Antivirus
VPN
Password Managers
Ad Blockers
Identity Theft
Advertiser Disclosure

You’re serious about security. So are we.

Our experts dig into the research and conduct hands-on testing to make it easy for you to get online—safely.

What are cookies in computers?

Cookies, also known as browser cookies or tracking cookies, are small, often encrypted text files located in browser directories. Web developers use them to help users navigate their websites efficiently and perform certain functions.

Due to their core role of enhancing or enabling usability and site processes, disabling cookies may prevent users from using certain websites.

Cookies are created when a user's web browser loads a particular website. The website sends information to the browser, creating a text file.

Whenever the user returns to the same website, the browser retrieves and sends this file to the website's server.

Computer cookies are created not just by the website the user is browsing but also by other websites that run ads, widgets, or other elements on the page being loaded.

These cookies regulate how the ads appear or how the widgets and other elements function on the page.

Learn more about managing cookies on different browsers.

Standard uses for browser cookies

Website servers set cookies to help authenticate the user if the user logs in to a secure area of the website. Login information is stored in a cookie so the user can enter and leave the website without having to re-enter the same authentication information over and over.

The server also uses session cookies to store information about user page activities so users can easily pick up where they left off on the server's pages. By default, web pages really don't have any 'memory'. Cookies tell the server what pages to show the user so the user doesn't have to remember or start navigating the site all over again.

Cookies act as a sort of “bookmark” within the site. Similarly, cookies can store ordering information needed to make shopping carts work instead of forcing the user to remember all the items the user put in the shopping cart.

Persistent or tracking cookies are also employed to store user preferences. Many websites allow the user to customize how information is presented through site layouts or themes. These changes make the site easier to navigate and/or let the user leave a part of the user's “personality” at the site.

Learn more about the different types of cookies.

Our Team's Latest Research
Scammiest Cities in America Map
Scam City USA: The Scammiest Cities in America
Woman looking at laptop
Data Breaches Are on the Rise, but How Much Do People Actually Care? [Survey]
Woman looking sad at laptop
Identity Theft in America: How Many People Are Affected? [Survey]
Editor's Picks
Top picks from our experts

Cookie security and privacy issues

Cookies are NOT viruses. Cookies use a plain text format and are not compiled pieces of code. They can’t be executed and aren’t self-executing. Accordingly, they can’t make copies of themselves and spread to other networks to execute and replicate again.

Since they can’t perform these functions, they fall outside the standard virus definition.

However, Cookies CAN be used for malicious purposes. Since they store information about a user's browsing preferences and history, both on a specific site and browsing among several websites, bad actors can use cookies to act as a form of spyware.

Many anti-spyware products are well aware of this problem and routinely flag cookies as candidates for deletion after standard virus and/or spyware scans.

Responsible and ethical web developers deal with privacy issues caused by cookie tracking by clearly describing how cookies are deployed on their websites.

Privacy policies should explain what information is collected and how the information is used. Organizations that utilize and display a proper and useful cookie policy and privacy policy include LinkedIn and Networkadvertising.org.

Most browsers have built-in privacy settings that provide differing levels of cookie acceptance, expiration time, and disposal after a user has visited a particular site. But browsers have leveraged stored cookies to create user profiles for contextual advertising. With a push away from this cookie syncing toward cookieless advertising, advertisers rely more on AI machine learning and keywords than a user’s cookies in contextual targeting.

Learn more about privacy issues with cookies.

Computer cookies help

Computer cookies make our experience on the internet easier, quicker, and much less complicated.

Imagine trying to log in to your favorite website, social media account, or email and having to remember and type in your username and password every time — it would be almost impossible. Just to cope and make it easier you would probably start using the same username and password for every account which would be very dangerous and compromise your cybersecurity.

Cookies are essential for internet surfing.

Cookies help identify and recognize that it's you and allow quick entry. These essential files also help the website owner identify bad actors who may be using bots to try to enforce their way into the website's code, looking for vulnerabilities to place malicious and hijacking code that will give you malware.

Cookies don't identify you personally. They can't tell who you are, but they can remember the device you are using and thus make it simpler for you to browse the web.

Learn more about how cookies work.

Other cookie-based threats

Since identity protection is highly valued and is every internet user's right, it pays to be aware of what threat cookies can pose.

As cookies are transmitted back and forth between a browser and website, if an attacker or unauthorized person gets in between the data transmission, the sensitive cookie information can be intercepted.

