Back to blogs

Hacks & Tips

17. 03. 2021

Are Browser Cookies A Legal Way Of Online Tracking?

by Marina Banković

Cookies are not just a sweet culinary treat and something you crave for. Cookies are also pieces of data that are essential to your daily browsing activities. They store basic information about an Internet session, such as shopping cart orders and user site settings.

Besides tracking, cookies have many uses such as user personalization, and session management.

Cookies allow websites to remember our usernames. They enable online stores to keep track of items we’ve put in our cart. They provide the necessary data for some of the most popular website analytics tools. In many ways, they make the Internet act the way we assume it works. However, there is a growing concern about the privacy that the European Union (EU) is trying to regulate, with the high demands the companies must meet.

In the past, these concerns have focused on what we intentionally and consciously share with others: whether or not we share our identity, our personal information, and the opinions we post on public forums, or whether we will present ourselves with fictitious nicknames. In recent years, however, the focus of concern has changed.

Web analytics have become more sophisticated and, as a result, targeted advertising has become incredibly specific.

Yesterday you googled or only talked about your plan to start running and exercising, and today you are getting ads that show plans and diets for weight loss, as well as ads for sneakers and running equipment. I remember thinking: How did they know? What’s going on here? I was a little creeped out about these very personal and specific ads.

Custom visual for website cookies

When I spoke to my friends about these highly personalized ads, I realized I am not alone. They also receive very specific and weirdly personal ads. We were researching on various websites about garden furniture (something we never research or speak about) and then we went to visit a news portal that has ad bars on the sides. Guess what we saw? Ads for the garden and patio furniture. I know, targeted ads are so weirdly personal, and yes — they do track our website browsing history. It is important that we are aware of the main culprit.

A very powerful tool responsible for pervasive website tracking is website cookies.

The common types of web cookies

There are a few different types of cookies: essential and non-essential cookies, session and persistent cookies, first and third-party cookies.

Essential cookies are automatically placed on your computer or device when you access a website or take certain actions on a website, and are mandatory in order for the website to function properly.

Non-essential cookies do not fall within the definition of essential cookies, i.e. non-mandatory. These could be cookies used to analyze your behavior on a website (‘analytical’ cookies) or cookies used to display advertisements (‘advertising’ cookies). They are only placed on your computer or device if you have consented to do so.

Cookies can be classified as ‘first-party’ or ‘third-party’.

First-party cookies are “set” by the website you are visiting — e.g. you go to, and sets up a cookie. That cookie will be used for basic functions, such as remembering your preferences or keeping track of how many times you’ve visited the page. Once you leave the webpage, the first-party cookie has nothing left to do.

Third-party cookies are the ones you never asked for and can be set just as easily as the first-party ones. They are set by a different domain from the one you are visiting. The source of these third-party cookies are often advertisements or widgets that the website displays on their page.

Third-party cookies are used to track you across multiple websites and monitor your views, clicks, and anything else that might be relevant for marketing analysis.

You can be relieved, there is a way for blocking and removing third-party cookies. The easiest way to delete third-party cookies is to use some of the most famous (partially) free software such as CCleaner, uBlock origin, ScriptSafe, and many others.

Division by duration and storage of cookies

Session cookies. These are temporary cookies that are deleted as soon as your session ends or after a period of inactivity (usually 20 minutes). They help you navigate the website without tracking your browsing habits. They are not stored in your local storage but are rather kept in active memory.

Persistent cookies. This type of cookie is used for website authentication. Many online retailers also use them in their behavioral retargeting practices, serving you targeted ads or suggesting products in their online shops. Persistent cookies are stored on your computer until they expire or you delete them. These are the ones that manage the “Remember Me” or “Keep Me Logged In” functionality. They are also used to customize the content, especially ads. In addition to affecting your browsing experience, persistent cookies are also used to analyze and track performance data. These types of cookies can be used to tell how long you are staying on a site, your navigation through the site, and other behavioral patterns. They are also used to count the number of individual, unique website visitors, as well as how often visitors return.

