Hi! Quick question, i’ve been looking at the data storage documentation of RudderStack but it doesn’t mention it anywhere (https://www.rudderstack.com/docs/sources/event-streams/sdks/rudderstack-javascript-sdk/data-storage-cookies/#cookies). It does mention that all the cookies are encrypted, but are they any sensitive to a company using this considering that in the following example: https://github.com/rudderlabs/rudder-sdk-js/blob/643850ed410580dbb0e25de01a18e3fbd6390b69/src/utils/storage/storage.js The code specifies a default key which allows anyone to really decrypt the cookies. Should i bother changing the default key or is it whatever?

Hey @lemon-advantage-97968, Encrypting is done to keep it hidden from the plain site. No other reason. Data stored in these cookies are provided by user, so it is up to them what kind of data they want to send. Finally, it is nothing to bother about.

Hi @high-zoo-17436 thanks for the answer! Does that mean that there are no security implications of a potential attacker modifying the cookies?