Question Why should I be afraid of cookies?

[Dimitri001]

I've always heard cookies talked about as a security risk and something to fear and avoid.

Now, I understand cookies are something that, among other things, sites use to track you around the internet and see what you do. Is there some reason I should care that they do this? Like, they can't get my credit card info or something like that, they're just compiling info on my browsing activity, right? Why should I care if they know that I visit this site or that?

Is there also a security risk in the sense of a hacking risk? Someone being able to get your passwords via cookies?

Basically I'm asking, should I avoid cookies or just let sites track whatever the hell they want to?

 

[Math Geek]

that's up to you whether you care if you are tracked or not. some don't care, others care deeply.

it's simple to block them in most browsers. most people tend to disable 3rd party cookies at a minimum. these are the ones that track you around the web for the most part.

i tend to disable all cookies and only whitelist the ones i need to use a site or enable a feature i want. for instance the tom's hardware cookie is what keeps you logged in. don't wanna have to log in everytime i visit the site, so that cookie is allowed. the other 20 from the site are blocked.

you just need to figure out what you are willing to deal with and go from there. passwords are not part of a cookie so no worry there, but there are reasons beyond privacy that makes blocking 3rd party cookies a good idea as a simple security measure.

 

[hotaru.hino]

I would categorize cookies into two broad groups: session cookies and tracking cookies.

Session cookies are what allow you to log into sites and remain logged in. There are ways to do cookieless sessions, but I'd argue that is less secure since they embed the session ID into the URL.

Tracking cookies is what everyone is talking about, which saves some information about you for various purposes.

As far as getting your account credentials, normally none of that is stored in the cookie. When you log in, the server assigns a session ID to the computer. That session ID is what the computer uses to tell the server that they're logged in as a particular user. However, while there's still the security issue that if someone obtains the session cookie, it's not really a concern as long as you don't open anything suspicious. Note that stealing a session cookie is how Linus Tech Tips got hijacked, but you can watch their followup video on how that all worked.