Saudi cybersecurity experts explain cookies, data and privacy infringement

Cookies themselves are harmless because they cannot hold codes so cannot contain viruses, but they can be a cause of malicious activities. (Shutterstock)
Short Url
  • Cookies are text files containing information — like a username and password — that is saved about someone when they visit a website

RIYADH: The impact and necessity of the internet is more obvious than ever as it is the main source of communication, entertainment, information and shopping for many people. One of the most important uses of the internet is also one of the most simple — visiting websites.
Saudi Arabia has been a target for cybercriminals, and authorities have warned people to be careful when disclosing their personal information to unofficial parties. The matter has become a priority as the Kingdom is making significant investments in various sectors and is rapidly advancing. But one issue has been partially undermined by everyday internet users — cookie security.
Cookies themselves are harmless because they cannot hold codes so cannot contain viruses, but they can be a cause of malicious activities involving personal data. Many Saudis browsing the web do not understand or realize that the problem lies with using suspicious or sketchy browsers. They may seem legitimate but, in truth, they have security holes that can inadvertently leak personal information to malicious users and hackers.
Research company Our World in Data said that, globally, the number of internet users increased from 413 million in 2000 to more than 3.4 billion in 2016. The 1-billion threshold was crossed in 2005. It also said that, every day over the past five years, an average of 640,000 people went online for the first time. As for websites, tech marketing company Indivigital said there were more than 1.8 billion websites online in 2019 and that approximately 14,281 new websites were being created every day.
However, when visiting almost any new website for the first time, users can come across a little pop-up informing them that they need to accept cookies for the site to function properly. Sadly, nobody is being offered a delicious baked good. Instead, when accepting cookies, people are providing the site with a little packet of personal information.
Saudi cybersecurity experts Dina Al-Sharif and Abdullah Al-Gumaijan gave Arab News the lowdown on cookies — what they are, what they are used for, and how to ensure the safest browsing experience — to increase awareness about them.
HTTP cookies are essential to the modern internet, but they also pose a risk to privacy. Cookies help websites remember users, their logins, and more. But they can also provide hackers and cybercriminals with information that they can use against people.

HIGHLIGHT

Many Saudis browsing the web do not understand or realize that the problem lies with using suspicious or sketchy browsers. They may seem legitimate but, in truth, they have security holes that can inadvertently leak personal information to malicious users and hackers.

Cookies are text files containing information — like a username and password — that is saved about someone when they visit a website. Whenever someone visits a website, their computer sends this information automatically as a way of recognizing repeat visitors.
“The main goal of cookies is to identify returning users and improve the web browsing experience,” Al-Sharif said. “When you visit a website and accept their cookie, a text file is stored on the user hard disk which allows that site to store information and later retrieve it.”
Al-Gumaijan added: “For example, when you visit a site like Amazon and add items to the cart without logging in, if you visit Amazon again later you will notice those items are still in the cart. Amazon knows what those items are by using cookies.”
Since cookies are information provided by the same website being visited, Al-Gumaijan said that users were not really sharing sensitive information by visiting them. But most websites providing their content for free rely on adverts because the only means of income is to share user behavior with third-party entities, allowing them to engage in targeted advertising.
“If you visit a website selling used cars, and also search for specific car brands like BMW, you may start to notice BMW ads appearing on other sites, or when using social media,” he said.
According to Al-Sharif, cookies themselves did not necessarily pose a threat, but how they were used was still worth taking into consideration. “Before you accept cookies, websites are obligated to present their ‘cookie policy’ which you can read to learn more about how they are used.”
Cookies themselves are not harmful since the data in them does not change. They cannot infect computers with viruses or other malware. However, some cyberattacks can hijack cookies and enable access to a user’s browsing sessions.
Al-Gumaijan said that, for the most part, it was safe to accept cookies. But overly cautious users could try to opt for websites that allowed the option of rejecting them or using private browsing methods to avoid them.
“It’s important to keep in mind that general information about your activity on any website where you accept cookies will be shared with others. If this something that concerns you, you can use browsers that provide private modes such as Firefox and Google Chrome (incognito mode). This way, your activity will not be used next time you visit those websites.”
Removing cookies is also an option that can help users mitigate the risk of privacy breaches, but they can also reset someone’s browser tracking and personalization, making certain sites harder to navigate. Without cookies, users may have to re-enter their data on a site for each visit.