Back in 1997, I wrote a comprehensive guide to web cookies that tells
you everything need to know about these tasty little critters. I still
get a lot of mail from people who misunderstand cookies, so I've
updated that article with some new information. Read on for a closer
look at the good, the bad, and the crumbly aspects of web browser
cookies.
ANOTHER LOOK AT COOKIES
Cookies is the term used for little chunks of data that web servers
can store on your hard drive. Cookies record information about your
visit to a particular site, and can ONLY be read back later by the
site that created them. They are often used to make your web surfing
more personal and convenient, but some people fear that cookie abuse
could lead to loss of privacy.
Cookies Are Good For You
More and more sites are using cookies to enhance your web experience
and enable some pretty cool features. The ever popular Yahoo site
uses cookies to help you customize the site to suit your likings. If
you specify that you want baseball scores, political headlines and a
handful of quotes from your stock portfolio, Yahoo will record those
preferences in a cookie. Then each time you return, the Yahoo server
will read that cookie and customize the site accordingly. It's kind
of like going to a restaurant where the waiter remembers your name and
knows you like blue cheese dressing and extra croutons on your salad.
Some sites require that you create a userid and password to login
before you can access certain content, but it can be a nuisance to
remember and enter this information each time you return. Another good
use for cookies is to remember your default settings at certain search
engines. Sites like Google.com and Raging.com allow you to set
preferences for language, number of results, output formatting and
color schemes. By storing this data as a cookie, you only have to
enter it once.
And if you do any online shopping, cookies make it possible to use a
shopping cart where you can place your selections before checking out.
You can even logoff half way through a shopping expedition and pick up
later right where you left off. Some stores will even store your
billing address in a cookie so you don't have to re-type when you
place another order.
What's in a Cookie?
All of this reading and writing of cookies normally takes place
without the user knowing that it's going on behind the scenes. Let's
take the mystery out of cookies by finding out where they live and
what's inside of them. Cookies are stored in a variety of places on
your hard disk, depending on your browser and operating system.
- Netscape for Windows: See the file "cookies.txt" in the
C:\Program Files\Netscape\Users\ folder.
- Netscape for Macintosh: uses a file called "MagicCookie" found in
the Netscape folder inside your System Folder's Preferences folder.
- Internet Explorer for Windows: there's a separate file in the
C:\Windows\Cookies folder for each site that wants to store cookies
data on your computer.
- Internet Explorer for Mac: uses a file called "cookies.txt" in the
Cache sub-folder of the Explorer folder, which is inside your System
Folder's Preferences folder.
Once you locate your cookies file, take a look inside with a text
editor such as Notepad (being careful not to modify the file) and
you'll probably be surprised at the number of entries squirreled away
by sites you've never heard of. That's because many popular sites
have banner ads that are served up by other companies such as
DoubleClick and LinkExchange. When you visit the Dilbert website, for
example, you'll get a cookie from DoubleClick.
A typical cookies file contains the name of the site that wrote the
entry, an expiration date, and some additional data pertaining to your
visit to a site. Other crumbs of data that may be stored in cookies
include your domain name (the part to the RIGHT of the "@" sign in
your e-mail address -- NOT your username), the date and time of your
visit, the type of computer, operating system and browser you have,
and a history of the pages you visit at a specific site. Big deal,
huh?
Cookies Are Safe
It's important to remember that a cookie cannot store any personal
data such as your name, e-mail address or phone number UNLESS YOU
EXPLICITLY PROVIDE THAT INFORMATION on a form at the site creating the
cookie. Further, the safety features built into the cookies
technology DO NOT ALLOW a website operator to access other files on
your hard disk, or to look at cookies that were created by other
sites. (Of course this assumes you are using an up-to-date version of
your browser. Check the Netscape or Microsoft website if you're not
sure.)
Remember these important facts about cookies:
- Cookies are designed to save you time and make surfing easier
- Cookies cannot access personal data or files from your hard drive
- Cookies can only be read by the website that created them
Can Cookies Be Bad For You?
None of the information stored in a cookies file is really shocking in
and of itself, but it's the ability to track the specific sites and
pages you visit that worries some people. Since ad agencies like
DoubleClick have their hooks in many popular sites, there is the
potential that they could surreptitiously gather information on the
web surfing habits of individuals. If this information was sold or
improperly analyzed, it could cause trouble in the wrong hands.
DoubleClick says they only use cookies to keep users from seeing the
same ad too many times, and with all the media scrutiny focused on
them right now, it seems safe to assume this is true.
Nonetheless, some are envisioning more frightening scenarios involving
cookies and privacy. Could you face the prospect of being denied a job
because you visited a website advocating the legalization of
marijuana? Get hit with an insurance rate hike after visiting an AIDS
patient informaton site? Or find the Feds at your door after browsing
through online bomb making information?
Such prospects seem highly unlikely to yours truly, but privacy
advocates like Jeff Chester of the Center for Media Education see
danger ahead. "We have to keep online marketers out of the cookie
jar," says Chester. "Such Orwellian practices to stealthily track
every move made online and share that information with other companies
should be prohibited."
Others are quick to point out that online services like America Online
and Compuserve have the ability to track the actions of subscribers at
a finer level, and know much more about their subscribers than cookies
could ever reveal to website operators. Armed with your name, home
address, credit card number, and the ability to record every word you
write in the the "Cheatin' Hearts" chat room, one would think the
potential for abuse is much higher, but there is no anecdotal evidence
that it has ever happened, either on AOL or a cookies-enabled website.
Another interesting side note: I've NEVER received a cookie from any
government or military website. I'm pretty sure there is an official
policy of the US government which forbids or discourages it. I think
this is an over-reaction which ultimately makes those sites LESS
usable, but it does give the conspiracy theorists one less thing to
whine about. :-)
Tossing Your Cookies
If you're convinced that cookies pose a threat to your privacy, and
you're willing to live without the convenience they provide, there are
a variety of ways to block, delete and even totally prevent cookies.
Both Netscape and Explorer give users the option to control cookies in
a variety of ways.
With Netscape Communicator, select Edit/Preferences/Advanced and
you'll have the option to accept, refuse or get a cookie warning. A
fourth option "Accept only cookies that get sent back to originating
server" may be a good compromise because it eliminates cookies from
third-party ad serving firms such as Doubleclick. With MS Internet
Explorer, you can do much the same thing by selecting Tools/Internet
Options/Security/Custom Level. Note that with either browser,
checking the "Warn before accepting cookies" box does give you the
option to accept cookies only from sites you trust, but gets really
annoying after a while.
Another idea is to make your cookies file read-only. This will
prevent any new cookies from being written to your hard disk, while
allowing cookies to function normally during a single browser session.
So you could still use online shopping sites, but you'd miss out on
the ability to use customization features at sites like Yahoo.
Deleting your cookies file(s) after closing your browser would have
pretty much the same effect.
If you're really serious about online privacy, visit the Anonymizer
website (www.anonymizer.com) and find out how to make all your web
viewing totally anonymous and frustrate the cookie senders. You can
also download a variety of free or inexpensive shareware programs such
as Cookie Monster, Cookie Cutter and Cookie Crusher that give you
total control over cookies.
Learning More
If you want to learn more about the technical details behind cookies,
or delve further into the privacy and security issues, visit these
sites on the web:
- Netscape's Cookie Specs
http://home.netscape.com/newsref/std/cookie_spec.html
- Cookie Central
http://www.cookiecentral.com
- Electronic Privacy Information Center
http://www.epic.org
I hope this info helps you to understand the truth about web cookies.
Feel free to pass this along to a friend! See you next time! --Bob