·
Cookie Quest: What cookie risks might you face online?
Key cookie findings
Internet cookies are everywhere. They follow you around across almost every site you visit. Different browsing habits create different types of privacy and security risks, but what does this mean for different groups of people? What does it mean for you? To highlight these risks, we’re sharing six real individuals’ stories to help illustrate just how pervasive cookie exposure can be.
These figures represent six individual experiences and may be different for other similar internet users. However, they serve as a useful picture of the risk levels different types of internet users may face.
We’ll have a specific breakdown for each user’s risk profile further below, but here’s what our researchers found about the sites they visited:
The participants gathered an average of 660 cookies over two days, but some wound up with over 1,000.
On average, almost 40% of the internet cookies they encountered were third-party cookies. 20% of the cookies they get were ad-related.
News sites were a major risk factor for most of the participants. They delivered an average of 36.34 cookies per site, compared to the average of 17.21 cookies per site.
Embedded videos, plugins, and interconnected platform dependencies generated lots of third-party cookies, but very few of the cookies encountered were necessary (5.46%) or functional (5.01%).
We’ve got more info about cookies below, but first, let’s meet our heroes.
Meet our Cookie Quest heroes
Six real people volunteered to share their real browsing data with us to build this research project. In addition to hiding their identities, we’ve invented new ones for them to make it easier to compare how they did on our Cookie Quest. Here are our heroes:
Based on the risks each individual faced online, our researchers came up with a list of recommendations for them to stay secure online.
Australian Parent
Look out for the kids: They’re responsible not just for their own cookies, but potentially for their children’s as well. Education is key, but parental settings and browser settings can also help.
Watch out for shopping sites: These almost always have tons of cookies.
Cross-site cookies: A surprising number of cross-site connections can form while browsing various websites. This can increase their family’s risk profile.
Canadian Student
Education sites: University sites displayed a surprisingly large number of cookies.
Anti-student bias: Some sites display biases against student users, assuming them to have low incomes. This can continue for months or even years after graduation.
Deal hunter: Looking for apartment listings or the best deals can get the user tons of cookies.
French Creative
Beware the content bubble: Internet cookies and other tracking methods may reduce the diversity of art and media you see.
Know sites’ cookie footprints: Government sites use few cookies, but some news and media sites use excessive amounts of cookies.
German Techie
Use the law: Germany’s stronger privacy laws give the techie a privacy advantage when browsing German websites. If possible, opt for sites in countries with strong privacy regulations.
Underground sites: Underground/niche sites may have less commerce or ad cookies, but users may need to watch out for other suspicious activity.
United Kingdom Teacher
Learn about the risks: News and media sites tend to have tons of cookies, but educational sites often have far fewer.
Keep them separated: Especially when working with children, it’s important to separate your browsing profiles.Use different accounts or even devices to browse.
United States Businessman
Follow the money: Financial sites are likely to leave lots of cookies, and using those sites can make users prime targets. It’s important to protect your privacy.
Shop in private: Commerce sites love to use cookies, but these may sometimes prevent you from getting the best deals offered to you. Try blocking cookies when you shop.
Cookies aren’t a game
Cookies are a normal and necessary part of the internet. For example, without cookies, you would need to type your login credentials every time you want to log into a website. Too many cookies, however, can become a threat to both your security and privacy. Here’s how.
Cookies follow you online. Even if you hide your IP address with a VPN, cookies can track what you do online and form a partial ID of who you are.
Third-party cookies may sell your data. Some sites earn revenue by serving third-party cookies. These aren’t functional – their purpose is to turn a profit from your data.
Cookies may pose security risks. With the wrong browser settings or when visiting the wrong website, cookies can introduce security vulnerabilities to your browsing experience.
While they’re essential to the online world, too many cookies can put your digital privacy at risk. To protect your privacy, you may want to occasionally clear browser cookies.
Let’s take a deep dive into the types of cookies each user gathered. As we mentioned, not all cookies are equal.
Necessary: Cookies without which a site cannot work.
Functional: Cookies without which a site cannot perform a specific function. They can help empower functions that provide an additional benefit, like localized content, but are not required for the website to work.
Analytics: These cookies collect as much data as they can about you so they can help website admins understand who you are and how they can convince you to buy their products or services.
Performance: These cookies analyze how you interact with a website so they can measure a website’s technical performance. They can help admins improve their websites.
Advertisement: Ad cookies help advertisers target you with more personalized offers, increasing the chance that you’ll click and spend money.
Other: There are all sorts of cookies to be found online, some of which can introduce vulnerabilities.
Methodology
We asked six individuals to share their daily browsing practices with us. Participants were recruited through an agency that provided anonymized results. We didn’t receive any identifying information, and URLs were reduced to domain names.
Each participant provided the domains they accessed on two consecutive days in June 2021 and answered a few basic questions about their interests and awareness of cookies. When presenting the results, we further anonymized some sites that might provide too much detail around localized or otherwise identifiable data.
The domains visited by participants were run through a cookie scanner, and the results were examined for types of cookies. This provided:
The number of cookies
The percentage of each type of cookie: necessary, analytics, functional, performance, advertisement, other
Where each cookie was from.
This gave us 3,958 cookies across 230 sites. From this data, we calculated:
The number and percentage of cookies from third-party domains
The total number of cookies received across the two-day period
The average number of cookies received per website
The average number of each type of cookie.
Let's talk
Have some ideas? Want to learn more?