Cookies are a major part of what makes websites work. However, there are certain aspects about them that could be used maliciously, particularly in the case of third-party cookies. It’s become a problem that has even gotten the attention of the European Union. Whether the laws passed by the EU are helpful or not is another issue entirely (spoiler: They’re not as helpful as the EU would like to believe). Instead of focusing on legislation, we will dive into the differences between first- and third-party cookies, discuss why there’s a lot of controversy surrounding them, and examine how they act maliciously as well as how they can be helpful to some websites.
Related: What are cookie and why you should enable the “Do Not Track” mode
What’s the difference between first- and third-party cookies?
Each cookie has an “owner.” The owner of a cookie is the domain that’s specified within it. This is known as the cookie’s “party.”
A first-party cookie is the kind where the domain of the party coincides with the domain name of the website that sent the cookie to your browser. For example, if you go to “youtube.com” and the site sends a cookie to your system with “youtube.com” as the party, it’s a first-party cookie.
A third-party cookie is the kind where the domain of the party is different from the domain name of the website that sent the cookie to your browser. While on Facebook, for example, you don’t always use the “facebook.com” URL. Images, for example, are stored in the content distribution network (“sphotos.ak.fbcdn.net”). If you’re on that URL and you get a cookie from “facebook.com,” it’s a third-party cookie.
You may have seen that many Firefox users are pressuring Mozilla to block third-party cookies on its browser. There’s a reason for this: Big names like Google and Facebook use third-party cookies to track your activity, and a lot of the information Google and Facebook tracks about you can end up in the hands of government. It’s already happened, and Google felt it necessary to inform its users about data requests from governments around the world.
The number of requests is increasing, according to the earlier link. It seems like government is trying to harness control of the Web. Of course, the same link shows that Google is complying with a smaller proportion of these requests, meaning that it is attempting whatever it can to not reveal the private details of its users’ lives.
How do cookies act maliciously?
Added to the legislative threat, there are also malicious websites that track your activity in order to make particularly targeted scams. However, this practice has become more unpopular as Internet users have become more aware of these methods of data collection. As you may have guessed, these malicious websites also use third-party cookies. Since many legitimate companies use these kinds of cookies too, it’s difficult to really determine a “one size fits all” policy that would eradicate this malicious behavior. They’re much different than malware in this aspect.
Why do Google and Facebook want your data?
Like any other big company, Google and Facebook are just trying to better hone their marketing efforts to make their ads more relevant. The more relevant their advertising, the less likely you are to be annoyed by them, and the more likely you are to click on the ads and stay on their site to click even more ads. The more you click on the ads, the more money they make! It’s a very symbiotic relationship without any woeful intention. Of course, it doesn’t mean you should rest at ease. Google isn’t the only one interested in your data. The fact that government institutions can get their hands on your data should make you concerned about privacy. If you have legitimate concerns, you should disable cookies.
The Debate Continues
Privacy is a legitimate concern on the Internet since you can’t just duck and cover. Literally every step you take can come back to bite you since it can be tracked by third-party cookies (and, to some extent, first-party cookies as well). Ultimately, larger companies are trying to do their best to make sure that your private data remains secure, but the best way to protect yourself from privacy infringement is to use your mind. The Internet is a realm where prudence must be exercised at every corner.
Image credit: Oh, cookie!