A cookie with a 7,984-year lifespan. Blimey, Roy Batty only got 4!

UK websites fess up to their crazy cookie-ness

cookies_eyes_privacy evercookies flash cookies

A cookie can last 7,984 years, according to new international privacy study, far out-lasting the operational usefulness of the device (or human user presumably).

The idea that some of the small files stored on a device when it is used to visit a website are programmed, to last at least as long (if not far longer) than the existing age of the Great Pyramid of Giza (concluded around 2560 BC) is, of course, a bit bonkers.

However, it underlines the more meaningful point that some websites are placing cookies on computers and other devices that will long outlast the usefulness of the device.

The average cookie is set to expire after one to two years, but some were being set for as long at 10, 100 or yes, nearly 8,000 years.

Cookies set by three websites would not expire until 9999. One of these websites was based in the UK.

Cookies have a number of functions, ranging from remembering visitor preferences to counting the number of people looking at a website. Some cookies, known as third party cookies, can also be used to record information based on how the user is interacting with other websites, a useful advertising tool.

An international study led by the UK’s Information Commissioner’s Office (ICO) into the use of cookies found that UK websites flung the most cookies of the eight countries surveyed, with UK websites placing an average of 44 on a first visit.

An automated and manual examination of 478 websites found that an average site placed 34 cookies on a device during a user’s first visit. Almost a third of these cookies were served by the website being visited, but the majority (70 per cent) were third party cookies, set by websites other than the one being visited.

The majority of cookies (86 per cent) were persistent, and remained on a person’s device after use. The remaining 14 per cent were session cookies, flushed after a person’s browsing session ended.

But there was some good news for UK websites, as they gave more information than any other country surveyed, so that's something to cling on to.

The use of cookies in the UK is governed by the Privacy and Electronic Communications Regulations. The regulations require organisations to provide clear information about how cookies are used as well as giving users the option of declining to accept non-essential cookies.

In the UK, 94 per cent of the 81 websites surveyed provided cookies usage information against a Europe-wide average where only 74 per cent provided any information about cookies.

ICO group manager for technology, Simon Rice, commented: “Any web developer will tell you that cookies are a vital tool for making the web work. However, the number of cookies out there may come as a surprise to many, particularly in the UK.”

“There’s also clearly an issue with the lifespan of some of these cookies. Developers must consider the implications of using certain settings in their code. Setting a long expiry on a cookie means that it will not only outlive the usefulness of the device, but also the person using it at the time," said Rice.

"While the length of time a cookie needs to remain on a device will depend on the reason why it was originally set, it is difficult to justify an expiry date in the year 9,999 for even the most innocent of purposes,” he added.

In a statement, Rice praised the above average transparency of UK web developers on the use of cookies while warning that he intended to push transgressors into line.

“We will be writing out to those who are still failing to provide basic information on their website before considering whether further action is required,” he said. ®

Sponsored: Detecting cyber attacks as a small to medium business


Biting the hand that feeds IT © 1998–2020