ALVARO CYBER WEEKLY SECURITY REPORT - HOW SAFE ARE COOKIES?
by Alvaro, cyber security expert at BATSOFT.
The speed or the agility we have when browsing the internet are usually above any privacy policy. Therefore, accepting cookies on the pages we visit is not a problem. However, for others, cookies are annoying and feel that they compromise their data every time they accept them.
With “cookies” we seek to know not only the number of users who enter our website but also their profiles to work with this data and improve our sales taking into account the figure of the consumer. Cookies are data that a web server stores in our browser each time we visit a page on the Internet.
Cookies are intended to create profiles and offer to advertise tailored to the interests of each user, as well as store access data to a certain site (username or password) which makes browsing more comfortable. For this reason, it is important to emphasize the idea that, when we accept cookies, they are collecting the knowledge that the user himself provides from his computer.
There are several types of cookies - session cookies collect data only when the user browses the website and are deleted once the session has ended. Persistent cookies are those whose data is stored for the period defined by the website administrator himself. Generally, own cookies (managed from a webmaster's domain) do not represent a problem since their mission is purely functional. However, in the case of third-party cookies (managed by an entity other than the publisher and for analytical purposes), they may collect personal data that could put the user's privacy at risk.
In Europe, the General Data Protection Regulation (GDPR) and the Privacy Directive (ePR) require websites to ask the user if they accept cookies. In addition, they must inform users about the provisions of third-party removal and blocking tools, as well as provide information about who is using that data and about automated profiling.
In some cases, the option to "reject cookies" prevents navigation of all or part of the web page that you are seeking to access. In this case, the website must inform the user about this situation and, in addition, must offer alternative access to the desired service without having to accept them.
This situation may change with the current draft of the GDPR, which reflects the idea that the user should be allowed to browse the website despite having rejected cookies, exempting those that are essential for the operation of the site.
We can choose the browser settings to block third-party cookies or block them in the case of browsing in private mode. For its part, the device must be configured so that it does not use the advertising identifier to create profiles or display personalized ads.
It is important to assess the privacy options that you are offered when you choose a browser, as well as the apps that you decide to install on your device. Finally, it is recommended to avoid logging into your browser identifying yourself with a user or having the session open indefinitely.
IFAC comment: for those who missed Alvaro's cyber seminar, it was interesting to hear Alvaro explain how his holiday in China was disrupted by the Chinese la enforcement. Even while a student in Cheltenham they had a file on him, and tracked his every move in the country.