What do the cookies really represent? Simple marketing tool or a continuity of big brother is watching you?

Introduction 

Like all of us, you should now have the reflex, when you open a web page, to press "accept all" or on the contrary "refuse all" when you are asked to authorise cookies. 

But what do they really represent? Simple marketing tool or a continuity of big brother is watching you?

The digital revolution that we have been experiencing for several decades now has brought about many significant changes in our daily lives. There is a real acceleration in the circulation of information, a removal of geographical barriers, an upheaval in all the world's geopolitical rules. Such a transition is not without impact on the daily lives of consumers who are constantly exposed to it. Cookies, which are small files that are inserted on your computer by the website you are using to record information about you in order to facilitate and personalise your browsing, are a perfect example of this. Most people do not know how to react to these new developments and how to interpret them.

According to a study by The Data Dialogue, cookies are worrying Internet users. 80% of them fear the use of their data by companies without their authorisation and 70% would like to be able to consult the information that concerns them circulating freely on the internet.

We can ask ourselves whether the use of cookies should be considered as a threat to our freedom? 

We will try to answer this question by firstly presenting the concept of cookies and their usefulness, then by explaining how they can represent a danger and  we will finish with the fight that Europe is leading against GAFAS concerning the protection of personal data: a concrete example of this threat.

Cookies, footprints of the Internet 

Cookies, invented in the mid-1990s by Americans John Giannandrea and Lou Montulli, are in the form of text files, which are automatically stored by the browser on the hard drive when a visitor visits a website. Cookies have been developed to improve the user experience, to allow websites to remember the passage of persons. They have thus played an important role in the development of the Internet as we know it today.

The CNIL gives the following definition : "A cookie is a collection of information, usually small and identified by a name, that can be transmitted to your browser by a website on which you are logging in. Your web browser will keep it for a certain amount of time, and will return it to the web server each time you log back in."

Their purpose is thus to give information about the preferences of the person who visits a site. The site is able to recognize and keep information, for example the choice of language, pages visited or for example the content of a shopping cart. Cookies are also useful for obtaining statistics on the website in question: page viewing time, clicks, etc. All this makes it possible to improve traffic on the site. 

There is also other types of cookies such as the third-party cookies, created by domains other than the one the user is visiting at the time, and are mainly used for tracking and online-advertising purposes. They have a very important role in targeted advertising. 

But how does it work technically ? Without entering too deep into details, it is the browser (Firefox, Chrome, Safari, etc.), in the user’s computer, that manages cookies. It is the browser that receives from the server the order to save them. The principle of cookies is part of the hypertext transfer protocol HTTP which is a communication protocol between the client (the Internet user) and the server (the website). It also saves them and allows to control them, according to the wishes of the user. It is thus possible to prohibit any storage of cookies but access to many sites, or at least the use of their functionalities, is then impossible.

Security, ethics and data use : the problems of cookies

Since their introduction in 1994, cookies have been questioned and contested, regarding their use and their implications. These are indeed fundamental and crucial points of the internauts’ privacy and security that are at stake in these little tools and behind this sympathetic name of “cookies”. 

Cookies are indeed, by their very nature, closely linked with personal data (that they stock), and are therefore raising many concerns about how these data are used, how they are protected, and the extent to which web users can control them or not. 

• The first sore point obviously concerns the exploitation of cookies by websites that create them, and the resulting encroachment on privacy for the internaut. If cookies are indeed initially used to facilitate the navigation of the web visitor, they are today mainly turned into marketing tools, that enable websites to target advertising, based on the internaut’s previous navigation and searches. Even though cookies are supposed to be hermetic and not to be exchangeable between websites, some specific ones, the “third-party cookies”, enable after all the cross-checking of information between all the websites a person can visit on her smartphone or computer, and this without even her knowledge, let alone her approval. 

• But there is another issue triggered by data storage on cookies, and by which every user can potentially be concerned : cookies stealing. Since cookies store sensitive information about the internaut’s identity and privacy, and since there are still flaws in browsers and online security, hackers can at any time steal the cookies of an internaut and take advantage of their content (name, address, credit card codes), which can lead to identity theft and other online fraud. Some cookies even contain websites logins and passwords, so that the hacker can have a total control over someone’s online activity. 

As an example, Microsoft disclosed in 2019 a vulnerability that had exposed the users of Hotmail and Outlook, whose mailbox and personal information were for a while accessible to hackers. Most recently, a few weeks ago, more than three billion stolen logins and passwords from different websites includin Netflix, Gmail or Linkedin, were leaked by hackers on the internet, this unprecedented incident being described as the “mother of all data leaks”. 

So whether it is about ethics and transparency towards web users, or simply about online security and data protection, cookies are very controversial, and make people request more control and regulation, both by companies and by lawmakers. 

...