Cookies are small files that websites store on your browser to remember information about you—login details, preferences, or browsing behavior. While essential cookies enable website functionality, tracking cookies follow you across sites to build an advertising profile.
You already know from your web browser basics how your browser requests pages from servers and how privacy fundamentals describe the data trail you leave online. Cookies are a specific mechanism at the center of that data trail — and understanding exactly how they work explains why the same pair of shoes can seem to follow you around the internet for a week after you looked at them once.
When you visit a website, the server can instruct your browser to store a small text file called a cookie on your device. The next time you visit, your browser automatically sends that cookie back to the server. This is how websites keep you logged in: the server issues you a session cookie containing a unique ID, and every subsequent request your browser sends includes that ID, so the server knows it's still you. First-party cookies — set by the website you're actually visiting — are largely benign and necessary. Without them, you'd have to log in to every page of a website separately.
Third-party cookies are different. These are cookies set not by the site you're visiting, but by code embedded in that site — typically from advertising networks like Google or Meta. When a page loads, it often pulls in tracking scripts from these external companies, and those companies set their own cookies in your browser. Because the same ad network's code appears on thousands of different websites, it can see which sites you've visited across the entire web. Each visit adds to a profile: you visited a shoe store, then read a travel article, then checked a news site. The ad network assembles these signals into a detailed behavioral profile and uses it to target ads. This is how you see ads for shoes after browsing for them — your browser revealed your visit by sending that third-party cookie on every subsequent page.
Modern browsers and privacy regulations have significantly restricted third-party cookies. Safari and Firefox block them by default; Chrome has been phasing them out. But the tracking industry has adapted with fingerprinting — identifying your browser by its unique combination of screen resolution, fonts installed, time zone, and other passive signals that require no cookie at all. This is why "private browsing" mode doesn't make you invisible: it clears cookies but leaves your fingerprint intact. Meaningfully protecting your privacy requires understanding that cookies are just one layer of a multi-layer tracking system. Managing cookies through browser settings is a useful first step; understanding why advertisers want them is what tells you which additional steps — like a privacy-focused browser extension or DNS-level blocking — are worth the tradeoff in convenience.
No topics depend on this one yet.