Centre for Internet & Society

Follow the crumbs to a better understanding of data protection and privacy.

The article by Sweta Akundi was published in the Hindu on April 8, 2019. Pranav Manjesh Bidare was quoted.


You’re window-shopping at an electronics store, looking at headphones. The sales assistant offers some help, but you politely decline. “I’m just looking,” you respond. A month later, you come back, and the sales assistant not only remembers you, but also directs you to the latest headphones they have. Creepy? Perhaps, but it’s a regular occurrence on e-commerce websites such as Amazon.

Enter cookies: small text files placed either temporarily or permanently by websites on your hard drive, which are used to monitor your activities online. Those annoying banners that pop up while you are opening a new website, telling you that this site uses cookies? You click okay in a huff because, let’s face it, you’re a busy wo/man? Essentially, you’ve given the websites permission to place cookies on your computer.

“HTTP cookies track user activities, save passwords, and authenticate sensitive information. For example, let’s say you make a purchase with your debit card. When you enter the OTP, you are notified to not refresh the page. That happens because when you enter sensitive information, an authentication cookie is created and stored. It helps the server verifying your transaction make sure that it is just you who is logged in, and not any other person who could try to access your data,” explains Pranav Manjesh Bidare, policy officer at Bengaluru-based The Centre for Internet & Society.

These cookies can be placed by either first-party (the website you are primarily accessing) or third parties (any website that places content onto the primary website). YouTube embeds, sponsored ads, social media links all fall under the latter category. They send you independent cookies which, too, can track your activities.

How safe is it?

“Cookies are vulnerable to interception by a malicious actor. When the cookie is being transmitted to and from your computer, there is a possibility of information like your browsing history, shopping trends, and authentication data being stolen from it,” says Pranav. “However, most of it is taken care of by the HTTPS protocol, which ensures a secure connection between servers and your computer.” Once the cookies are on your device, they can be safeguarded using proper anti-virus. “However there could also be cases where someone impersonates a website and accesses your cookies. That’s something the HTTPS protocol can’t solve alone.” You could manually delete cookies, or pay more attention to what you’re agreeing to share, when you enter a website. Moreover, the constant cookie consent pop-ups do get on the nerves.

That said, the European Union is amending its privacy laws; under the new regulations, if such a draft is passed, users will be given the option of a blanket refusal of cookies, or of just third-party ones, presented in an easy-to-understand layout. However, cookies deemed to be ‘non-intrusive’ will not be subject to restrictions under the regulation.

If there’s anything we have learnt from the Facebook and Cambridge Analytica fiasco, it’s that we need to have a better understanding of what privacy and data on the Internet means.

Filed under: