Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Should I Accept Cookies On My Computer?

Cleaning up some cookie crumbs.

You'll be asked again and again whether or not a site can leave cookies. I'll explain why, what the ramifications are, and my suggested answer.
A computer screen overwhelmed by multiple GDPR Cookie Consent pop-up windows. The screen is cluttered with various consent requests, each asking for approval to use cookies, demonstrating the frequency and abundance of these requests while browsing the internet. The pop-ups vary in size and design, reflecting the diversity of websites and their approaches to obtaining consent. In the background of the computer screen, you can see the faint outline of a web page, barely visible through the myriad of consent forms.
(Image: DALL-E 3)
Question: Is it OK to accept "Legitimate Interest" cookies? When I come across them when trying to access a website, often from a link from one of my known regular (and thus legit) sites, there are usually so many of them that it's impractical to de-tick them all - there could be 100+. There's usually no "clear all" option. That makes me think that it's made deliberately awkward so that folk don't de-tick. Which makes me just a tad cautious/suspicious. Generally speaking, are they OK?

Generally speaking, they are, yes.

Cookies have gotten a bad rap, and some well-intentioned but horrific legislation has made it worse.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Accepting cookies

Accepting "Legitimate Interest" cookies is generally okay since they're part of how websites implement features and functionalities. The European GDPR legislation requires sites to ask for consent, leading to frequent, typically ignored consent dialogs. Cookies are used for various purposes and are not designed to leak personal data.

What's a cookie?

A cookie is just a small bit of data that's left on your computer when you visit a website. For example, if you visit askleo.com, one of the cookies the site will place on your computer might look like this:

  • Name: _ga1
  • Content: GA1.1.2055007366.1707163485

The next time you visit askleo.com, your browser will send:

  • Please fetch the page askleo.com
  • Here's a cookie you left before: _ga:GA1.1.2055007366.1707163485

As you can see, the cookie name and contents are pretty meaningless to you and me. What matters is the server-side software that's using them.

Cookies are domain-specific. This means that askleo.com will only be sent the cookies left by askleo.com.

If displaying the page also includes displaying something from another domain -- say bigadvertisingnetwork.com -- that website will not see the cookies saved by askleo.com, but it can set its own cookies if it wants. These are so-called third-party cookies: you're the first party, askleo.com is the second party (the page you asked for), and any other website involved in displaying the page (such as an ad) is a third party.

Why cookies concern some

Consider bigadvertisingnetwork.com. When you visit a site, say site A, that uses ads from bigadvertisingnetwork.com, bigadvertisingnetwork.com can leave its own cookies.

When you visit site B, which also uses advertisements from bigadvertisingnetwork.com, bigadvertisingnetwork.com will be given the cookies it left from your prior visit to site A. The cookies were left for bigadvertisingnetwork.com, and thus bigadvertisingnetwork.com can see them.

Bigadvertisingnetwork.com can now see that you've visited both sites A and B. It's this "tracking" that concerns people.

It doesn't concern me. They're not interested in me as an individual. What they care about is the aggregate: the number of people in general who visit site A and then site B. The relationship between those two sites allows them to display more targeted/relevant ads. I don't care.

Different types of cookies

Besides the simple "tracking" example above, cookies can be used for a variety of things.

  • Keeping you signed in from page to page.
  • Remembering other information from page to page to make the site work, such as what might be in a shopping cart.
  • Performance and behavior analysis to see exactly how the site is being used with an eye to future improvements.
  • Various degrees of advertising personalization.

There's probably more. Cookies are a very simple concept with a wide variety of applications.

That silly law

Almost every site on the internet uses cookies. I'd be hard-pressed to think of one that doesn't use at least one. To me, this is obvious and necessary for websites to offer the features and functionality they do.

And yet, the European GDPR (General Data Protection Regulation) legislation requires websites to ask you if it's OK. While some websites choose to embrace the ramifications only in the EU, many websites simply follow the GDPR requirements everywhere.

The result is that the first time you visit a website, up pops a cookie-permission dialogue (or, ironically, the first time you visit again after clearing cookies).

Most people ignore them because they're so annoying. Even if they are an attempt to offer granularity, average folks just aren't prepared to understand it and shouldn't have to.2

And it's particularly annoying for me because the answer is always "Well, yeah, of course! All sites use cookies, you don't have to remind me!"

The law has probably done more to desensitize us as we blindly hit Accept over and over and over than anything else.

Do this

To be clear, I always hit Accept All and recommend you do so as well.

Cookies aren't evil. They're not scary, and they're not leaking your personal data. They're just a part of how the web works -- something that lawmakers fail to grasp.

If you remain concerned, I recommend you use a privacy-focused browser extension such as Privacy Badger from the EFF or an adblocker of some sort.

Want more about cookies, internet security, computers, and Windows? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Footnotes & References

1: I believe this to be a Google Analytics-related cookie.

2: There are browser add-ins that will automatically click OK or Accept or equivalents when those dialogs pop up.

10 comments on “Should I Accept Cookies On My Computer?”

  1. Read the agreement box carefully. Make sure it says accept cookies and not something else. They might throw up a link that you just blindly click. And even worse, I haven’t heard of this happening but someone can throw in a pop-up that says accept cookies which is actually a link to another site.
    One difference between humans and animals is that animals would never choose the dumbest of their species to lead them.

    Reply
  2. “The result is that the first time you visit a website, up pops a cookie-permission dialogue (or, ironically, the first time you visit again after clearing cookies).” Not always. I’ve been to sites where I get the cookie warning every time. Apparently, those web designers don’t know how to properly use cookies to avoid that from happening.

    Reply
  3. Ok, so cookies are not harmful, but can they be? Suppose a website has xxx innocent cookies, but some disgruntled or just plain naughty employee has inserted a guilty cookie in amongst them to collect personal information not relevant to the site. I know most of us are just not important enough, but the question remains… can this be done? I would think yes, which leaves room for ulterior motives. Personally I accept cookies for trusted sites and deny them for others I am not familiar with, or seem shady.

    Reply
    • A cookie is just a few bytes of information a website saves on your browser. All the website can do is retrieve that string of data and read it. The cookie doean’t give them access to anything else on your computer.
      “can this be done?” If it were possible, hackers would be exploiting this all over the place.

      Reply
  4. From Mark J: “A cookie is just a few bytes of information a website saves on your browser”. But that’s not the point. It doesn’t matter if a cookie is a few bytes or a few megabytes, or if it’s text or some other format. In conjunction with Leo’s other article “Why do ads follow me around the internet”, the issue is the effect of cookies on what you see and experience online. Here is a quick experiment to see how cookies affect you online experience: (1) Use Firefox browser and clear out all your cookies and history. Then go to Google News and note what articles are presented to you. (2) Now use Edge or Chrome and log into one or more of your online accounts, such as Google, Microsoft, and Yahoo. First, go to different websites and just browse around and do some random searches. Then go to Google News and see what articles are presented to you. You’ll see a difference. The difference is Google, in it’s infinite wisdom, has now decided on what you need to see as “news”.

    All this may not be harmful or it may be exactly what you want, but it’s not just about some file stored on your computer. It’s about the control of what you experience.

    P.S. The reason that I distinguished between using Firefox, Chrome and Edge is because on the latter two browsers you can never be sure that all your online activity is actually deleted.

    Reply
    • Obviously, cookies have an effect on your experience. My comment never denied that.
      The question I was answering is asking if cookies can be dangerous. I answered it accurately. It’s just a number a site saves to your browser and can only be retrieved by the site that saved it.
      If you consider tailored ads harmful, browse in a private tab or use the DuckDuckGo browser.

      Reply
  5. Leo/Mark: I have my browser(s) set to block 3rd party cookies such as bigadvertisingnetwork.com. Yet I still see targeted ads on different sites. Either 3rd party cookies aren’t being blocked or targeted ads are using another mechanism.

    I personally don’t care if I get targeted ads. I’m just curious if the block 3rd party cookies setting is working.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.