It seems every webpage you land on these days has an “Accept Cookies” pop-up. After all, what’s the big deal about a few cookies, so we click “Accept” and move on. Well, turns out it’s a bigger deal to accept cookies than most users realize. Thinking twice before you accept them can help keep malicious and zombie cookies off your device, among other things. Who would ever think a few innocent cookies could be a bad thing, but unfortunately, many of them are.

What are Cookies Anyway?

In short, cookies are small text files containing all sorts of data, and when accepted, hold your personal preferences. Accepted cookies can hold your PII (personally identifiable information), including usernames and passwords. For example, when you visit a website after shopping online for a hat, advertisers use cookies to display ads for hats. Maybe a little creepy to see at first, cookies keep track of information tidbits from browsers you’re visiting.

The webpage server your device is connected to creates the cookies and stores the unique identifiers for you and your device. Cookies help your browsing experience be more personalized, but know that it’s your choice to accept them or not. Even web pages where you don’t have an account will ask you to accept cookies, but they’re mainly used for location, personal preferences, and search history.

To Cookie or Not to Cookie?

There are a few inconveniences should you choose not to accept cookies, but it’s not the end of the world if you refuse them. The biggest among them is having to input your login information every time you visit that website. It’s a small price to pay for knowing your PII is safer with you and not with the cookies, and it’s up to you to decide.

Malware Cookies, Zombie Cookies

If personalized browsing is your preference, remember, not all cookies are good cookies. Three examples of when not to accept cookies can help keep you out of cookie jail.

Questionable websites, especially when using public wi-fi. These sites can deploy malicious cookies on your device that install malware. Also, they can enlist zombie cookies that stay on your device permanently, even after you delete them.

Private websites like those used for banking, medical, and other sensitive content should never store your cookies. There’s no way of knowing exactly what data they hold, or what data can be retrieved by bad actors.

Third-party cookies should never be accepted. They can install things like spam and advertising pop-ups, which nobody really wants. If there’s a mention of third-party cookies on the cookie pop-up, accepting them gives consent for your data to be sold to data brokers who use them in a variety of ways, including selling the data to advertisers and others.