Cookie-preference pop-ups are everywhere these days—and while they might seem easy to ignore, they’re worth a second look. If you care about your online privacy, taking a moment to set your cookie preferences can help ensure your data stays protected, rather than being shared or sold without your knowledge. One simple way to safeguard your information? Use a browser that automatically blocks third-party cookies.
How many times have you hopped online, browsed a site, added a few things to your cart, and then moved on to something else without checking out?
Probably more times than you can count. Later, you might return to that cart and—surprise—the item is still there. Maybe you’ve even received an email or text reminding you of the “forgotten” item or letting you know it’s been marked down.
So how does a business know so much about you? And how does a site (or browser) customize your experience so thoroughly?
The answer, in most cases, is simple: cookies.
But what exactly is a cookie, and why are so many state lawmakers and regulators working to limit their reach? As of June 2024, the tracking map maintained by the International Association of Privacy Professionals shows that 24 states have either proposed or passed legislation aimed at curbing cookie use.
Interestingly, Google—the world’s most popular and profitable search engine, and the parent company of Chrome—announced plans each year since 2020 to phase out third-party cookies. Yet in late 2024, it officially abandoned the move.
If you’re wondering why cookies have become such a hot topic for tech companies, governments, and privacy advocates, you’re not alone.
What are internet cookies and what do they do?
Cookies came on the virtual scene in 1994 to help websites function better for users. For example, when you revisit a site and your username and password are auto filled, that’s a cookie at work.
Technically speaking, a cookie is a small text file stored on your device or browser profile. It identifies you and your preferences based on past online behavior, allowing websites to tailor your experience.
Today, cookies serve several useful functions:
Managing web sessions: They autofill login credentials and save preferences like location, language, or currency.
Facilitating targeted content: They help serve up articles, videos, or products based on your interests.
Collecting analytical data: Cookies track how long you spend on a page, what you click, and more—helping businesses improve their sites and services.
Why you keep getting asked to “accept cookies”
Once upon a time, you could log onto a site and not get a pop-up about cookies. (You know the ones: screens that prompt you to “Accept All Cookies” or “Manage Your Cookie Preferences” before you can dive into any content.)
Back then, most users didn’t know websites were leaving cookie crumbs on their devices and browsers, let alone that those could track a person’s online behavior. Due to a mix of issues, privacy advocates took up the cookie cause and got the attention of the public, lawmakers, and online entities.
In 2018, European Union leaders passed the General Data Protection Regulation Act in a step to control how companies collect, manage, and use online data. In November 2020, Californians followed suit when they voted in the California Consumer Privacy Act (CCPA). Part of the protections in each act included a user’s choice to allow or reject cookies.
Are cookies bad? Not necessarily
Cookies often get a bad rap, but they’re not all problematic. Generally speaking, there are two kinds of cookies: first-party cookies and third-party cookies.
First-party cookies are those that come directly from a site you browse. Your login credentials, for example, are stored in a first-party cookie that you had a hand in creating when you created an account. First-party cookies also track your movement when you visit to customize your experience during a session.
The concern usually lies with third-party cookies, which track you across multiple sites and serve targeted ads—sometimes without your explicit consent.
Still, cookies can be helpful. They make browsing smoother, help businesses improve their services, and reduce irrelevant ads. (Allstate Identity Protection uses cookies and similar technologies to improve your experience, analyze site performance, and deliver personalized content. You can manage your cookie preferences at any time through your browser settings or site pop-ups.)
Five ways to stay safe in the face of cookies
Recent laws around cookies have pushed companies to move from quietly collecting data to asking for clear, informed permission.
For example, when you create an account, the site might interpret your engagement as permission to use cookies that help the site function and personalize your experience. But as data mining became more profitable, some companies began selling anonymous user profiles to third parties—crossing a line for many privacy advocates.
Today, regulations require websites to be more transparent, give users control over which cookies they accept, and allow preferences to be updated over time.
Still, cookie and data privacy laws vary by state, so your best bet is to:
Use browsers that automatically block third-party cookies. Try Apple’s Safari, Brave, DuckDuckGo, and Mozilla’s Firefox.
Visit secure sites with URLs that begin with “https:” One of these sites use encryption to communicate between it and your device and browser. That means cookies get shielded from hackers. (And it means that malware cookies are less likely to get embedded on your browser or device.)
Set cookie preferences when prompted by a site’s pop-up screen. Limit cookies to those that help with navigation and site functionality. Opt-out of third-party tracking and/or the sale of your data.
Clear your browser’s cookie cache on a regular basis. Each browser has a different path to do this. Some access it via “tools” and “history” dropdowns while others get there via “settings” and “privacy.” Explore a little or visit this page with detailed step-by-step instructions from the Information Technology Services department at the University of Iowa. The tech team at the university warns that you should “close/quit the browser and restart it after clearing the cache and cookies.”
Manage your current cookie preferences on your browser. Like clearing your cache, the path to changing your current cookie preferences varies, depending on your device and the browser.
Don’t ignore the cookie pop-up
Closing a cookie-permission pop-up without clicking “accept” or making a selection might seem harmless, but it could mean you’ve accepted all cookies by default.
Take a moment to review your options. Many sites let you customize which cookies you allow, helping you protect your privacy without sacrificing functionality.
Tomorrow’s tracking tech
Technology moves fast, and so do the ways companies collect and use data. Lawmakers are working hard to keep up, trying to strike a balance between protecting privacy and allowing innovation to thrive.
Third-party cookies, once the go-to tool for tracking online behavior, are already fading out. But that doesn’t mean data collection is going away—it’s just evolving.
New tools are already being developed to replace cookies, and while that might sound a little daunting, it’s also a reminder of how quickly the digital world changes.
The good news? Allstate Identity Protection is here to help you stay informed and confident, no matter what comes next.
