What did UWV do with cookies and how can I avoid it everywhere?

Blog  — Wed 26 Jul 2023

At the moment, the governmental institution UWV is regularly making headlines. They have possibly not behaved as ethically on the technical front. For example, it recently came to light that they might be placing cookies for a longer duration than is desirable.

What is a cookie, actually?

Cookies are text files. When you visit a website, it can place a cookie on your computer. In some cases, this is absolutely necessary due to how the internet works, and I'll explain why. Each webpage you open actually knows nothing about you. For example, if you first visit the homepage of a website and then the contact page, the website doesn't know that you are the same person. This is often not necessary either. However, when you log in, the website needs to remember this information for each page you open on that website. This is made possible by placing a cookie.

A cookie often has a unique series of letters and numbers that is generated. This generation is carried out by the server, which is the computer where the website is hosted. With that unique series stored in a cookie on your computer, the website can recognize that you are the same user when you open any other page of that website. This happens because each cookie, when you open any page of the same website, is sent by your computer.

How long should a cookie last?

Cookies, these small text files, also receive an expiration date set by the website. After that date, they are automatically deleted. The programmers of the website can choose this expiration date. For example, they can choose to let a cookie last for one day, six months, or even 25 years. The choice is entirely up to them. It is common to store a cookie for one visit, which we call a session, because longer durations are usually not necessary. A session ends when you close your browser.

However, it can be useful to let a cookie last longer than one session. For example, consider storing preferences. Suppose you visit a website that supports multiple languages, and you specifically choose Dutch. It's convenient if the next time you visit the website, it immediately appears in Dutch again. This can be achieved by the website storing a cookie on your computer that preserves your language preference as Dutch. This cookie may have a long expiration date, such as half a year or even longer. This behavior is entirely innocent, understandable, and pleasant.

How can cookies be misused?

But cookies can also be misused if someone intends to do so. The choice lies with the programmers and their clients. For instance, this is what UWV is now being accused of doing. But how does it work?

Imagine you visit uwv.nl, and upon your arrival, the website places a cookie with a unique series of letters and numbers, as usual. The website chooses to give this cookie an expiration date of six months. Each page you subsequently visit on uwv.nl will send that cookie from your computer to the website. This way, the website knows that you are the same person. It doesn't yet know exactly who you are or your name, but it knows that you are the same visitor. Your cookie consistently shows the same unique series of letters and numbers. That is step one.

Now, let's say you also log in to the website. The website can now remember which account you are logged into and store this information along with your unique cookie. This makes it easy to recognize you later. If you visit the website the next day without logging in again, the website can still identify you because your cookie is still present. Moreover, the website saved which account you had logged into a day earlier, together with the unique value from your cookie. So today, without logging in again, the website can still know who you are. This is because it recognizes the unique series from your cookie and remembers in which account you had previously logged in. This way, much more tracking can be done if desired.

Can I do something about unwanted cookies myself?

Nevertheless, there is also good news because you have a lot of control over what happens, something most people may not be aware of. Therefore, it's good to learn about it. This applies to all websites, from uwv.nl to bol.com and everything else you visit. Here's how it works:

You can easily configure your internet program, your browser, not to remember anything. If you do that, your computer will delete all cookies when you close your browser or turn off your computer. A cookie that was supposed to last for 25 years will be permanently removed instantly.

However, that also has a disadvantage. The website will no longer know that you preferred to read the website in Dutch the next time you visit it. That preference will also be forgotten. But the advantage is that traceable series will no longer be remembered. This way, you can no longer be easily tracked.

Should I be mindful of anything else besides cookies?

However, cookies are already old news in the IT world. There are many more methods to track people. For example, there is local storage, unique codes can be hidden in images, and so on. Finally, the website can also store your IP address to recognize you.

In most cases, to protect your privacy, it's enough to set your browser to delete everything when you close the internet. This includes all stored files, from cookies to temporary files. However, your IP address is a special case. The whole story about what can be done with an IP address is more complex, but in short, it can also be used to track you in some cases. And this cannot be prevented by cleaning up files in your browser.

To counteract this, you will need to use a special browser, such as TOR, or you can use a VPN. Both solutions obscure your own IP address by standing in between you and the website you're visiting. As a result, the website you visit doesn't see your IP address but the address passed on by TOR or VPN. This address changes constantly, making it impossible for a website to specifically recognize you by your IP address. It offers a higher level of privacy. However, even just clearing all locally stored data in your browser at the end of the day helps significantly.

Enhanced privacy on the internet

Tracking people happens frequently, and many websites do it. Sometimes with good reasons, and sometimes with less honorable intentions. Not everyone is aware of this. However, you can easily protect yourself against this, as explained earlier. So if you want to be more conscious about your internet usage, avoid disadvantages, and exercise your privacy rights, follow the tips in this article. They not only apply to one specific website but immediately benefit all websites. Quite reassuring, isn't it?