Active content and cookies are two aspects of the modern web-browsing experience that many people may not fully understand. This lack of understanding may lead some web users to practices that compromise the security of their personal information. Fortunately, a basic understanding of the ways that active content and cookies work on your system can help you address any vulnerabilities.
What is Active Content?
When you visit a modern website, you may notice animations, videos, forms or polls that take the website beyond simple text. These embellishments are called “active content” and are often written as simple programs in a programming language like JavaScript. Unfortunately, while functionality like this can help create an appealing and interactive website, active content can also be a prime target for hackers who exploit the nature of running programs to deliver malware to computers. For example, rather than run an animation on a webpage, a compromised script may tell your browser to download a virus or upload personal information to a remote server.
While it is possible to disable active content entirely, this may reduce the functionality or appearance of your favorite websites, most of which will be completely harmless. Instead, you may wish to try a browser extension for your particular web browser that can allow or forbid individual scripts as they are launched.
On trusted websites, you will likely be able to allow all active content to run normally. If you ever find yourself visiting a suspicious website, however, you should try to disable active content for that particular website or browsing session. This limits the chance that background scripts or other active content will be used to try to install malware on your computer without your knowledge. Common sense is going to be the key. If you are visiting the website of a major corporation or agency, chances are high that any scripts on the webpage will be secure and trustworthy. It is when you start to venture into personal or lesser-known websites that you have to be extra careful.
What are Cookies?
Cookies are small files that websites use to record information about your computer, such as your IP address or browsing history. When you visit many websites today, cookies are downloaded by your browser automatically and stored in a browser folder until a webpage wishes to access them.
While this may sound disconcerting for those concerned with privacy, cookies provide important functionality in many cases. For example, cookies are what tell a shopping website that you have been there before and have logged in, saving you the time of signing in again and finding your browsing history. By tracking articles that you have viewed on a news website, cookies can help content providers direct you toward other areas of the site that you may find interesting. As you might expect, however, while saving login information and browsing history can be useful at home, it presents a significant security risk on public computers.
There are two main types of cookies that websites use today: session cookies and persistent cookies. Session cookies are used to store temporary information such as individual webpage preferences. As the name would suggest, session cookies are only active during an individual session of browser use and are deleted as soon as the browser is closed. Persistent cookies, however, are designed to be stored on your computer for longer periods of time. For example, a shopping website may use a cookie that tracks the items you have viewed on the site. The length of time that persistent cookies are stored on your device depends on your browser settings. Browsers can be set to store persistent cookies for a number of days, weeks or months to meet the needs of the user.
While you can tell your browser to block cookies entirely, many websites today rely on cookies for their proper functionality. As a compromise, consider blocking third-party cookies — that is, any cookies that come from sites you did not directly visit. This setting can often be enabled in the preferences of today’s browsers. On public computers, you should look for an option to delete all cookies at the end of your browsing session to reduce the chance that the next computer user can access your data. By limiting the cookies that are stored on the system, either by deleting them entirely or by reducing the time that persistent cookies are stored, you can ensure that the amount of information about you available to websites remains controlled.
