• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Digital ID
  • Privacy Concerns On Cookies Storing Personal Information

Privacy Concerns On Cookies Storing Personal Information

Pierluigi Paganini May 20, 2021

Which are privacy concerns on the way organizations collect personal information through the use of cookies?

Data is constantly being tracked, stored and processed right under our noses, and it is quite frightening to know just how much data a company might have on you. They may not have your deepest darkest secrets (or maybe they do), but they have a track of your interests and behaviour, so much so that in this day and age, organizations have enough information about you that they can replicate a digital version of you. The question remains, where are they getting this data from?

There are several avenues through which organizations can collect personal data but one of the main drivers is cookies. When a user logs on to a website for the first time, the server assigns them a user-specific identity that is distinctive. This identity is stored on the mobile or computer on which the browser is running. In case the user enters the website again, the browser sends a cookie to the server, allowing the website to remember the user. In other words, cookies function as a kind of memory of the internet running through protocols that provide data flow. As sneaky as they can be, they were not created with malicious intent in mind. Quite the contrary, in 1994, when a company called Netscape Communications was developing an e-commerce application, a computer programmer Lou Montulli was thinking of the great value to the e-commerce of remembering the information in the user’s shopping cart and used cookies for the first time.

Cookies could be a privacy threat

Before we can dive into why cookies may be a privacy threat, we need to look into the purposes of cookie consent. There are two main types of cookies that can be found on any website. These are the following:

  • Session cookies:

As the name suggests, a session cookie is stored in temporary memory and is not retained after the browser is closed. An example of this would be, the cookies that keep your information until the session is closed on the websites providing online banking services are session cookies.

  • Persistent Cookies:

These are the opposite of session cookies, as they remain in the system even after the browser is closed and can only be removed either manually or until the cookies expire. Persistent cookies are used for provision of customized content and collection of statistical data about user’s website activity.

First-party cookies

These are the cookies which are usually in effect when visiting a website, but neither one of them is dangerous to your privacy. These are  considered First-party cookies that are stored under the same domain you are currently visiting. So, if you are on a website all cookies stored under this domain are considered first-party cookies. Privacy concerns arise when there are third-party cookies involved.

Third-party cookies

Third-party cookies (cookies that are stored under a different domain than you are currently visiting) are created and placed on your mobile or computer by different internet subjects on the website you are visiting. The different kinds of advertisements that we may observe on websites are provided with these cookies. In other words, ad servers track user behavior to serve customized advertising on another website. These third party cookies may be found on several websites and are considered as the most undesirable types of cookies. This is because of the concern that it may cause privacy and security risks creating a behavioral profile based on your browsing history and the content visited.

Where does consent come into play?

Most global privacy laws such as the GDPR require organizations to obtain the user’s consent before the use of cookies. Such consent must be freely given, specific, informed, and unambiguous indication of the data subject’s wishes. These laws will help consumers feel safe and organizations will have to be much more careful with their data. Obtaining these cookies will although be easy, it will still need consumer’s consent if it has to be processed.

Given the increased frequency and severity of enforcement around consent violations, it is wise for organizations to invest in automation at an early stage of the compliance process and prepare your organization for all data privacy regulations around the world – not just the existing ones but also those that are upcoming.

Conclusion

Cookies may be deemed as a privacy threat, but global privacy regulations ensure that none of personal data can be processed without their consumers’ permission. This will protect the users privacy and also give incentive to organizations to use a first-party approach in order to extract data. That being said, automation is necessary, now more than ever, for any organization that is hoping to comply with privacy regulations in a scalable way.

About the Author: Anas Baig

With a passion for working on disruptive products, Anas Baig is currently working as a Product Lead at the Silicon Valley based company – SECURITI.ai. He holds a degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy.


facebook linkedin twitter

cookies Cybersecurity cybersecurity news Hacking hacking news information security news Pierluigi Paganini privacy Security Affairs Security News

you might also like

Pierluigi Paganini July 24, 2025
Coyote malware is first-ever malware abusing Windows UI Automation
Read more
Pierluigi Paganini July 24, 2025
SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Coyote malware is first-ever malware abusing Windows UI Automation

    Malware / July 24, 2025

    SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

    Security / July 24, 2025

    DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

    Security / July 24, 2025

    Stealth backdoor found in WordPress mu-Plugins folder

    Malware / July 24, 2025

    U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 24, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT