How to manage cookie privacy in the enterprise

Cookies can make life easier for users by preventing them from having to re-enter passwords and preferences on websites, but they also carry some legitimate privacy concerns.

Computer cookies, tracking and ads are the price of admission for a free internet. They are generally harmless and can even be helpful, but they have a dark side. IT professionals must understand cookie privacy concerns and the value of cookies before they delete them.

Websites have used cookies -- small files stored on a computer by an internet browser containing login data and information about what a user looked at -- to store data for decades. Most websites have cookie policies IT and users can view.

When a user visits a site for the first time, the website creates and populates the cookie or cookies with data about his visit. When he visits again, the site reads the cookie and populates the information for him, making performance faster and preventing him from having to re-enter information, such as a password and user name, on every visit.

Computer cookies also track website activity -- which pages a user visited, how often he visited each page, the items he put in his shopping cart and more. As a result, he can see what he recently viewed and doesn't have to re-enter his preferences, lists of product interests and other activities. This is how products a user views on a shopping site show up as ads on other sites.

Cookie security

It's easy for users and IT to worry about cookie privacy and security, but it should not be that much of a concern because:

  • The cookie and data only live on the user's computer. It is technically possible to copy cookies from one computer to another and steal identification. The browser is responsible for cookie security.
  • Websites cannot access cookies other sites create.
  • Accepting a cookie does not give a server access to a user's computer or personal information.
  • Internet browsers employ security measures to prevent cookie transfers to other computers. It is possible to steal cookie data with a cookie tossing attack, however.

Tracking cookies

Tracking cookies, which monitor user location, device type, visit frequency, pages visited and other data to provide targeted ads, probably creates cookie privacy and security concerns.

Modern advertisers want to custom-deliver ads to users that will be relevant to their interests rather than trying random hits. Users may be annoyed after looking for running shoes on Amazon and seeing ads for shoes a few minutes later on Google, but it pays the bills. All the apps, searches and emails users work with are paid for by those ads.

Websites can use powerful third-party tracking tools to analyze the data cookies collect. Some of these tools can share cookie data between multiple unrelated websites, however. As a result, a site could access more of a user's data for a more complete picture. The site can then turn around and sell that data to advertisers and other customers, and there is little the user can do about it. The big data analytics tools that are popular today make this whole issue rather frightening.

Stop cookie tracking

If IT wants to protect users' personal information by stopping or removing computer cookies, it is possible, but complicated.

Each browser type -- Google Chrome, Microsoft Internet Explorer, Mozilla Firefox -- has its own proprietary way of managing cookies. Some browsers allow IT or users to delete specific computer cookies, which may require a special tool. It makes sense to remove the dangerous sites, but IT has to identify them because cookies can be good, so stopping them may not only be an annoyance, but it may prevent users from entering or logging on to a site entirely.

To improve cookie privacy, IT can gather at least a partial list of the cookies it should delete, but when users visit sites that repopulate the cookies, IT is back to square one. Even if IT removes all the cookies and prevents them from being stored, there are other ways a site can track and exploit a user's activity and browser cache.

To fight back, IT can use an adware removal tool or an ad-blocker, which blocks the tracking that produces ads.

An adware attack can intercept a user's browser startup request or produce ad pages when the user clicks on links within a website, covering up the page he wanted and sometimes generating several ad pages. Antivirus software does not always address adware and may still pronounce his computer clean. Malwarebytes, AdwCleaner, Zemana AntiMalware, HitmanPro and Adware Removal Tool can help in these instances. Sometimes, IT may need to combine tools to eradicate the problem. Some of the tools are free and some are paid, but most provide a free evaluation period so IT can clean up the problem and then purchase the tool to continue proactive maintenance.

Blocking and deleting computer cookies will not solve the cookie privacy problem, but being aware of malicious activity, paying attention to unusual results -- such as rogue startup pages -- and noticing the domain of pop up ads can help to reduce the effect. Review the procedures for removing or managing cookies for a particular browser and consider employing appropriate ad-blockers proactively to minimize the risk.

In addition, IT should educate users on how cookies work and tell them to be cautious about the sites they visit.

Dig Deeper on Application management

Virtual Desktop