Quick Cookie Primer
Skip the PrimerIf you already have a basic understaning of cookies and just want information on the cookies the Auranos.org web application generates, you skip the primer by clicking on these links to go to the appropriate subsections.
Cookies set by the Auranos.org web application
Cookies which may be set by third parties through the application
Cookies are data which are specific for a particular website which are stored on a users browser and sent by the browser to the particular website anytime the user attempts to access the website. They are usually created and altered by the website according the way the user interacts with the website and the user then seamlessly tells the website all the information it has stored in the form of cookies every time they access the website.
Cookies are used for a variety of purposes. The most common purpose they are used for is to remember the User Identity (UID) of a user for a particular website which in turn can allow the website to look up the data it has stored internal to itself about the user who has the cookie that the server created on their browser for them. This internal data can include anything from the version of browser and the dimensions of the screen upon which the website renders content, to user options like the preferred colours of the user, text-size or options that are specific to certain types of site.
They can also be used to track user activities not only on the site that the user is visiting but on third party websites which are able to read cookies set by a website for other websites to read. Tracking cookies do not only store your options for a website but can identify across a huge swathe of websites and such sites can target content at those they track which can include advertising for commercial purposes by people who know you clicked on an advert for a train trip or a political candidate and are capable of being used for targeted propaganda at dissidents, people of influence and even people who some organisations may wish to keep in a bubble of false and misleading information for purposes which may not involve financial gain or profits as would fit into categories imagined by ordinary people where money is a scarce and all important matter to those who cant imagine a world composed of those who have never lacked money.
On this website, we tick the legal boxes of ensuring your privacy but then so do all the organisations showing privacy popups telling you they care so much about your privacy they are only going to share with their partners as soon as you click the annoying button preventing the flow of your browsing session. We don't share your data with anyone except the "authorities" and only then once the said "authorities" have fulfilled the legal requirements they need to follow like getting a court order and such like, indemnifying us from being sued by you because we gave away your private information to those who were not legally entitled. We will co-operate with the "authorities" but we strike a balance that the "authorities" must themselves be in compliance with the law.
We reserve a right to reveal your data without your permission in situations or imminent threat of death or torture, terrorism, state corruption and war. Outside of that, only if the law says we are required to divulge it.
We separate cookies into four simple categories in describing who can see the cookies which are on your browser.
These cookies are deleted at the end of every session and it would be rare for them to contain anything that could seriously violate your privacy. Perhaps the server wants to know what your screen size is during the current session so it can generate pages appropriate to the device dimensions. This could be stored in a session cookie but the next you access the website, the server will create a brand new session cookie serving the same purpose. Prior to version 0.3 of the Auranos.org web application, the "chatrooms section visiblity" and the "theme" being light or dark were stored on a session cookie which reset back to default values if the user left and came back again.
Third Party Cookies
Third party cookies are traditionally cookies which created for websites other than the website you are currently visiting. For example, you visit the example.com website and it puts a cookie on your browser that can be read by any website and is intended that freindsofexample.com can read that cookie and make the connection that you exist elsewhere anytime you visit a whole range of websites.
Third party cookies were heavily exploited by organisations during the late HTTP 1.1 era and many browsers continue to allow users to block third party cookies with the caveat that on the modern internet, some sites may not work at all.
Samesite Cookies by Third Parties
Social media and external authentication has encouraged techniques which were previously considered dangerous since they allowed third party websites to run programs on a website which was not their own. This was traditionally described as a cross site scripting XSS attack and far from a website just deliberately running a script from another site, alot of effort was made by maligned hackers to cause an external script to run on a website that was not their own such that alot of underlying technology had to be rewritten to prevent people from getting their scripts to run on someone elses website.
Samesite Cookies by Third Parties are a type of Samesite cookie which are appear to be created by the site that you are visiting and will not flag up as a third party cookie in a users browser but the cookies are ultimately being created by a script which is hosted on a third party website but is being run by the site you are visiting. The auranos.org web application at the current time can run a script which is hosted by Facebook that creates cookies appearing to be created by the instance of the auranos.org web application that a user is visiting. That is to say that a user visits Auranos.org, logs in using the facebook button and ends up with a samesite cookie for auranos.org which were actually created by the script which was being hosted by facebook during the login procedure.