only use this when you know you'll clear cookies when you're done browsing - like when you use incognito mode. If you use it for normal browsing, you won't see any consent messages from websites about their cookie policies.
What Are Supercookies?
While they sound similar to cookies, they're pretty different. Right now, there are two types of supercookies:
1. Flash Cookies/LSOs (Local Shared Objects)
These supercookies store information pretty similarly to how normal cookies do it. However, they can often store data in different spots on your hard drive. So, normal cookie removal steps don't really work on them all the time.
Flash cookies/LSOs are normally used in video ads. They can store useful information for advertisers - like what second a video was stopped. But they can also put your privacy at risk. Since you can't delete them with normal removal methods, they end up spying on you without your knowledge.
2. ISP Supercookies
While Flash cookies/LSOs behaved somewhat similar to normal cookies, ISP supercookies are completely different. You can't get rid of them at all because your ISP creates the tracking file and stores it on their own servers. They will then insert them into your data packets whenever you browse the web.
And they do all that without having to place anything on your device.
Now, these supercookies are really bad for your privacy. They contain UIDH (Unique Identifier Headers) that let your ISP recognize every device that goes through their network. Also, they allow them to track their customers' online activities.
There's no exact law that dictates whether supercookies are legal or not. As a general rule of thumb, ISPs need to offer their customers an option to opt-out of supercookie tracking and data sharing. Otherwise, they could end up getting a huge fine like Verizon did.
Of course, the problem is that many ISPs don't make that opt-out option too visible. Or they just make it hard for customers to pick it (like having to opt-out in person and in writing instead of online).
How to Get Rid of Supercookies
You can't do it the normal way, but there are some things you can try:
Use CCleaner & Flash Settings Manager for Flash Cookies/LSOs
Start out by clicking this link. If Flash isn't enabled on your browser, you'll need to do it by clicking on the "Click to enable Adobe Flash Player" message.
Now, you'll see a panel with multiple tabs. First, click the second tab from the right (yellow folder with a green arrow). Click "Delete all sites" to remove cookies that were written to your device.
Next, click the second tab from the left (globe image, yellow folder, and green arrow). Drag the slider all the way to the left ("None"), and tick "Never Ask Again." Also, disable the other two options there. Doing this should stop websites from placing Flash cookies/LSOs on your device in the future.
As an extra precaution, you should also use CCleaner. Just make sure to set it to remove Flash cookies (tutorial) since it doesn't do it by default.
Use a VPN for ISP Supercookies
A VPN can't protect you against normal cookies, and it certainly can't remove Flash cookies/LSOs. But there is a pretty good chance it can prevent ISP supercookies from compromising your connection.
How? By encrypting your traffic. That way, ISPs can't insert tracking headers in your connections. Also, existing supercookies won't be able to monitor your digital footprints.
Bottom Line - Are Cookies Bad or Good?
Both, really. They're good because they help websites deliver a better experience, and they're bad because they can compromise your privacy when advertisers are involved.
Of course, supercookies are just plain bad. We can see the point of Flash cookies/LSOs, but ISP supercookies are just downright unnecessary.
We hope that our tutorials were helpful. If you have other tips about how to delete cookies and supercookies, let us know in the comments or on social media. We're looking forward to hearing them.