|
Are Cookies Good for You?
 E-mail this page  Printer-friendly page
Just about all of us have similar memories: a platter of freshly baked cookies is cooling on the kitchen table, and those wonderful aromas are driving us quietly nuts.
"Wait until they cool," we're admonished, but at times the temptation is almost overwhelming….
To World Wide Web users, however, the term "cookies" has a far different meaning. Frequently when surfing the Web each of us is asked whether we will allow the website to send us a "cookie" -- a file they place on our computer.
I've received cookies often in the past but in researching this article, decided to go after them specifically. So I traipsed through lots of sites looking specifically for them to send me cookies. I surfed through Micron, Cisco, and even Nabisco (www.nabisco.com). Dawdled on that site a bit -- it had cool recipes which would be especially interesting and occasionally annoying to anyone on a diet. I found lots of cookies . . . but none of the Internet variety.
So I capitulated and looked on my Win95 computer under c:\win\cookies and found 42 of them, most of them small files of 100 bytes or so. There were some larger, more detailed index and dat files as well.
What's a "cookie"?
If you're interested in truly technical explanations, you'll want to see Netscape's cookie documentation at http://home.netscape.com/newsref/std/cookie_spec.html.
According to Netscape, "a server, when returning an HTTP object to a client, may also send a piece of state information which the client will store. . . Any future HTTP requests made by the client . . . will include a transmittal of the current value of the state object from the client back to the server. The state object is called a cookie, for no compelling reason."
"This simple mechanism," Netscape continues, "provides a powerful new tool which enables a host of new types of applications to be written for web-based environments. Shopping applications can now store information about the currently selected items, for-fee services can send back registration information and free the client from retyping a user-id on next connection, sites can store per-user preferences on the client, and have the client supply those preferences every time that site is connected to."
Cookies: Storing What, And About Whom?
"Preferences"? The consternation over "cookies" is that those "preferences" may, some cookie critics argue, include information which, from the surfer's perspective, may be none of the site's business, such as software on your system; recently visited websites; or other private information.
That possibility infuriates many people, and civil libertarians are high on the list. The ACLU, which fought tenaciously to overcome the Communications Decency Act (CDA) a year ago, is notably not involved in the fracas over cookies . . . although its fight for Internet privacy, particularly for employees who access the Internet at work, is continuing.
Some websites are going to great lengths to explain what cookies are and why they use them.
LinkExchange, a website advertising/promotional cooperative, posts this notice on its home page (www.linkexchange.com): "A cookie is a technical term for a piece of information that's sent by a web server (such as ad.linkexchange.com) to a browser (such as Netscape Navigator or Microsoft Internet Explorer) and then back again from the browser to the web server. Even though there really isn't much to cookies, they allow you to do some really neat things like (execute):
- Online shopping carts
- Personalize websites such as MSN or My Yahoo!
- Enable faster click-throughs on advertising networks like LinkExchange
". . . Our cookies tell us where to send you when you click on one of our ads. Say you visit a site . . . which displays LinkExchange banners. The site contains code to load a banner off our ad server, ad.linkexchange.com. When we send you the ad, we send a cookie along with it which says who's account that ad links to. So, for example if you see an ad for Surf Point, you'll also get a cookie which says:
XLINK=X001019 because X001019 is the account number for Surf Point. If you were to click on the ad, your browser would send the cookie back to ad.linkexchange.com. This tells us that you just clicked on Surf Point's banner, so that our server knows where to send you. It is possible for our server to work without cookies. However, this requires additional calculation, which would result in a slight delay on every click-through.
"The cookie sent by our ad server is private and cannot be viewed by anyone else except you and LinkExchange. Other websites will not be able to tell that you saw an advertisement for Surf Point.
"We've received some e-mail messages from people who were misinformed and thought that we might be recording their e-mail addresses, credit card numbers, or information off their hard drives, but the truth is we do not have access to this information. . . ."
Are They Spying On You?
Although LinkExchange is at peace with its use of cookies, some observers feel cookies may be decidedly less benign. In fact, the potential privacy-invading effects of cookies were noted as long as two years ago by Lee Gomes in an article he wrote in Silicon Valley's bible, the San Jose Mercury News.
"You'll probably be surprised to hear this," the article began, "but the websites you're visiting may be spying on you and using your own computer's hard disk drive to keep detailed notes about what they see. A little-known feature of (Netscape Navigator and Microsoft Internet Explorer) allows websites to store any information about your visit that they want to by way of a file on your own hard drive. The file theoretically can be up to 1.2 megabytes big -- the size of a medium-sized computer program. The feature is called ‘cookies,' and while Netscape said the feature has many legitimate uses, the company admitted its use could evolve to pose serious questions involving privacy and other issues. . ."
Among the information which cookies enable websites to store about you on your own hard drive are what specific pages you look at and how long you look at them. Gomes noted, "a company with a website . . . could monitor a person's use while on that individual site. The site will also know that you visited it before and it may know of your interests. Cookies can't tell a website your name or address unless you intentionally register at the site, giving it personal information."
Alarmingly to many people, all of this information, including private information you supply when registering with certain sites, can be sold to third parties, including those which market by sending you e-mail you didn't ask for -- otherwise known as "SPAM." Even if you don't register they can get your e-mail address and blast you with after-the-fact what one writer-friend describes as "vacuous tripe."
"Even while cookies don't explicitly betray your identity, the feature seems to violate two nearly universal assumptions held by computer users," Gomes noted. "One is that exploring the World Wide Web is an entirely confidential and anonymous experience that leaves no record of itself. The other is that users' hard disk drives are, in effect, their castles, and shouldn't be tampered with -- without an owner's explicit knowledge and approval."
