You might have heard the terms “cache” and “cookies” thrown about a lot in discussions about online privacy, but it’s not always clear exactly how these technologies impact your day-to-day browsing experience. Both play critical roles in enhancing your online experience, speeding up web browsing, and personalizing content.
However, they can also be abused by hackers and ad companies to spy on you and access your accounts without your permission. The cache isn’t a flawless piece of technology either, as sometimes it ends up causing subtle failures when you’re accessing websites.
In this article, we’ll explore what cache and cookies are, their advantages, potential downsides, and why clearing them periodically is a smart practice. By the end, you’ll understand how and why to refresh your browser with a clean slate.
Cache and cookies: explained
Caching is a vital part of how the internet works. When you visit a website, you make a request for all of the assets associated with that website. It isn’t just text, either – it’s images, files, fonts, everything the website needs to work locally on your browser. This has to happen every time you load a webpage up.
So, to save on bandwidth, your browser will save some of these assets locally in a space called the “cache” and load them from the cache instead of downloading them again over the internet.
This has the added benefit of speeding up your browsing experience, as loading these assets locally will always be faster than downloading them. For example, when you revisit an online store, product images or promotional banners might load instantly because they’ve been cached.
Cookies are convenient, but can enable some anti-privacy behavior
So, the cache is just a local temporary file storage where a website can deposit files to save on bandwidth. However, there’s something else lurking in your cache: Cookies.
These are small text files created by websites and stored in your browser. They’re most often used to save the authorization details that a website uses to prove it’s you (this is why you have to log in again to a site whenever you clear your cookies), but they also contain identifiers that track your activity and preferences, enabling websites to deliver a personalized experience.
There are two primary types of cookies. First-party cookies are created by the website you’re visiting. These are used for purposes like keeping you logged in or remembering your shopping cart items. Then there are third-party cookies, which are created by domains other than the one you’re visiting. These are more likely to be used by advertisers or analytics services, as they’re able to track you across multiple sites.
Cookies make browsing convenient, allowing sites to immediately serve content relevant to your preferences. However, as I’m about to discuss, they also enable some pretty anti-privacy behavior if you don’t manage them properly.
Cache and cookies: the privacy risks
Modern web browsers have made the cache pretty secure, but there are still risks associated with the act of caching.
Caching isn’t just used locally. Web servers also use intermediate cache servers to reduce the processing requirements needed to run a website. So, when you request a website, some of the content is provided dynamically by the actual web servers, and some content that other users have previously requested is served by the cache server.
This means that, in some scenarios, a skilled attacker can make a request to the web server that causes malicious content to be cached and served to other users who make the same request.
When unsuspecting users load the compromised cache, they could be exposed to phishing attempts or malware. Unfortunately, there isn’t much you can do about it from your end as the attack leverages entirely off of a website’s infrastructure.
Wondering which VPN is leading the pack today? Check out our guide to the best VPNs.
However, some solutions (like VPNs) will actively detect requests made to known phishing or malware sites and block the connection. It won’t stop every web cache poisoning attack, but it’s a start.
Cookies also enable a wide range of attacks. If an attacker gains access to the cookies stored locally on your computer, they can use them to impersonate you on the websites you’re logged into.
There are a lot of benefits from the attacker’s perspective. Stealing someone’s password won’t defeat multi-factor authentication, but stealing an authentication cookie means that the attacker doesn’t need to: you’re already logged in.
Then there’s the issue with marketing cookies. Third-party cookies allow marketing companies to track your behavior across the web, compiling extensive data profiles for ad targeting as the marketers see every site you access that hosts their cookies. With this profile, marketers can target you with invasive targeted advertisements based on the ID contained in your third-party marketing cookie.
The benefits of clearing out your cache and cookies
Caching is an incredibly useful technique for keeping the internet efficient, but it’s also a common cause of issues with web applications. Clearing your cache is a sort of browser-based equivalent to “turning it off and on again”, in that you’re wiping temporary data that could either be outdated or corrupted.
Instead of relying on the local images and scripts you’ve cached, your browser is forced to redownload a fresh version of the cached content which may fix the issues you’re having with your web app of choice.
Of course, you’ll need to remember that this is going to slow down your speed a little if you’re browsing particularly bandwidth-intensive websites with lots of content.
Clearing your cookies is a lot more drastic, but it’s necessary sometimes. When you clear your cookies, you’re logged out of all of the accounts associated with that browser. You’re also cutting off any marketing companies from being able to track you across the internet – meaning they’ll have to start again by downloading new cookies to your browser and building a new profile on you.
Nobody wants a third party looking over their digital shoulder. Head on over to our explanation of targeted ads – and why they're a problem.
While ad companies have gotten very good at tracking individual users across the internet, you’ll instantly notice that your adverts become less personalized when you clear your marketing cookies (unless you’re already using cookie blockers and practicing good data hygiene).
The real benefit of clearing out your cookies is that it removes most of the traces you’ve left on a shared device. If you’re logging into a site from a computer at an internet cafe, wiping your cookies makes sure that nobody else will be able to use your session after you’ve left the device.
On the flip side, clearing your cookies means you’ll have to log in again to sites you were logged into before, and you'll lose any personalized options.
While GDPR has forced most websites to give you prompts over which cookies you authorize to be downloaded to your device, in practice many of these prompts are deliberately difficult to use if you want to keep all marketing cookies off your computer.
There are a few cookie-blocking apps out there that help with this by automatically keeping a blacklist of known marketing cookies off your device, as well as Surfshark’s automatic cookie-prompt blocker built into Surfshark One which handles these prompts without any input from you.
How to clear your cache and cookies
If you’re ready to give your browser a clean slate, here’s a quick guide to clearing cache and cookies in Google Chrome:
- Open Chrome’s Settings
- Click on the three vertical dots in the top-right corner of your browser window.
- Select “Settings” from the dropdown menu.
- Navigate to Privacy and Security
- In the left-hand menu, click on “Privacy and Security”.
- Open Clear Browsing Data
- Under Privacy and Security, select “Clear browsing data”.
- Choose What to Clear
- In the popup window, check the boxes for “Cached images and files” and “Cookies and other site data”.
- Use the dropdown menu to select the time range you’d like to clear (e.g., Last hour, Last 24 hours, All time).
- Confirm Your Selection
- Click “Clear data” to delete the selected files.
Be careful: Any data you clear out isn’t accessible again. Be sure you’re only deleting the cookies you want removed. Also, clearing your cookies won’t necessarily delete your browsing history. These are separate types of data and you can delete one while keeping the other.