Although relatively rare, this can happen if the browser is connecting to the server using an unencrypted network like a non-secured Wi-Fi channel.

Internet security is only attainable if you regularly use an antivirus protection program or encrypt your internet traffic on public Wi-Fi with a virtual private network.

Other cookie-based attacks involve exploiting faulty cookie-setting systems on servers. If a website doesn't require browsers to use encrypted channels only, attackers can use this vulnerability to trick browsers into sending sensitive information over insecure channels.

The attackers then siphon off the sensitive data for unauthorized access purposes.

Learn more about what information cookies can collect.

What is the GDPR, and how does it affect U.S. companies and consumers?

On May 25, 2018, the European Union enacted privacy laws called the General Data Protection Regulation (GDPR) to protect EU citizens from unethical personal data processing practices. The seven principles of the GDPR collectively aim to protect personal data, including names, addresses, payment information, IP addresses, biometric data, and more.

The GDPR stipulates seven principles to protect the personal data of EU citizens:

  1. Lawfulness, fairness, and transparency: Consumers should understand what data they’re providing, how the company will use it, and how it is protected.
  2. Purpose limitation: Companies should only collect data that will be used for a specific purpose.
  3. Data minimization: Consumers should not need to provide more information than what is needed for a specific purpose.
  4. Accuracy: Data collected should be accurate and kept up to date.
  5. Storage limitation: Consumer data should only be kept for as long as needed.
  6. Integrity and confidentiality: Companies should work diligently to protect any data they collect.
  7. Accountability: Each company should have documentation on data protection practices.

To comply with the GDPR, businesses need to have privacy policies that are clearly written and use precise language, and they need to provide consumers with these policies promptly.

Businesses also need to have cookie policies that disclose information about what data is collected from online visitors.

Before this, website visitors needed to opt-out of having tracking cookies stored on their devices.

With the GDPR, visitors must opt-in or give their content to the website to store analytics or advertising cookies on their computers or other devices.

However, visitors do not need to consent to necessary cookies, also called essential cookies, which allow the website to function correctly.

The European Union has an internet handbook that explains to businesses their requirements under the legislation and offers a “cookie kit" to help them comply.

So, how does the GDPR apply to international businesses?

Even though this privacy law applies to the European Union, it also benefits U.S. and international consumers. Here’s how. If a website is available to any EU consumers, then it must also abide by the GDPR, even if the website location is outside of the EU. This means businesses in the U.S. and elsewhere must comply with the EU law to have their websites available to EU consumers.

The GDPR differs from the EU’s 2002 ePrivacy Directive (i.e., the Privacy and Electronic Communications Directive 2002/58/EC) in that the GDPR provides broader protections, whereas the forerunner directive focuses on electronic communications. This “cookie law” also regulates the monitoring and tracking of cookies in relation to electronic communications.

A new ePrivacy Regulation is set to replace the ePrivacy Directive, with updates extending protections to all electronic communications, including texts and messaging apps like Facebook Messenger. The European Commission (EC), European Parliament, and European Council have not yet reached a consensus on the new directive. If greenlit, the more modernized ePrivacy Regulation can work in tandem with the GDPR to offer stronger data privacy protections.

Learn more about the GDPR.

What is the CCPA, and how does it differ from the GDPR?

In 2018, California signed privacy regulations under the California Consumer Privacy Act (CCPA). Similar to the GDPR, the CCPA was created to protect consumers’ personal data and give businesses a set of standards to follow about that data. The regulations are designed for California businesses, but businesses outside the state must comply if their websites collect data on Californian consumers.

Per the CCPA, businesses must disclose which personal information about their users is being collected and sold. Users have the right to request that businesses delete their data and the right to opt out of data collection. However, the CCPA does not offer as robust protections as the GDPR. The CCPA does not mandate clear consent via the ability to opt in.

Additionally, under CCPA, only businesses that make over $25 million annually are required to comply. With the GDPR, all businesses must comply with the privacy laws designed to protect EU citizens (not just consumers). To split hairs, the GDPR represents individual rights, whereas the CCPA aims to protect the rights of a consumer or household. The CCPA grants consumers six foundational rights:

  1. Consumers have the right to know about the personal information collected by businesses.
  2. Consumers have the right to delete personal information collected.
  3. Consumers have the right to opt-out of personal information being sold.
  4. Consumers have the right to opt-in to the sale of personal information.
  5. Consumers have the right not to be discriminated against for opting out.
  6. Consumers have the right to initiate a private cause of action for data breaches.