Many users worry that invasive websites will nose around their hard drives and report what they see to some corporate Big Brother. They also worry that some websites will, without the surfer's knowledge or consent, locate and exploit the cookies (information) left by other websites. To their relief, however, Netscape's software reportedly prevents one website from accessing cookies stored by another. But the bad news is that one website can "pretend it is another site and therefore get access to information," Gomes noted.
Force Feeding of Cookies
Current versions of both Netscape Navigator and MSIE warn you when websites want to send you a cookie and give you the option to accept or refuse it. But the option is posed problematically: you are warned that if you refuse the cookie, the web page may not "display correctly." In its cookie story, LinkExchange says "Our best advice is to turn that warning dialog off."
Some people put that solution in the same league with removing the battery from your smoke detector so as to prevent false alarms. Warnings are, in fact, supposed to be warnings.
If you do want to turn off the cookie warning dialog in Netscape Navigator 3.0:
- Go to the ‘Options' menu and select ‘Network Preferences.' Click on the ‘Protocols' tab and remove the check from ‘Show an Alert Before Accepting a Cookie.' Warnings about cookies will cease.
- If you want to disarm the warning in MSIE 3.0, go to the ‘View' menu, select ‘Options,' click on ‘Advanced' and remove the check from ‘Warn before accepting a cookie.'
If you have Navigator 4.0:
- Click on Edit, Preferences, Advanced, and Accept All Cookies.
- To disarm the cookie warning in MSIE 4.0, click on View, Internet Options, Advanced, Security, Cookies.
To ensure that you are warned about cookies in MSIE 3.0, Netscape 3.0, MSIE 4.0, or Netscape 4.0, or to refuse cookies altogether, go to the same location and set your preferences accordingly.
Not Poison After All?
In "The Dark Side of Cookies," on the CNET website, the author attempts to put the cookie controversy to rest. The same website offers much solid advice for users who own or contemplate developing a website. If that's you, check out http://www.cnet.com/Content/Builder/Programming/Cookies/splash.html?bb, which offers substantial detail on what cookies are and how they work -- and why and how to add them to your website.
"Word is slowly spreading that cookies aren't the poison pellets they've been made out to be. In fact, the cookie controversy might have faded by now, except that at least one banner advertising network has used cookies to track users' Web activities in a manner that many people find objectionable. The DoubleClick Network [apparently a LinkExchange competitor -Ed.] attempts to develop customer profiles and present those users with banner ads targeted toward their interests. Each time a visitor connects to a DoubleClick site, the DoubleClick server reads and/or writes a cookie to their hard disk, in the process compiling extensive data about the user's activities on those sites."
According to CNET, DoubleClick says it doesn't gather or retain usernames, email addresses, or telephone numbers; nor does it sell or rent the information it collects. It "uses the information solely to deliver customized advertising on DoubleClick Network sites."
Because of customer objections, however, DoubleClick now offers a free method to disable its tracking -- a method which requires yet another cookie.
The article concludes: "You are in far more peril when you hand your credit card to a waiter than when you accept a cookie from a respectable website, or for that matter give your credit card number to the site. As in any transaction, however, smart buyers should take every step to ensure that they're dealing with reputable sites. Many factors go into establishing trustworthiness, beginning with web builders prominently displaying a policy statement outlining exactly how they use cookies in their sites."
So, Are They Benign or Malignant?
Simply because a site you're visiting is familiar should give you no genuine assurance that the site offers benign cookies, says www.cookiecentral.com.
"The value of a cookie remains unknown because the value name and variable are only known by the server which set it, so it is impossible for someone to steal a cookie . . . from a CGI script, but it is possible to steal a cookie from Javascript."
But is there danger? Cookiecentral concludes, "Cookies cannot harm your computer. The general controversy is . . . what information they can store, and what they can pass on to servers. There is currently a new proposal to limit the features of the cookie protocol, which would give people a greater control over what cookies they [allow their hard drives to] accept and from where."
So the definitive answer appears to be: unequivocally perhaps both. (Sorry.)
The Lure of Anonymity
Cookie Central links to www.anonymizer.com, a site which offers a supposedly palatable solution to anyone who doesn't want any website to send cookies to their computer. Anonymizer's home page illustrates how easily and how quickly any website can gather information on anyone who visits it. On the home page appear these words, among others: Who Are You? You don't have to tell us, we already know about YOU…
I clicked and in seconds the site fed back this data:
- You are affiliated with The Internet Access Company. (True, they're my ISP.)
- Your connection provider is located around Bedford, MA. (MAP)
- Your Internet browser is Mozilla/4.01 [en] (Win95; I).
- You are coming from p18.ts1.wareh.MA.tiac.com. (That's a POP site I use.)
- You just visited the Anonymizer Home Page.
"In addition, a server can insert a ‘cookie' into your browser. A cookie . . . can contain any information the server wants to give you -- names of the pages you typed, what you typed into the pages, etc. Then a server can ask for all of this information, and can automatically compile a dossier of your interests while reading the site. Anonymizer stops cookies.
"Java and Javascript are disabled because they can access sensitive information inside your web viewing program -- your e-mail address and the history of the pages you've read, for example. (Cookie Central implies that this "flaw" has been fixed.) Our Anonymizer Surfing service allows you to surf the web without revealing any personal information."
If you sign up with Anonymizer, you go to their site from which you can go in total anonymity to any other public site -- no cookies, ever. Although the service comes at a price, Anonymizer also offers a lower bandwidth (slower) free service, also anonymous. Details on both are at www.anonymizer.com/surf_free.html.
But the best solution may be the simplest. If you don't really know who "baked" the cookies, just say no. They may not be worth it. . . .
We've grouped these samples by
type; just click what you want to see. Thanks again for taking
the time to visit us. Note: to see entire websites we've
produced, click HERE
E-mail this page Printer-friendly page
|
