Ayan Rayne

ENTRY_DATE:

Cookies on the Web: Convenience or Quiet Spying?

Cookies make websites remember you — but they also help advertisers track you. Here’s how cookies actually work, what kinds exist, and how to protect your privacy without breaking the internet.

Privacy 101
Cookies on the Web: Convenience or Quiet Spying?

The Cookie Dilemma

Every website asks you to “accept cookies.” Most people just click Yes to make the pop-up disappear. But behind that innocent-looking button lies one of the web’s oldest, and most quietly invasive, tracking systems.

Cookies were invented to make the internet usable. Without them, you’d get logged out every time you refresh a page, and your shopping cart would forget what you added.
But over time, they became a marketing goldmine, the backbone of surveillance advertising.

What Are Cookies, Really?

Think of cookies as digital sticky notes your browser keeps for each website. They help sites remember small things about you, whether you’re logged in, what language you prefer, or what’s in your shopping cart.

Technically, a cookie is just a tiny text file with a name and value (like session_id=abc123) plus some rules about where and when it should be sent.

Whenever you visit a site:

  1. The server sends your browser a “Set-Cookie” command.
  2. Your browser stores it.
  3. Each time you revisit the site, your browser sends it back, letting the site recognize you.

Harmless enough… until advertisers realized they could use those same cookies to follow you across the entire internet.

Cookies data collection
Cookies Data Collection

Types of Cookies (and Why They Matter)

Type

Who Sets It

Purpose

Privacy Impact

Session cookies

The site you’re using

Keeps you logged in during a single visit

Low

Persistent cookies

The site you’re using

Remembers you across sessions (e.g., “stay logged in”)

Medium

First-party cookies

The site itself

Needed for basic functionality and analytics

Low–Medium

Third-party cookies

Ads, widgets, tracking scripts from other domains

Builds cross-site profiles for ads

High

Here’s the twist:
Even if you never click an ad, third-party cookies quietly tell advertisers where you go, what you read, and what you might buy next.

Cookie Security Basics

Cookies come with “attributes”, little safety locks meant to protect you (when developers actually use them):

  • Secure: Only sent over HTTPS (prevents snooping).
  • HttpOnly: Can’t be read by JavaScript (reduces theft via cross-site scripting).
  • SameSite: Controls whether cookies are sent with cross-site requests, crucial for blocking tracking and some hacks.

Done right, cookies make the web safer. Done wrong, they’re a privacy nightmare.

How Cookies Track You

Tracking cookies use unique IDs, like serial numbers for your browser.
When you load a page with ads, analytics, or social media buttons, those third-party scripts drop their own cookies.
Then, when you visit another site with the same ad network, boom, your behavior connects across sites.

This lets ad companies:

  • Reconstruct your browsing history.
  • Infer your interests, income, and intent.
  • Sell your data to hundreds of partners you’ve never heard of.

And no, deleting cookies doesn’t make you invisible, they’ll just rebuild your profile using device fingerprints or browser IDs.

The Jurisdiction Game

Rule

GDPR (EU)

CCPA (California)

Consent Type

Opt-in, you must agree before non-essential cookies load

Opt-out, cookies load unless you say “No”

Who Enforces It

Data protection authorities (EU)

Attorney General + private lawsuits (CA)

User Rights

Right to access, withdraw consent, and demand deletion

Right to know, delete, and opt out of “sale/share”

Reality Check

Most banners still dark-pattern users into clicking “Accept All”

Opt-out tools often buried or ignored

So yes, those cookie pop-ups exist because of privacy laws. But they’re mostly designed to get your consent, not earn your trust.

Life After Third-Party Cookies

The good news? They’re dying.

  • Safari and Firefox already block them.
  • Google Chrome (finally) plans to phase them out, replacing them with the Privacy Sandbox, a set of APIs like Topics and Protected Audience that keep tracking “in the browser.”

But let’s be clear: these “privacy-friendly” replacements don’t kill tracking, they just make it harder to see.

The Takeaway

Cookies are the original web memory system, a brilliant invention hijacked by the ad industry.
They’re not inherently evil; they’re just easily abused.
Your login cookie keeps your session alive.
Your tracking cookie keeps your privacy dead.

So next time a site says, “This website uses cookies,” remember, it’s not about dessert.
It’s about data.

Scroll to Top