Website owners use this information to guide their decisions regarding everything from website design to image selection and page length.

Secure or ‘httpOnly’ cookies. HTTPS encrypted websites use these as protection against hackers. Secure cookies can’t be used by malicious programs as these are usually written in scripting languages such as JavaScript.

Flash cookies. These types of cookies are generated and stored differently than “regular” (or “HTTP”) cookies — they are created and stored in the Adobe Flash browser app. Flash cookies are not deleted when you clear your browser cookies.

Zombie cookies. This is one of the most notorious (and freaky!) kind of Flash cookie, a piece of Flash code that will regenerate normal HTTP cookies whenever they are deleted from a browser cookie folder. These are particularly troublesome as they can install permanently on your computer even if you opt-out.

The “zombie cookie” is much harder to find and remove. This tracking cookie takes advantage of vulnerabilities in Adobe® Flash® Player.

In addition to setting typical small file-sized cookies which are stored in your browser’s file directory, it also sets a “Flash cookie.” This Flash cookie is much bulkier and is stored in the Adobe Flash directory rather than your browser folder. These two kinds of cookies work together, making it harder to identify and delete. The third-party sets two standard cookies, plus one Flash cookie. Every time you visit a third-party domain, the Flash cookie checks to make sure the standard cookies are present. If it doesn’t find them (i.e. if you have deleted the cookies), it recreates them! The outcome of this is a cookie that can’t be deleted; it keeps returning from “the dead”, again and again. The thing is that the Flash cookie is stored outside of your browser folder; thus zombie cookies can track your activity across different browsers.

Privacy Lawsuit Targets Net Giants Over ‘Zombie’ Cookies

Unfortunately, it is a bit complicated to delete these website browser tracking cookies. To destroy this immortal monster, you need to delete the Flash cookie as well as the browser cookies. Once again, we go to software like CCleaner. This time, click CCleaner and select the Applications tab. Then check “Adobe Flash Player” under the Multimedia section. Click “Analyze” and “Run Cleaner” to remove the flash cookies.

The good news is that Flash is no longer available to download since December 31, 2020, and Adobe starts blocking Flash content from running altogether on January 12, 2021. The company recommends that you uninstall Flash entirely as a matter of security. The credit goes to Steve Jobs and Apple back in 2007, when Apple decided not to support it on the new iPhone. Years had to pass to finally put an end to these ‘freaky’ zombie cookies.

Steve Jobs’ open letter “Thoughts on Flash”

Finally, it is no longer possible to run Flash in the new versions of most Web browsers. The major browser vendors (Google, Microsoft, Mozilla, Apple) have announced they will stop supporting Flash Player as a plug-in after December 31, 2020. With that novelty, we can relax when it comes to using flash and zombie cookies.

Photo by Jason Dent on Unsplash

Reasons for placement

Necessary Cookies. These cookies are necessary for the website’s functioning and cannot be switched off in a website system. You can set your browser to block them or alert you of these cookies, but then some parts of a website will not work. These cookies do not store any personal data.
Functional Cookies. These cookies enable a website to provide enhanced functionality and personalization. They may be set by website owners or by independent third-party providers (whose services they have added to their website). If you do not allow these cookies, some or all of the services a website provides may not work properly.

Performance (or Analytical) Cookies. These cookies track visits and traffic sources to measure and improve the performance of a website. They help website owners to know which pages are the most and least popular and see how visitors move around the website. All data collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, a website owner will not know when you have visited a website, and will not be able to track its performance.

Targeting (or Advertising) Cookies. These cookies may be set on a website by the advertising companies to monitor visitors’ behavior. Advertising companies (third-parties) can use them to profile your interests and display relevant ads on other websites. They do not directly store personal information but are based on the unique identification of your browser and Internet device. If you do not allow these cookies, you will experience less targeted advertising.

