We have all heard of cookies computer science. Some even know that they are very important in facilitating user navigation, allowing faster page loading, and in personalized digital advertising. But do we know how they work?
When one connects to a web page, the user’s browser sends a request to a remote computer, called server, which sends you the reply back. Thus, use our telephone to read the entries of Chronicles of the Intangible supposes that the browser of our mobile initiates a communication with the server of elpais.com. If all goes well, elpais.com will respond by saying OK, here is the page you requested. The browser, then, receives a certain amount of information separated into two parts: on the one hand, the body of the response, which carries the data that is part of the content that will be shown to the user; on the other, a section with headers of the response, which contains non-visual data (aspects that the reader does not see reflected on the page, but which are important for machines). Some of them are essential for successful communication.
When requesting a server to read a web page, the body of the request is text in a format called HTML. The text in HTML includes the text that you want to display and, in addition, it bears formatting marks, which tell the browser: “This text is in bold, this other in italics, here you have to place an image.”
But, so that the browser knows that what is being delivered is HTML and can draw it as such, with its italics and bold, the server sends the browser, in the headers section, information about the type of content that is being delivered to it. is sending: “Hey, watch out, what I’m sending you in the body is HTML text.”
Sometimes, along with bold, italic and many other formatting marks, the browser is told that an image or even a small program goes in a certain place that the browser can interpret and execute and with which we can solve the problem. Mambrino’s crossword (in memoriam) that has recently been published on the website of this newspaper. The image can be embedded in the HTML text itself; but, in others, the image is not sent directly, but the server sends the browser an Internet address from which the browser must request the image that goes on that site. This Internet address may be on the same server as in the original request (elpais.com, in our example) or it may be in another.
In any case, the browser sends a new request to the server that has been indicated to download the image: the server will send it in the body of the response and, in the header section, the server tells the browser that the information that travels in the body is an image in JPG, PNG, a video, an audio or a program. In this way, with that information not visual that is included in the headers, the browser knows how to handle the information that is coming to it, drawing or writing it appropriately, or executing some instruction that tells me that I have completed the crossword correctly.
Thus, loading a single page like elpais.com actually means that our browser sends many, many requests to the server: one for the text, one for each image we find, another for each video, another for each ad, and so on.
In addition to the content type, in the header section that contains the responses to the requests, the server can place additional information, for example, one or more cookies, the known ones computer cookies with the information that the server decides. The illustration above shows some of the cookies what elpais.com has left me when I have connected to your home page. Each one has, among other properties, a name (yam), a value (value) and an expiration date (Max-Age). The capacity of the cookies to monitor our activity on the network resides in that, every time I return to elpais.com, my browser will send you all cookies that elpais.com himself left me earlier. For example, the last cookie that appears in the figure is called _chartbeat2, its value begins with .1626 and it expires on August 1, 2022. If tomorrow, as usual, I return to the main page or visit any other page on the same server, my browser will send the name and value of this page to the server cookie, which will allow the server to know that I am the same person who was here yesterday.
Notice the reader on the left side of the figure that many other servers have also left me cookies: all of them come from the same data request to elpais.com. And it is that, when our browser is interpreting and showing The response it receives, sends other requests to other servers to download, we said before, images, videos or advertisements.
Thus, the request to read the main page of this newspaper has at some point sent a request to the second server that appears on the left side of the figure, identified as googleads.g.doubleclik.net. This server has left us two cookies: DSID (whose value is NO_DATA) and SDI (with value AHWq …).
If, immediately afterwards, I visit a competitor’s newspaper, I will be initiating a communication with their server to retrieve their home page. The processing of the response is similar: multiple requests to various servers to retrieve text, photos, videos, advertisements … And, if any of these multiple requests is sent to googleads.g.doubleclik.net, the value of cookies that this server left me when visiting THE COUNTRY will travel again to this advertising server, so and so that googleads.g.doubleclik.net You will know that even though you are now reading the ABC, I just came from reading THE COUNTRY.
Perhaps the fact that these systems know this information is not too important, since it reveals about us the same thing that the bartender at the bar where we have breakfast knows about us, that he knows our schedules and sees every day how we are getting, from above the bar, the local or national newspaper and you know if we stop at the Opinion, Society or Sports section.
The threat to our privacy appears when these browsing data are related to other personal data: if I fill out a form with my name, email, my address, doubleclick.net You will know that the one who reads those newspapers is Macario, that he is not interested in sports because he hardly visits those pages, but that, nevertheless, he answers correctly SALT to the three horizontal letters of The egg asks for it. You will also know, and not only from the data in the form, but also from the possibility of geolocating an IP with some precision, that I am usually in Ciudad Real. But also, if on any page you connect to doubleclick.net (and there are many) I inadvertently accept permission to share my location, you will know exactly the coordinates of my home and my work.
Accepting cookies without reading their policy or personalizing them exposes us to these external systems knowing and classifying us, as we produce a huge amount of information when browsing, with which we are placed in certain groups of Internet users.
What if there were no cookies? Little programs such as hobbies, which our browser downloads and executes, can also access a lot of information from our computer, which can be sent to the server without our knowledge. In addition to the brand and version of the browser, our language, our IP, the resolution of our screen can travel, the font we use on our computer, the sessions we have open on social networks … The values of these and other parameters make up our fingerprint, which allows us to identify ourselves with very high precision.
There is also the possibility of going to the bar in disguise, with a raincoat and hat and a mustache and glasses hairpiece. When we arrive, the waiter will give us El País and ask us if we want the usual.
Macario Polo Usaola He is a professor at the University of Castilla-La Mancha.
Chronicles of the Intangible is a space for the dissemination of computer science, coordinated by the academic society SISTEDES (Society for Software Engineering and Software Development Technologies). The intangible is the non-material part of computer systems (that is, software), and its history and its evolution are related here. The authors are professors at Spanish universities, coordinated by Ricardo Peña Marí (professor at the Complutense University of Madrid) and Macario Polo Usaola (professor at the University of Castilla-La Mancha).
To consult the chronicles of other years, Click here.