A cookie is a small file, usually made up of letters and numbers, that is downloaded into the memory of a computer (or other equipment used for online browsing - mobile phone, tablet, etc.) when the user accesses a particular website. Cookies are created when the browser used by a user displays a specific website. The website transmits information to the browser, which creates a text file. Each time the user accesses the website again, the browser accesses and transmits this file to the website server. In other words, the cookie can be seen as an identification card of the Internet user, which notifies the website every time the user returns to that site
For a Windows XP and Mozilla Firefox user, cookies stored on his computer are located at the following location: C: \ Documents and Settings \ [username] \ Application Data \ Mozilla \ Firefox \ Profiles \ [profile_name] .default \ cookies .sqlite
A cookie may look like this: SNID50 = eR0azHquz- E32l1B7uLIasD63_ZWxrS9fkAc37Z4CQ = Q4levhdDnydqiJGNgoogle.com / verify 9728 2076339328 30210107 446809680 30173295 *
Cookies can provide faster and easier interaction between users and websites. For example, when a user authenticates on a particular website, the authentication data is stored in a cookie; later, the user can access that site without having to log in again. In other cases, cookies may be used to store information about the activities carried out by the user on a specific web page, so that he can easily resume those activities on a subsequent access to the site. Cookies tell the server which pages to show the user so that they do not have to remember this or browse the entire site from the beginning. Thus, cookies can be assimilated to "bookmarks" that tell the user exactly where he stayed on a website.
Similarly, cookies can store information about products ordered by the user on an e-commerce site, thus making possible the concept of "shopping cart". Cookies can also give websites the opportunity to monitor users' online activities and set user profiles, which can then be used for marketing purposes. For example, based on cookies, the products and services agreed by a user can be identified, this information being subsequently used to send appropriate advertising messages to that user.
• Cookies specific to an online session
Web pages have no memory. A user navigating from one web page to another will be considered by the website as a new user. Session-specific cookies usually store an identifier that allows the user to move from one web page to another without having to enter identifying information each time (username, password, etc.). Such cookies are widely used by commercial sites, for example, to keep track of products added by a user in the shopping cart. When the user visits a specific page in a product catalog and selects certain products, the cookie retains the selected products and adds them to the shopping cart, which will contain all the selected products when the user wants to leave the page.
Session-specific cookies are stored in the user's computer memory only during an Internet browsing session and are automatically deleted when the browser is closed. They can also become inaccessible if the session has been inactive for a certain period of time (usually 20 minutes).
• Permanent, persistent or stored cookies
Persistent cookies are stored on the user's computer and are not deleted when the browsing session is closed. These cookies may remember the user's preferences for a particular website, so that they can be used in other Internet browsing sessions. In addition to authentication information, persistent cookies may also retain details about the language and theme selected on a particular website, site menu preferences, favorite pages within a site, and so on. When the user first accesses a site, it is presented in the default mode. Subsequently, the user selects a series of preferences, which are then retained by cookies and used when the user accesses the site again. For example, a website offers its content in several languages. On the first visit, the user selects the English language, and the site retains this preference in a cookie. When the user visits the site again, the content will be automatically displayed in English. Persistent cookies can be used to identify individual users and thus analyze the online behavior of users. They can provide information about the number of visitors to a website, the time (on average) spent on a given page, and, in general, the performance of a website. These cookies are configured to be able to track the activities of users for a long period of time, in some cases even years.
• Flash cookies
If the user has Adobe Flash installed on their computer, small files can be stored in that computer's memory by websites that contain Flash items (such as videos). These files are known as "local shared objects" or "flash cookies" and may be used for the same purposes as regular cookies. When regular cookies are deleted through the functions of a browser, flash cookies are not affected. Thus, a website that uses flash cookies may recognize a user on a new visit, if the data specific to the deleted cookies were also retained in a flash cookie. Because flash cookies are not stored on the user's computer in the same way that regular cookies are stored, they are more difficult to identify and delete. Banks and financial sites use such cookies for this very reason. Because they are difficult to identify, these cookies are stored on users' computers to allow users to authenticate and prevent fraud, as potential offenders may have the username and password to authenticate, but do not have access to the user's computer. Thus, cookies act as a second level of authentication, in addition to username and password.
