Not all Web browser "cookies" are bad. They're what let you continue to access a website without re-entering your password on every page. Without cookies, every time you clicked a link on Facebook, it would be necessary to enter your email and password again.
What is a tracking cookie?
Like every type of program out there, there are versions of cookies that present a risk to the safety of information you enter online. These are known as tracking cookies — specialized versions of cookies that record your entries and report them back to wherever the cookies' designer wants your data to go.
Since you've likely never had to deal with cookies beyond emptying out your browser cache to free up hard-drive space, it's easy to see how a hidden tracking cookie could be installed without your knowledge and be monitoring your activities right now.
How do cookies work?
A regular cookie is essentially a small text file, sometimes only a few kilobytes in size, which contains options the page will load for you upon subsequent visits.
For example, if you turn the SafeSearch option to "high" or "off" in Google, your Web browser would edit the cookie for google.com with a bit of text that tells the Google website to set the SafeSearch option to your setting. However, instead of being held on Google's servers, the cookies are stored on your computer.
That's because servers that host websites already contain massive amounts of data. If the settings for every user who came to each website were stored on Web servers, many site servers would quickly run out of storage space. This is why the load is spread out among individual visitors.
What do tracking cookies do differently?
A tracking cookie takes the regular cookie process one step further and sends a log of your online activities, usually tied to your Internet Protocol (IP) address, to a remote database for analysis. Many tracking cookies are benign and want only to use your information, along with the data of millions of other anonymous users, for marketing analysis.
However, some cookies are designed by programmers to send specific user information, which can include names and addresses, out to the tracker host.
If the host recognizes a cookie on the browser whenever an ad or page is loaded, it can send the record of your visit to the logs and more precisely target you with ads geared to your next visit. Some ads will even address you by name and mention your location.
To many Web users, such practices are an invasion of privacy, and naturally lead to concerns about whom the ad companies are sharing personal data with.
The federal government is moving forward with a "Do Not Track" proposal that would let people control exactly what they divulge online. Most Web browsers have made Do Not Track an optional feature that users can switch on, but most websites don't honor it.
How to avoid tracking cookies
There are a few different ways to deal with cookies, tracking or otherwise.
First, be sure to regularly clear out cookies when getting rid of other stored private information in a Web browser. This should not take long, and there is likely a large button in the Privacy options that refers to deleting cookies.
Next, you can decide what level of access cookies should get. If you allow all cookies, you are setting yourself up for a potential recording of your personal data. Disallowing third-party cookies usually limits the number of "dangerous" cookies that can be installed.
Finally, be sure that you are up to date on the privacy policies of sites you visit frequently. Often, websites will disclose the use of tracking cookies as part of legal disclaimers. Knowing the attack is coming is always vital in setting up the defense.