More Culture:

January 25, 2017

Infrequently Asked Questions: What do my browser's 'cookies' really do?

Ultimately, it's a privacy issue.

Cookies: They're part of just about everyone's internet vernacular by now, but what do they actually do? And where, one must wonder, did that ridiculous (and deceivingly delightful) name come from?

To brush up a bit on web literacy, we reached out to Jennifer Booker, associate professor of information science at Drexel University, for some insight.

What's the essential function of cookies? They've endured for an eternity, it seems.

  • The world is full of questions we all want answers to, but are either too embarrassed, time-crunched or intimidated to actually ask. With Infrequently Asked Questions, we set out to answer those shared curiosities. Have a question you want answered? Send an email to, and we’ll find an expert who can give you the answer you’re craving.

Yeah, they've been around a very long time, invented around 1994 -- very soon after the World Wide Web came out. And the purpose of them is to keep track of which websites you've been to before. So, if you go to Amazon, for example, they keep track of the fact you've been there by identifying you with this index file called a 'cookie' -- a rather silly name -- so that way when you go back to the website they can look around and say 'Who is this person? Have they been here before?' They look you up based on that identifier and can look up your search history and all kinds of other things, like target ads based on the cookies of whether you've been there before.

You touched on the advertising element. When cookies were first introduced, was that something that was expected to happen, or did people take advantage of it along the way?

It was added on. Initially, the original World Wide Web protocol, HTTP, didn't have a feature like that -- it just completely had no recollection of if you'd been to a place before. But then people realized it would be nice to find out if someone had been to that site before, and, therefore, if you check inside the web browser, you might find there are hundreds or even thousands of cookies in there keeping track of where you've been. So they can essentially hunt you down when you go back to that website.

Cookies tend to have a negative connotation. Is that warranted?

It's a privacy issue. It's an issue that's common on the internet itself because the internet was designed to exchange information. Inherent in that is you're losing privacy when you do that. Cookies in particular, because they keep track of the fact you've been there, you're losing privacy because they know who you are, quite literally -- to some extent. Or at least know who your computer is. And that way they could -- it's convenient for you, there's that side of it. You could never do one-click shopping and things like that without them. But on the other hand, there are a lot more people who know your preferences and keep track of all this info of what you've done there and go into more details: What kind of searches do you do, how long did you look at each web page, stuff like that. There's a tremendous amount of information someone could get about you just from looking at your history from a particular site. There's a lot of privacy associated with that. You can turn off cookies on your web browser, but then a whole bunch of sites will detect that and then complain 'We can't do what we're supposed to because we're disabled.' There are tradeoffs.

Any middle ground between deleting all of your cookies and still keeping the luxuries, like remembering passwords?

You could turn them off for specific sites, but it takes a lot more effort and most people aren't willing to take the time to do that. It's generally all or nothing for most people. Most people never look at detailed settings for the web browser, clear their caches, or get rid of cookies they've built up. I'm just as guilty. I don't remember the last time I went in to get rid of cookies. It takes quite a while. But from a privacy point of view, if you're trying to have a smaller footprint on the internet ... you know, it's a tough decision.

Has the technical side of cookies changed much since they were introduced?

Not a great deal ... When cookies [were invented] they had created a very limited size for them. You can't have a cookie that's a gigantic file, because otherwise, people could use cookies to crash your computer, taking up your disk space, for example. They intentionally put restrictions on them.

Is there a person associated with their creation? What's with the cookie name? It sounds so pleasant.

Lou Montulli. [The 'cookie' name] was the reference to an earlier piece of equipment for monitoring computers called a 'magic cookie,' so, it was doing something similar and they called it something similar. And that happens a lot in computer networking. They'll come up with a new idea for an application and they'll just borrow stuff all over the place for other apps that came before them. 

And that was in 1994.

Anything to add? What's up and coming comparable to cookies being developed?

Not a whole lot. HTTP hasn't really evolved quickly. And that's what it's based on. So everything else is just coming off of that -- I know there's a brand-new version of HTTP coming out ... There are some brand-new concepts coming out. Mainly, it's trying to incorporate a lot more security and make things work faster. Because HTTP was originally created with no security features at all, which, that's why if you're going to a [link] where it's HTTPS, it's a different protocol. It looks like, in the future, they're going to build security into it.