• First party cookies vs third party cookies
Each cookie has an "owner" - the website / Internet domain that places that cookie. First party cookies are placed by the Internet domain / website accessed by the user (whose address appears in the browser's address bar). For example, if the user visits www.numesite.ro, and the domain of the cookie placed on his computer is www.numesite.ro, then it is a first party cookie. A third party cookie is placed by a different Internet domain / website than the one accessed by the user; this means that the accessed website also contains information from a third party website - for example, an advertising banner that appears on the accessed website. Thus, if the user visits www.numesite.ro but the cookie placed on his computer has as domain www.altsite.ro, then it is a third party cookie. Article 29 Working Party (composed of the national data protection authorities of the Member States of the European Union) considers that, from a legal point of view, and in view of European legislation, the notion of "third party cookie" refers to a cookie placed by to an operator  distinct from the one operating the website visited by the user. Third party cookies are not strictly necessary for the user who accesses a website, as they are usually associated with a service distinct from that which has been explicitly "requested" by the user (by accessing the website) .
• Cookies from the perspective of computer security and privacy
Directive 2002/58/CE (PDF)
on the processing of personal data and the protection of confidentiality in the electronic communications sector, as amended by
Directive 2009/136/CE (PDF)
, because :
“Art.5 - 3. Member States shall ensure that the storage of information or the acquisition of access to information already stored in the terminal equipment of a subscriber or user is permitted only on condition that the subscriber or user concerned has given his consent. received clear and complete information in accordance with Directive 95/46 / EC, inter alia, on the purposes of the processing. It shall not impede the storage or technical access for the sole purpose of transmitting the communication over an electronic communications network or where this is strictly necessary for the provision by the provider of an information society service expressly requested by subscriber or user. " These provisions have been transposed into national law in Law nr.506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, as subsequently amended and supplemented:
“Art.4 - The storage of information or obtaining access to the information stored in the terminal equipment of a subscriber or user is allowed only with the cumulative fulfillment of the following conditions: the subscriber or user in question has expressed his consent; the subscriber or user in question were provided, prior to the expression of the agreement, in accordance with the provisions of art. 12 of Law no. 677/2001, with subsequent amendments and completions, clear and complete information that:
- to be presented in a language that is easy to understand and to be easily accessible to the subscriber or user;
- to include mentions regarding the purpose of processing the information stored by the subscriber or user or the information to which he has access.
If the provider allows third parties to store or access information stored in the subscriber's or user's terminal equipment, the information in accordance with points (i) and (ii) will include the general purpose of the processing of this information by third parties and how the subscriber or user may use the settings of the internet browser or other similar technologies to delete the stored information or to deny third parties access to this information.
(5 1) The agreement provided in par. (5) lit. a) may also be given by using the settings of the Internet browsing application or other similar technologies through which it can be considered that the subscriber or user has expressed his agreement. (6) The provisions of par. (5) are without prejudice to the possibility of storing or technically accessing the information stored in the following cases:
- when these operations are carried out exclusively for the purpose of transmitting a communication via an electronic communications network;
- when these operations are strictly necessary in order to provide an information society service, expressly requested by the subscriber or user.”
According to these provisions, the use of third party cookies is allowed under the following conditions:
Inform users, in a clear, complete and easily accessible manner, about:
- placing, by a certain website, cookies in the memory of the user's computer;
- the ways in which the user may delete cookies or refuse access to third parties to the information stored by those cookies;
- obtaining the user's consent for the placement of cookies and for the use of the information contained therein.
- Although user consent can also be expressed by using the settings of the browser used for browsing the Internet, it is necessary that in this case there is prior information of the user about the placement of cookies and their purpose.
The exceptions provided for in European and national legislation allow the use of first party cookies without complying with the obligation to obtain the user's consent. In addition, in June 2012, the Article 29 Working Party issued a notice (PDF) clarifying these exceptions:
- some cookies may be exempted from the obligation to obtain the informed consent of the user under certain conditions and if they are not used for additional purposes. Such cookies include: cookies used to store information entered by a user when filling out an online form, cookies used to store technical data needed to run video and audio content and cookies used to personalize web pages (for example, those that hold preferences for the language in which the content of a website is displayed).
