You Are At: AllSands Home > Computers > Internet cookies: treat or threat?
Would you want to be pushing buttons on a remote that could tell a travel agency to send you mailers because you watch travel-related programs? Well, while online you may be giving such an agency exactly that power, except that instead of just the channel number, the agency is getting the exact URLs of the Web pages at which you look.

Where do cookies come in?

Web sites that know your identity and have a cookie for you could set up procedures to exchange their data with the companies that buy advertising space from them, synchronizing the cookies they both have on your computer. This possibility means that once your identity becomes known to a single company listed in your cookie file, any of the others might know who you are every time you visit their sites.

How do they know you?

All they may need is your email address because various databases let them look up your name and address from it. Databases get this information as:

1. People often type their email or postal address into forms when registering at a site or requesting information.

2. Some browsers that include a mail handler disclose the user's email address in certain situations, such as when requesting a file by FTP, which you can do simply by clicking on a link that happens to begin FTP, rather than http.

What are cookies?

Many organizations use cookies to track your every move on their site. These are electronic tidbits in the form of HTTP headers, which store information about your browsing habits, the sites you visit, the links you clicked on, etc. A cookie is a unique identifier that a web server places on your computer: a serial number for you personally that can be used to retrieve your records from its databases. It's usually a string of random-looking letters long enough to be unique. For example:

ASPSESSIONIDQQGQGGFF=KPHIJICAMEKAKLHBIKEOAAKP

They are kept in a folder called Cookies (Win) or in a file, cookies.txt (Mac) in your browser directory/folder.

Who baked them in the first place?

Lou Montulli, currently the protocols manager in Netscape's client product division, wrote the cookies specification for Navigator 1.0, the first browser to use the technology. Montulli says there's nothing particularly amusing about the origin of the name: "A cookie is a well-known computer science term that is used when describing an opaque piece of data held by an intermediary. The term fits the usage precisely; it's just not a well-known term outside of computer science circles."

Flavors of cookies

Cookies come in two varieties:

1. Session cookies clear out after you close the browser window (ending the session) and often are used by "shopping carts" at online stores to keep track of items you want to buy.

2. Persistent cookies are set by news sites, banner ad companies, and others who want to know when you return to a site. These, once set, remain on your hard drive until either your space for cookies is full (there is a limited amount) or the time stamp on it expires even if you upgrade your browser.

Why cookies?

Basically, it comes down to the way that Web pages are built from the server to the browser. Every time you request a new page, the server starts the page from scratch, losing all information that may have been gathered from a previous page. When you fill in a form, the server takes your entries and interprets them based on the CGI to present you with the next page. However, if you then need to go to a third page, the information gathered on the first page is lost to the server unless it is saved in some fashion.

The most common method to save information is in hidden fields. These are passed to the server along with all the other form entries. But hidden fields require that you always stay within the CGI so that they aren't lost.

Then along came cookies. Cookies gave Web developers the ability to save information from forms onto the client machine. Since you are filling out the form or buying the merchandise, storing the information you provide on your machine seemed a good solution. It is more secure than hidden fields, and it allows you to go anywhere on a Web site and not lose the information.

What are cookies up to?

The main purpose of cookies is to identify users and possibly prepare customized Web pages for them. When you enter a Web site using cookies, you may be asked to fill out a form providing such information as your name and interests. This information is packaged into a cookie and sent to your Web browser, which stores it for later use. The next time you go to the same Web site, your browser will send the cookie to the Web server. The server can use this information to present you with custom Web pages. So, for example, instead of seeing just a generic welcome page, you might see a welcome page with your name on it. Some sites use them to remember you without logging on and thus save you time getting where you want.

One use for cookies as mentioned earlier is in targeting advertising at you while your surf. If you take a look at your cookies, you'll most likely come across one with a name like "Cookie:yourname@doubleclick.net." You probably never went to such a site, but its presence indicates you have been to a site using its services. You also might have filled out some form or other at this site and empowered the doubleclick service to now use this information to help the site using the service to give you selective advertising based on your interests.

Most sites on the Internet do not keep their advertisements locally. Rather, they subscribe to a media service that places those ads for them, one such being Doubleclick. This is accomplished via a simple HTML call to the media service. When a page is requested, it is assembled through many HTTP requests by the browser. First, there is a request for the HTML itself. Then, everything the HTML needs is requested, including images, sounds, and plugins.

The call to the media service is an HTTP request for an image. Once the request is made to the media service, it can return more than just an ad. It can also return a cookie. Or, if it has given the user a cookie previously, it can read that first and check to see what ad to send. The net result is that the user gets a cookie from the media service without ever having visited it. You then receive specially targeted marketing banners from the site. In other words, if Harshad Mehta and I log on to the same site at the exact same time, I'll see ads for cars, and Harshad will see ads from financial websites, depending on our interests.

What can you do about them?

Not much; you can accept or leave the cookies or then switch to a browser that doesn't support them. You could also clean your system of them with some utilities that come expressly for the purpose, but you cannot actually control the information given out by them.

Disabling cookies and changing acceptance options

For Netscape 4.0:

Go to the Edit Preferences Advanced menu. The "alert before accepting cookies." option allows you only to read each cookie as it comes in, and hit "OK" to allow it, or "Cancel" to reject it. There you can accept all, warn before accepting, or reject all.

For Internet Explorer 5:

Go to Tools Internet Options. Click the Security tab and then the Custom Settings button and scroll for the cookie options and select the radio button you want.

Among other options: you can make the cookie files read only. Open Windows Explorer and go to C:\Windows\Temporary Internet Files. Right click on the files and choose Read only under Properties. This prevents any new information from being written to it, but the old information remains intact.

If you just delete the files, new ones can and are created. You could design a DOS batch file to delete these files at startup.

For some cookie tools, see the Web Box.

So what is the bottom line?

The main concern is that cookies gather and exchange information without anyone's knowledge. Some people may find the gathering of any information invasive to their privacy; but to the average level-headed person, the use of this information is harmless in itself as long as you know the limitations of these networks, and who is collecting what information and for what purpose. Also, you could be at the receiving end of a lot of junk in the form of spam and advertising material if your email address is given out.

On the other hand, what right should anyone have to collect information about you without your knowledge, and why should they break your right to privacy? You have to find the right balance between these views. One fact pointed out by those in favor of cookies is that only the server that places the cookie on your system can access the information in it. But this is hardly useful going by the way the doubleclick system works, as you have no control over the information exchanged between sites.

One thing to be made clear is that the information you give to websites is a major factor influencing your privacy; and if you don't control what you intentionally give out, why bother about what cookies gather? A cookie alone cannot read your hard drive to find out who you are, what your income is, or where you live. The only way that information could end up in a cookie is if YOU provide it to a site and that site saves it to a cookie.

You should also be aware about the kind of site that is placing the cookie and its reputation. For this, you could set your browser to prompt you before accepting a cookie. If you really don't want to take chances, use one of the utilities mentioned. Some cookies, as discussed, are there to make your surfing a more personalized experience, so don't wonder if you find some sites less personal when you visit them without their cookies.