All about cookies and your privacy: SSO Alert Priority Low
18 October 2013
Cookies are a commonly used method of recognising and tracking your activity online.
While there are benefits to their use, some people are also concerned about the extent to which cookies impact on their privacy.
A recent study has added weight to the suggestion that the extent to which some companies track your online behaviour using cookies, has become excessive.
The study suggests that while cookies are undoubtedly necessary for some purposes such as website logins and identification, they are also being used in less conventionally acceptable ways, to track people online—often without their consent or even without their knowledge.
In particular, the report describes how 'third party' cookies are often difficult to manage and can be quite evasive.
Websites do not have any easy way of identifying people who visit them. Cookies are therefore used to enable websites and other online services to identify and remember you.
A cookie is a small file containing information about you and your computer. They are automatically created and stored on your computer when you visit a website.
They are used to perform a wide variety of functions; for example, if you use a web based email service such as Hotmail or Gmail, when you log in with your username and password, a cookie is created that uniquely identifies your computer. This cookie is then used to verify you to the email provider for that session. It confirms that it is you accessing your email, and that you have already logged in. Without cookies, you would need to re-enter your username and password every time you open a different email to verify yourself again to the server, even in the same web browser.
Cookies are used for most services and websites on the internet, including email, browser based games, online portals and online shopping. Cookies used in this way are known as 'first party' cookies, and allowing cookies such as these can undoubtedly improve your experience online.
Third party cookies and tracking
In addition to such first party cookies, cookies can also be added by sites other than the one you were visiting.
For instance, if you are visiting a particular website (eg., www.example.com) you may also receive a cookie from another website entirely (eg., www.tracking.com).
The creation of this extra third party cookie is permitted by the original website you visit (www.example.com) for a number of reasons, most commonly due to advertising affiliations.
Advertising companies commonly use third party cookies to track you across the many websites that serve their ads to build a profile of your behaviour.
By monitoring this third party cookie as you browse the internet, they can develop a detailed understanding of your habits including which websites you visit, what you do there and how long you are there for.
Although this is typically anonymous information, there are many possible uses for this aggregated data, the most common is to show you more personalised ads.
In compiling data for such profiles, there is also a concern among some consumers that anonymity is being eroded.
Managing your cookies
There are a variety of methods you can use to limit the amount of tracking you are subject to online, and managing cookies is one of the more easily undertaken. However, it can still also be extremely difficult to actually stop specific cookies of concern. For most of us, disabling cookies altogether will severely limit the functionality of websites you visit, so it requires regular attention.
The best recommendation is to try and manage third party cookies via your browser, and to do this on an ongoing basis.
Most browsers have options for you to disable or enable all cookies, but they will also have options for you to approve or enable cookies for each website you visit, or by cookie type, on a case by case basis. One specific option that many browsers have is to disable third party cookies, which are the most commonly used for tracking. If you are concerned about the ability of third party companies tracking your movements online, you should disable third party cookies on your web browser.
More information on managing cookies for the most commonly used browsers is available at:
It’s important to be aware that cookies are just one of a number of ways you can be tracked online. This recent Sydney Morning Herald article provides an introduction to some of the other issues. It also suggests some further things you can try to manage tracking online.
The ICSL report on cookies also includes more detailed information on disabling cookies and further statistics on the usage of tracking cookies online.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Information provided by the Internet Commerce Security Laboratory, www.icsl.com.au
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.