The CCPA offers additional protections, such as regulations to protect the personal data of minors (i.e., children under the age of 16).

The CCPA officially went into effect on January 1, 2020.

Learn more about the CCPA.

Key tips for safe and responsible cookie-based web browsing

Due to their flexibility and the fact that many of the largest and most-visited websites use cookies by default, cookies are almost unavoidable. Disabling cookies will lock a user out of many of the most widely-used sites on the internet, like YouTube, Gmail, Yahoo Mail, and others. Even search settings require cookies for language settings.

Here are some tips you can use to protect your digital footprint and ensure worry-free cookie-based browsing:

  • Customize your browser's cookie settings to reflect your comfort level with cookie security, or delete cookies entirely.
  • Install anti-spyware applications and keep the software updated. Many spyware detection, cleanup applications, and spyware removers include attack site detection. They block your browser from accessing websites that exploit browser vulnerabilities or download malicious software.
  • If you’re very comfortable with cookies and are the only person using your computer, you may want to set a long expiration period for storing your personal access information and browsing history.
  • If you share access on your computer, you may want to set your browser to clear private browsing data every time you close your browser. While not as secure as rejecting cookies outright, this option lets you access cookie-based websites while deleting any sensitive information after your browsing session.
  • Make sure your browser is up to date (and, ideally, set to update automatically). This eliminates security vulnerabilities caused by outdated browsers. Many cookie-based exploits are based on exploiting older browsers' security shortcomings.

Once you understand how cookies operate and how they enhance your browsing experience, you can take the necessary security measures to ensure that your web browsing is secure.

Learn more about clearing cookies.

Managing mobile cookies and security

The mobile landscape is so much broader than a single platform. We cover mobile cookie use plus cybersecurity issues found in the mobile sector.

Knowing how to safely surf the web is one of the most important aspects of personal cyber security and education is one of the most powerful tools.

Below are a few points to remember when using your Android, iPhone, or other mobile device to ensure you are safe and secure on the web.

  • Cookies are just text files that store information about your computer or mobile device. These cookies can be necessary for the website to operate and function.
  • Be skeptical! Always research a program or application before installation. Research the application and the app developer to establish credibility. Review the product/developer website for customer support phone numbers or emails and review the social media pages to see what people are saying about the product.
  • Avoid downloading apps or programs that found you. Don’t install apps from pushy ads or automatic downloads if you have not actively sought a program.
  • Stay current with application and operating system updates. Updates often include security patches that are designed to fix newly discovered vulnerabilities.
  • Install and USE a reputable antivirus application to protect you from threats that slip past your personal defense.

Learn more about cybersecurity best practices.

Latest Stories
See More Stories →
A blue background with images of locks and shields and the text "How to block Netflix ads"
How To Block Netflix Ads: Go Ad-Free Without Upgrading in 2025
Netflix’s ad-supported tier is cheaper than its two other plans, but we can show you how to block ads on the platform without having to do any crazy configurations or download sketchy software.
 A blue background with images of locks and shields and the text "Best Free Credit Monitoring Services"
The Best Free Credit Monitoring Services 2025
After testing Credit Karma, Credit Sesame, and Experian, we think Credit Karma offers the best free credit monitoring service. Here’s why.
 A blue background with images of locks and shields and the text "How to delete Facebook"
Deactivate or Delete Facebook to Help Prevent Identity Theft, Here’s How
 A blue background with images of locks and shields and the text "myFICO vs. Credit Karma"
myFICO vs. Credit Karma 2025: Identity Protection vs. Credit Monitoring
 iPhone apps with Bluesky featured among other social networking and messaging apps
Is Bluesky Safe? As Its Popularity Rises, so Do Bluesky Scams (February 2025)
 Digital Clutter Header Image
Digital Clutter: The Average American Has This Many Unread Emails and Texts — How Do You Compare?
 A blue background with images of locks and shields and the text "Best VPNs for Privacy"
The Best VPNs for Privacy 2025
 A blue background with images of locks and shields and the text "How to delete X (formerly Twitter)"
Ready To Delete X (Formerly Twitter)? Here’s How
AS SEEN ON
Explore Popular Topics
Antivirus
Guides and Tips
VPN
Guides and Tips
Password Managers
Guides and Tips
Ad Blockers
Guides and Tips
Identity Theft
Guides and Tips