As we have shown in point 5, at European level there are regulations regarding the monitoring of online activities of users for marketing purposes, being generally necessary to obtain the consent of users for such practices. But in other parts of the world such situations are less regulated. Under these conditions, the World Wide Web Consortium (W3C) is currently working on a technical (and technology-neutral) standard. –
„Do Not Track”
Under these conditions, users need a mechanism that allows them to express their preferences regarding the monitoring of online activities; this mechanism must be easy to configure and efficient. In addition, the sites web sites that cannot or do not want to provide content without providing behavioral advertising at the same time or without collecting user data need a mechanism to point this out to users and allow them to make an informed decision. Cause.”
Under these conditions, users need a mechanism that allows them to express their preferences regarding the monitoring of online activities; this mechanism must be easy to configure and efficient. In addition, the sites web sites that cannot or do not want to provide content without also providing behavioral advertising or without collecting user data need a mechanism through carThe purpose of the "Do Not Track" standard is "to give the user the opportunity to express personal choices regarding the monitoring of online activities and communicate these options to each server or web application they interact with, thus allowing each service accessed to either adjust its practices according to user options or reach a separate agreement with the user, which is convenient for both parties. The basic principle is that the expression of monitoring preferences is transmitted only when it reflects a deliberate choice of the user. In the absence of a user option, it is considered that the preference for monitoring online activities is not expressed. It should indicate these things to users and allow them to make an informed decision.”
Options to prevent monitoring the user's online activity are implemented today in various forms. From Internet Explorer 8 which gives you the ability to block third-party sites that leave content when you visit a website, to new extensions, add-ons and options introduced right in your search engine preferences. In the absence of the standard mentioned above, in some search engines it is more obvious how you activate this functionality, in others it is more hidden. Instructions for setting up the Do Not Track mechanism for Safari, Internet Explorer 9, Firefox and Chrome can be found
As one of the last to introduce this feature, version number 23 of Google Chrome offers the possibility to install extensions Do Not Track Me , AVG Do Not Track or Keep My Opt-Outs which block cookies and prevent (currently) only US advertising companies from personalizing ads based on the internet user's online behavior.
Firefox, in addition to the add-on Do Not Track Me , also offers the option „Tell web sites I do not want to be tracked” which can be configured in the privacy menu. Moreover, Internet Explorer 10 comes with Do Not Track as the default option. Microsoft's decision provoked a series of strong reactions, the response of companies such as Yahoo and Apache being that they will ignore Internet Explorer 10's Do Not Track signals Another tool you can install on most search engines (and even as an iOS app) is Ghostery . . Ghostery scans the page you visit and notifies you of the existence of elements installed by third-party sites to track your activity. You can then set your preferences according to the menu categories: advertising, analytics, beacons, privacy, widgets. More information here. It should be noted that not all Do Not Track features block cookies. So it is good to check what is part of each Do Not Track extension and choose the one that best represents the limitations you want to transmit to sites that monitor your activity on the Internet.
Interesting overview here .
In June 2012, IAB Romania published a series of
by websites. These recommendations have been grouped into two categories:
• User information
- what are cookies;
- what is their role;
- why they are used by third parties;
- what kind of information is accessed with the help of cookies;
- cookies, security and privacy of personal data;
- cookie management through browser settings;
- why cookies are important for the Internet;
- uninstalling cookies from third parties;
• How this information is presented
- information on cookies must be presented on the site in a way that is visible and accessible to users;
- this link must be easy to spot or the user must be informed of the existence of this link and of the information relating to cookies;
- the user must be visibly advised to read this information and instructions;
• Managing, disabling and deleting cookies
Detailed information on how to manage, disable and delete cookies using the settings of the browser used to browse the Internet is available at the following addresses:
• Internet Explorer
Deleting and managing cookies (IE 8, 9 and 10): Internet Explorer 8 Internet Explorer 9 Internet Explorer 10
• Mozilla Firefox
Cookie settings and cookie troubleshooting (enabling and disabling cookies, deleting cookies, blocking certain sites from placing cookies, unblocking the placement of cookies, etc.) Delete cookies to remove information stored on your computer from other web pages.
• Google Chrome
Cookie management (deletion, blocking, allowing, setting exceptions, etc.) Management of cookies and site data.
Manage cookies - Manage cookies (English only) Safari 6 (OS X Mountain Lion): Manage cookies. Remove cookies - Delete cookies (English only) Safari 6 (OS X Mountain Lion): Remove cookies and other data.
Cookie management and deletion (English only) Management of cookies and site data. .
• Additional sources and information:
If you use Firefox, you can find out if the site you are using uses "secure" cookies by following the instructions in https://httpsnow.org/help/securecookies