Welcome, New Subscribers!

A warm welcome to everyone joining us from Rock Lambros’ newsletter over at rockcybermusings.com! We’re thrilled to have you here.

For those who haven’t discovered Rock’s work yet, I highly recommend checking it out. He specializes in artificial intelligence security and AI governance, and his insights are consistently valuable for anyone navigating the intersection of technology and policy.

New Here? Here’s How This Works

Prevent This lands in your inbox every Tuesday. Each edition tackles a common cybersecurity threat or pitfall and breaks down exactly what you can do about it. We aim to make this useful whether you’re a seasoned security professional or simply someone who wants to protect yourself and your organization online.

Every other Thursday, we publish Intruvent Edge, a longer-form deep dive into cyber threats and threat intelligence for those who want to go deeper.

A quick heads up about this Thursday: It’s Christmas Day, and we’re doing something a little different. We’re releasing a humorous “Year in Review” featuring all of our comics from 2025. It’s lighthearted, festive, and absolutely not representative of our normal content. I hope you enjoy it.

Now, onto today’s topic...

The Cookie Question: What Should You Actually Click?

My cofounder suggested cookies as our pre-Christmas topic, and honestly, it’s perfect timing. Not just because of the holiday baking puns (though I won’t pretend those didn’t cross my mind), but because most of us will be doing some extra online shopping, visiting unfamiliar websites, and mindlessly clicking through cookie banners faster than we’d like to admit.

You know the ones. That banner pops up: “We use cookies to improve your experience. Accept all?”

And you think: I just want to buy this sweater. Fine. Accept.

Let’s talk about what you’re actually agreeing to.

What Even Are Cookies?

Cookies are small text files that websites store on your browser. They remember things about you: your login status, your shopping cart contents, your language preferences, and so on.

Some cookies are genuinely helpful. Without session cookies, you’d have to log in again every single time you navigated to a new page on the same website. That would be miserable.

But other cookies exist primarily to track you across the internet, building a profile of your browsing habits, interests, and behaviors. This data gets shared with advertising networks, data brokers, and third parties you’ve never heard of.

The distinction matters.

The Three Cookie Categories You Should Know

Essential/Necessary Cookies

These keep websites functional. They handle things like authentication, security, and remembering what’s in your cart. You can’t really opt out of these, and you generally wouldn’t want to.

Functional/Performance Cookies

These track how you use a website to help improve the experience. They might monitor which pages you visit, how long you stay, and where you encounter errors. This data is typically aggregated and anonymized. The privacy risk here is relatively low.

Marketing/Advertising Cookies

Here’s where things get interesting. These cookies track you across multiple websites to serve targeted ads. They’re the reason you look at a pair of running shoes once and then see ads for them everywhere for the next three weeks.

These cookies build detailed profiles about your interests, habits, and behaviors. They’re valuable to advertisers, which is why websites push so hard for you to accept them.

So What Should You Actually Do?

Option 1: Reject Non-Essential Cookies

Most cookie banners (at least on sites complying with GDPR or similar regulations) include a “Reject” or “Manage Preferences” option. Use it.

Yes, it takes an extra click or two. But rejecting marketing cookies significantly reduces the amount of tracking data you’re handing over.

Option 2: Use Your Browser’s Settings

Modern browsers let you block third-party cookies by default. Safari and Firefox already do this out of the box. Chrome is getting there (slowly). Check your browser’s privacy settings and configure them to limit tracking.

Option 3: Clear Cookies Regularly

Make a habit of clearing your cookies periodically. This breaks the persistent tracking chains that advertisers rely on. Most browsers let you do this automatically when you close them.

Option 4: Use Privacy-Focused Extensions

Tools like uBlock Origin, Privacy Badger, or DuckDuckGo’s browser extension can block trackers before they even have a chance to set cookies.

A Note for the Security Professionals

You’re probably already doing most of this. But here’s something to consider: how are your organization’s own cookie practices holding up?

If your company operates websites, are you being transparent about what data you’re collecting? Are your cookie banners compliant with GDPR, CCPA, and other privacy regulations? Are you actually honoring user preferences when they click “Reject”?

Cookie compliance has become a real enforcement priority. Regulators have issued significant fines for deceptive consent interfaces (sometimes called “dark patterns”) that trick users into accepting cookies they didn’t intend to.

Worth an internal audit if you haven’t done one recently.

The Bottom Line

That cookie banner isn’t just an annoyance to click away. It’s a decision point about how much of your browsing data you’re willing to share with companies you’ve never heard of.

Take the extra second to hit “Manage Preferences” and opt out of marketing cookies. Your future self (and your inbox, which will mysteriously receive fewer suspiciously well-targeted ads) will thank you.

Happy holidays, and may your cookies be the edible kind this season.

Have questions? Want to suggest a future topic? Email us at contact@intruvent.com We read everything.

See you Thursday for our very unofficial, extremely silly Year in Review.