Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Cookie Quest: what cookie risks might you face online?

hero cookies research

Key cookie findings

Cookies are everywhere online. They follow you around across almost every site you visit. Different browsing habits create different types of privacy and security risks, but what does this mean for different groups of people? What does it mean for you? To highlight these risks, we're sharing six real individuals' stories to help illustrate just how pervasive cookie exposure can be.

cookies research participant comparison

These figures represent six individual experiences and may be different for other similar internet users. However, they serve as a useful picture of the risk levels different types of internet users may face.

We’ll have a specific breakdown for each user’s risk profile further below, but here’s what our researchers found about the sites they visited:

  • The participants gathered an average of 660 cookies over two days, but some wound up with over 1,000.
  • On average, almost 40% of the cookies they encountered were third-party cookies. 20% of the cookies they get were ad-related.
  • News sites were a major risk factor for most of the participants. They delivered an average of 36.34 cookies per site, compared to the average of 17.21 cookies per site.
  • Embedded videos, plugins, and interconnected platform dependencies generated lots of third-party cookies, but very few of cookies of the cookies encountered were necessary (5.46%) or functional (5.01%).
cookies research breakdown table

We’ve got more info about cookies below, but first, let’s meet our heroes…

Meet our Cookie Quest heroes

Six real people volunteered to share their real browsing data with us to build this research project. In addition to hiding their identities, we’ve invented new ones for them to make it easier to compare how they did on our Cookie Quest. Here are our heroes:

Based on the risks each individual faced online, our researchers came up with a list of recommendations for them to stay secure online:

Australian Parent:

cookies research parent holding child
  • Look out for the kids: They’re responsible not just for their own cookies, but potentially for their children’s as well. Education is key, but parental settings and browser settings can also help.
  • Watch out for shopping sites: These almost always have tons of cookies.
  • Cross-site cookies: A surprising number of cross-site connections can form while browsing a wide array of different websites. This can increase their family’s risk profile.

Canadian Student:

cookies research student flying books
  • Education sites: University sites displayed a surprisingly large number of cookies.
  • Anti-student bias: Some sites display biases against student users, assuming them to have low incomes. This can continue for months or even years after graduation.
  • Deal hunter: Looking for apartment listings or the best deals can get the user tons of cookies.

French Creative:

cookies research creative pen tool
  • Beware the content bubble: Cookies and other tracking methods may reduce the diversity of art and media you see.
  • Know sites’ cookie footprints: Government sites use few cookies, but some news and media sites use excessive amounts of cookies.

German Techie:

cookies research techie smart glasses
  • Use the law: Germany’s stronger privacy laws give the techie a privacy advantage when browsing German websites. If possible, opt for sites in countries with strong privacy regulations.
  • Underground sites: Underground/niche sites may have less commerce or ad cookies, but users may need to watch out for other suspicious activity.

United Kingdom Teacher:

cookies research teacher with sword
  • Learn about the risks: News and media sites tend to have tons of cookies, but educational sites often have far less.
  • Keep them separated: Especially when working with children, it’s important to separate your browsing profiles.Use different accounts or even devices to browse.

United States Businessman:

cookies research businessperson flying fast
  • Follow the money: Financial sites are likely to leave lots of cookies, and using those sites can make users prime targets. It’s important to protect your privacy.
  • Shop in private: Commerce sites love to use cookies, but these may sometimes prevent you from getting the best deals offered to you. Try blocking cookies when you shop.

Cookies aren’t a game

Cookies are a normal and necessary part of the internet. Without them, you couldn’t log into a website or fill your online shopping cart. Too many cookies, however, can become a threat to both your security and privacy. Here’s how:

  • Cookies follow you online: Even if you hide your IP address with a VPN, cookies can track what you do online and form a partial ID of who you are.
  • Third-party cookies sell your data: Some sites earn revenue by serving third-party cookies. These aren’t functional – their purpose is to turn a profit from your data.
  • Cookies are a vulnerability: With the wrong browser settings or when visiting the wrong website, cookies can introduce security vulnerabilities to your browsing experience.

This is why managing cookies is important – we can’t live online without them, but too many can be a risk.

Let’s take a deep dive into the types of cookies each user gathered. As we mentioned, not all cookies are equal.

  • Necessary: Cookies without which a site cannot work;
  • Functional: Cookies without which a site cannot perform a specific function. They can help empower functions that provide an additional benefit, like localized content, but are not required for the website to work;
  • Analytics: These cookies collect as much data as they can about you so they can help website admins understand who you are and how they can convince you to buy their products or services;
  • Performance: These cookies analyze how you interact with a website so they can measure a website technical performance. They can help admins improve their websites;
  • Advertisement: Ad cookies help advertisers target you with more personalized offers, increasing the chance that you’ll click and spend money;
  • Other: There are all sorts of cookies to be found online, some of which can introduce vulnerabilities;

Methodology

We asked six individuals to share their daily browsing practices with us. Participants were recruited through an agency, which provided the anonymized results. We didn’t receive any identifying information, and URLs were reduced to domain names.

Each participant provided the domains they accessed on two consecutive days in June 2021 and answered a few basic questions about their interests and awareness of cookies. When presenting the results, we further anonymized some sites such as specific schools or other sites that might provide too much detail around localized or otherwise identifiable data.

The domains visited by participants were run through a cookie scanner and the results were examined for types of cookies. This provided:

  • The number of cookies
  • The percentage of each type of cookie: necessary, analytics, functional, performance, advertisement, other
  • Where each cookie was from

This gave us 3,958 cookies across 230 sites. From this data, we calculated:

  • The number and percentage of cookies from third-party domains
  • The total number of cookies received across the two-day period
  • The average number of cookies received per website
  • The average number of each type of cookie

Similar reports

sharing device

Device sharing and privacy

We analyzed how people share their personal devices and what measures they take to protect themselves and their family members online.

computer privacy

National Privacy Test

Thousands of users tested their cybersecurity-savvy. Find country rankings and average scores in different demographics.

parenting control app

Parental monitoring apps

We looked into the top 4 parental monitoring apps. We analyzed how they work, their trends, and what problems these apps can create.

Let's talk

Have some ideas? Want to learn more?