Pros and cons of website

As written in the blog Internet Cookies: What Are They and Are They Good or Bad? they made a list that describes the pros and cons of website cookies:

Pros of Cookies:

  • Online Shopping Experience. Almost all eCommerce websites allow you to put items in the cart, leave the website, and return to further shopping with your cart intact.
    Form Submissions. Cookies can remember submitted information such as names and other fields on a form. This can save you valuable time when entering live chat with customer support.
  • Personalization. Cookies can help store language preferences and currency preferences as well.
  • Suggested Content. You can see this on webshops using the “Related Searches” feature. To collect data, it relies on cookies, compares them with other users who have a similar profile, and then gives its recommendations.
  • Security Authentication. When entering a session, this allows web servers to know whether a user is logged in. If you don’t allow cookies, websites will never remember that you’re logged in.

Cons of Cookies:

  • Privacy. Most browsers accept cookies by default. As a result, cookies are stored “invisibly” in your local storage every time you browse the Internet. As a result, your browsing history and IP address become publicly known.
  • Local Storage. These “small” web cookies are actual files stored on your hard drive. The more you visit, the more it stores. As it builds over time, it can take up quite a bit of storage space on your computer/mobile device.
  • Unauthorized Data Collection. Websites may sell data collected from cookies to third parties or use it to hack social networks or other online accounts.

How can I disable and block cookies?

Most internet browsers are initially set up to accept cookies automatically. You can configure your browser to reject all the cookie files or to alert you when they are sent to the device. It is important to note that the deactivation or refusal to receive cookies can make certain sections of a website difficult to view and use. All modern browsers offer the possibility to change cookie settings.

Rather than blocking all cookies, you can choose to only block third-party cookies which will still allow the website to function as intended.

Photo by Sigmund on Unsplash

You can configure the settings of the cookies following the instructions below:

– Microsoft Internet Explorer 6.0, 7.0, 8.0, 9.0
Delete and manage cookies — Windows Help
– Google Chrome
Clear, enable, and manage cookies in Chrome — Android — Google Chrome Help
– Safari
Manage cookies and website data in Safari on Mac
– Mozilla Firefox
Enhanced Tracking Protection in Firefox for desktop | How to

– Google Chrome
   1. Android
Clear, enable, and manage cookies in Chrome
   2. iOS (Apple)
Clear, enable, and manage cookies in Chrome
– Safari Apple iOS
Clear the history and cookies from Safari on your iPhone, iPad or iPod touch
– Android Browser
Google Analytics Opt-out Browser Add-on Download Page


It is important that we take home these two pieces of advice. There is nothing good or evil about website cookies; they are “just” tools. However, cookies have evolved to serve other purposes like online marketing. They have also been exploited to violate users’ privacy.

Cookies we allow will be set on the browser and process personal data such as IP addresses, unique IDs, search, and browser history. Based on that, we will be shown personalized ads, the website will remember the username and password, the online store will recommend similar products that we have viewed or bought so far, etc.

In a lot of ways, cookies make the Internet act the way it was intended. If you are a website owner, website tracking with website cookies is a popular way to get information about your users and it is legal, as long as you make sure that all relevant data privacy requirements are met and respected before tracking users. As a website visitor, if you are a bit creeped out about these website browser tracking cookies, it is also worth noting that when browsing in Private or Incognito mode any cookies set during your session will be automatically deleted when you close your browser. In any case, it is of crucial importance that you inform yourself about data you are sharing/collecting while using the Internet.


The Cookie Law Explained
Privacy and Electronic Communications Directive 2002/58/EC
Different Types of Internet Cookies Explained
What Are Cookies and How Do They Work?
Internet Cookies: What Are They and Are They Good or Bad?
What Are Supercookies, Flash cookies, Zombie cookies?
Adobe Flash Player EOL General Information Page
The End of Adobe Flash, One of the Internet’s Most Iconic Technologies