A Closer Look At Cookies

ANOTHER LOOK AT COOKIES

Cookies is the term used for little chunks of data that web servers can store on your hard drive. Cookies record information about your visit to a particular site, and can ONLY be read back later by the site that created them. They are often used to make your web surfing more personal and convenient, but some people fear that cookie abuse could lead to loss of privacy.

Cookies Are Good For You

More and more sites are using cookies to enhance your web experience and enable some pretty cool features. The ever popular Yahoo site uses cookies to help you customize the site to suit your likings. If you specify that you want baseball scores, political headlines and a handful of quotes from your stock portfolio, Yahoo will record those preferences in a cookie. Then each time you return, the Yahoo server will read that cookie and customize the site accordingly. It's kind of like going to a restaurant where the waiter remembers your name and knows you like blue cheese dressing and extra croutons on your salad.

Some sites require that you create a userid and password to login before you can access certain content, but it can be a nuisance to remember and enter this information each time you return. Another good use for cookies is to remember your default settings at certain search engines. Sites like Google.com and Raging.com allow you to set preferences for language, number of results, output formatting and color schemes. By storing this data as a cookie, you only have to enter it once.

And if you do any online shopping, cookies make it possible to use a shopping cart where you can place your selections before checking out. You can even logoff half way through a shopping expedition and pick up later right where you left off. Some stores will even store your billing address in a cookie so you don't have to re-type when you place another order.

What's in a Cookie?

All of this reading and writing of cookies normally takes place without the user knowing that it's going on behind the scenes. Let's take the mystery out of cookies by finding out where they live and what's inside of them. Cookies are stored in a variety of places on your hard disk, depending on your browser and operating system.

• Netscape for Windows: See the file "cookies.txt" in the C:\Program Files\Netscape\Users\ folder.
• Netscape for Macintosh: uses a file called "MagicCookie" found in the Netscape folder inside your System Folder's Preferences folder.
• Internet Explorer for Windows: there's a separate file in the C:\Windows\Cookies folder for each site that wants to store cookies data on your computer.
• Internet Explorer for Mac: uses a file called "cookies.txt" in the Cache sub-folder of the Explorer folder, which is inside your System Folder's Preferences folder.

Once you locate your cookies file, take a look inside with a text editor such as Notepad (being careful not to modify the file) and you'll probably be surprised at the number of entries squirreled away by sites you've never heard of. That's because many popular sites have banner ads that are served up by other companies such as DoubleClick and LinkExchange. When you visit the Dilbert website, for example, you'll get a cookie from DoubleClick.

A typical cookies file contains the name of the site that wrote the entry, an expiration date, and some additional data pertaining to your visit to a site. Other crumbs of data that may be stored in cookies include your domain name (the part to the RIGHT of the "@" sign in your e-mail address -- NOT your username), the date and time of your visit, the type of computer, operating system and browser you have, and a history of the pages you visit at a specific site. Big deal, huh?

Cookies Are Safe

It's important to remember that a cookie cannot store any personal data such as your name, e-mail address or phone number UNLESS YOU EXPLICITLY PROVIDE THAT INFORMATION on a form at the site creating the cookie. Further, the safety features built into the cookies technology DO NOT ALLOW a website operator to access other files on your hard disk, or to look at cookies that were created by other sites. (Of course this assumes you are using an up-to-date version of your browser. Check the Netscape or Microsoft website if you're not sure.)

Remember these important facts about cookies:

• Cookies are designed to save you time and make surfing easier
• Cookies cannot access personal data or files from your hard drive
• Cookies can only be read by the website that created them

Can Cookies Be Bad For You?

None of the information stored in a cookies file is really shocking in and of itself, but it's the ability to track the specific sites and pages you visit that worries some people. Since ad agencies like DoubleClick have their hooks in many popular sites, there is the potential that they could surreptitiously gather information on the web surfing habits of individuals. If this information was sold or improperly analyzed, it could cause trouble in the wrong hands. DoubleClick says they only use cookies to keep users from seeing the same ad too many times, and with all the media scrutiny focused on them right now, it seems safe to assume this is true.

Nonetheless, some are envisioning more frightening scenarios involving cookies and privacy. Could you face the prospect of being denied a job because you visited a website advocating the legalization of marijuana? Get hit with an insurance rate hike after visiting an AIDS patient informaton site? Or find the Feds at your door after browsing through online bomb making information?

Such prospects seem highly unlikely to yours truly, but privacy advocates like Jeff Chester of the Center for Media Education see danger ahead. "We have to keep online marketers out of the cookie jar," says Chester. "Such Orwellian practices to stealthily track every move made online and share that information with other companies should be prohibited."

Others are quick to point out that online services like America Online and Compuserve have the ability to track the actions of subscribers at a finer level, and know much more about their subscribers than cookies could ever reveal to website operators. Armed with your name, home address, credit card number, and the ability to record every word you write in the the "Cheatin' Hearts" chat room, one would think the potential for abuse is much higher, but there is no anecdotal evidence that it has ever happened, either on AOL or a cookies-enabled website.

Another interesting side note: I've NEVER received a cookie from any government or military website. I'm pretty sure there is an official policy of the US government which forbids or discourages it. I think this is an over-reaction which ultimately makes those sites LESS usable, but it does give the conspiracy theorists one less thing to whine about. :-)

Tossing Your Cookies

If you're convinced that cookies pose a threat to your privacy, and you're willing to live without the convenience they provide, there are a variety of ways to block, delete and even totally prevent cookies. Both Netscape and Explorer give users the option to control cookies in a variety of ways.

With Netscape Communicator, select Edit/Preferences/Advanced and you'll have the option to accept, refuse or get a cookie warning. A fourth option "Accept only cookies that get sent back to originating server" may be a good compromise because it eliminates cookies from third-party ad serving firms such as Doubleclick. With MS Internet Explorer, you can do much the same thing by selecting Tools/Internet Options/Security/Custom Level. Note that with either browser, checking the "Warn before accepting cookies" box does give you the option to accept cookies only from sites you trust, but gets really annoying after a while.

Another idea is to make your cookies file read-only. This will prevent any new cookies from being written to your hard disk, while allowing cookies to function normally during a single browser session. So you could still use online shopping sites, but you'd miss out on the ability to use customization features at sites like Yahoo. Deleting your cookies file(s) after closing your browser would have pretty much the same effect.

If you're really serious about online privacy, visit the Anonymizer website (www.anonymizer.com) and find out how to make all your web viewing totally anonymous and frustrate the cookie senders. You can also download a variety of free or inexpensive shareware programs such as Cookie Monster, Cookie Cutter and Cookie Crusher that give you total control over cookies.

Learning More

If you want to learn more about the technical details behind cookies, or delve further into the privacy and security issues, visit these sites on the web:

• Netscape's Cookie Specs
  http://home.netscape.com/newsref/std/cookie_spec.html
• Cookie Central
  http://www.cookiecentral.com
• Electronic Privacy Information Center
  http://www.epic.org

I hope this info helps you to understand the truth about web cookies. Feel free to pass this along to a friend! See you next time! --Bob