Mozilla Explains: Cookies and supercookies

Every time you visit a website and it seems to remember you, that’s a cookie at work. You might have heard that all cookies are bad, but reality is a bit more nuanced. If you’re new to understanding how it all works, we’re here to help.

What are cookies?

You already know cookies are tasty baked treats, and you might also know a few Cookies personally. Cookies are also technology tidbits used by websites. These cookies are small data files stored on your computer by websites you visit. They often save your settings for a site, which can be beneficial. Most people find it convenient for a website to remember some information like logins, language preference, items in a shopping cart, things they looked at last time they visited (like those daffodil yellow beach sandals that are just about to sell out) and so on.

Silent, behind-the-scenes personalization like this is made possible by cookies that are managed by the website itself. Through cookies, the shoe site is able to greet you 👋 and remind you about those beach sandals right away because you looked at them last time.

Some cookies are helpful without tracking you across the web. They do a sweet job on the website and that’s all. Other cookies collect your data and then share it across other websites through cross-site tracking. Not always so sweet.

What are cross-site tracking cookies?

Cross-site tracking cookies are stored on your computer by websites you visit. They’re inserted by data collection firms, advertising networks and analytics companies — third parties that use cookies to track you, profile you, and retarget you with ads. Tracking cookies follow you from site to site to follow what you do online and report back to their owners, those third parties.

Tracking cookies can hitch a ride through ads, social media (like the “like” button), tracking pixels (a tiny image tucked into the website code) and scripts in the background. So as you’re browsing summer footwear trends, tracking cookies are taking notes, passing that information over to their owners who may in turn blast you with ads for sandals and beach vacation packages when you browse elsewhere on the web.

As people are getting smarter about blocking and deleting tracking cookies, ad technology companies are turning to other data collection and tracking methods like supercookies.

Tip: To see what tracking cookies Firefox has blocked for you, just type “about:protections” in your browser bar to explore what Firefox is blocking behind the scenes. While the number of trackers you block fluctuates depending on the sites you visit, Firefox users collectively block more than ten billion trackers daily worldwide!

What are supercookies?

First, let’s clear one thing up. Supercookies aren’t cookies. But they’re similar. And worse.

Supercookies are similar to tracking cookies in that they allow a tracker to stitch together your visits to different websites. The key difference is that — unlike cookies — your browser was never designed to store supercookies. Instead, tracking companies have found ways to abuse other unrelated browser features to secretly place their supercookies. This often makes it harder for your browser to clear or block supercookies than it would be to block normal tracking cookies.

For example, security researchers have found supercookies hidden in the browser cache. What’s a cache? It’s temporary storage for things like your browsing history, images and code. Cached data is saved locally on your computer (vs on the interwebs) so it doesn’t need to be re-downloaded every time you visit the same sites, which speeds up your browsing and helps you use less bandwidth.

Hiding supercookies in the cache is sneaky and kinda rude if we’re being honest. Clearing your cache can help you get rid of most supercookies, but that’s inconvenient because you lose the benefit of caching data in the first place. It’s also impractical because if you have multiple websites open simultaneously, the cached supercookies can still communicate with each other. Dealing with this is super messy for the everyday person. But there is a solution.

How can you control cookies?

When it comes to tracking, the best offense is a strong defense by preventing trackers from getting on your computer in the first place. Firefox blocks cookies from known trackers, scripts from known fingerprinting companies, and supercookies — all without you having to lift a finger.

Still, the task of stopping trackers is like a game of whac-a-mole. Something new is always popping up, like supercookies have. The better solution is to block tracking from known and unknown trackers, including those that might be flying under the radar.

The latest privacy option in Firefox “Strict Mode” maintains a separate “cookie jar” for each website you visit. Any time a cookie shows up in your browser, Firefox locks it up in a cookie jar which is assigned to the website that introduced it. This way no cookie is cross-site, be it from a known or unknown tracker.

Worrying about cookies and trackers is no fun, and you surely have other things to think about. Firefox is here to take on trackers and protect what’s important — your privacy, security and experience online. We battle the trackers so you can get on with life with less creepy tracking and ad targeting. Whether or not you snag those daffodil yellow EVA beach sandals is no one’s business but your own, and maybe your best friend who has the same shoe size.


Share on Twitter