by Ann Mulhearn
ey, man, wanna
cookie?
Chocolate chip? Oatmeal raisin? Encrypted electronic gobbledygook? Don't have a sweet tooth? Check your hard drive, my friend. You may have been force-fed.
Electronic "cookies" are snippets of information that a server places on your hard drive via your browser when you access a "cookie-enhanced" Web site. These unique text strings allow the server to recognize you during later visits. Despite the recent hype, cookies are nothing new. They have been around since the early days of Netscape. Their original intent was to alleviate programming problems for Webmasters.
Used as intended, cookies can be a good thing. Cookies let a site know if you've been there before, where you're coming from, and remembers any information you previously entered at that site. They've made many a Web-site administrator's life easier. But for every action, there is often an equal and opposite reaction, a dark side. In the case of cookies, it's marketers.
Imagine this scenario. You go to a Web site, click around a bit, enter an innocuous contest for a Dilbert mouse pad, and then surf on to greener pastures. Months go by -- you obviously didn't win the mouse pad. You return to the site to be greeted with a personalized message, accurate down to the date you were cheated out of that mouse pad. You notice that the ad banners are all coincidentally connected with scuba diving, your other favorite hobby. How do they get that stuff? Do they call the Psychic Friends Network?
No, they cookie-ized you. The last time you visited the site, your browser accepted a cookie from the Web server and quietly hummed along those many months. This cookie included information that you provided to enter the contest, including your name and favorite pastime. When you returned to the site, the Web server retrieved the cookie from your hard drive and used the information to personalize the site for you.
How sweet, but where do the marketers come in? Well, a few cookies have been designed that essentially track you across sites, tracing your path through the Web, noting information about your personal preferences along the way, slowly building a dossier about you, your tastes, and your habits that is stored in a centralized location and, true to American capitalism, is for sale. All without your conscious knowledge or consent.
Okay, so people can cull information from Web activity by using cookies. That sticks in my craw a bit, but at least I get ad banners that interest me. The real question -- are cookies dangerous? No. There were some early bugs in Java, Javascript, and Active X (a Microsoft scripting language) that allowed cookies to do some sneaky things, but those have now been fixed. It can't even search your hard drive for pirated software. All a cookie can do is store a tad of information in a pre-designated file. No executables, so no viruses.
But can't someone make a cookie to read other cookies? No. Only the server that set the original cookie can read that cookie and update it.
If cookies are no longer a security issue and are generally harmless, why do so many people hate them? It comes down to privacy. The hard drive is the computer geek's castle; she resents and abhors anyone having access to it, even just to place an inoffensive text string. Besides, the glory of the Internet is the anonymity. If you don't want the world knowing who or what you are, you can hide behind the anonimity of your screen name. With cookies, that layer of protection can be stripped away.
And, my friends, the real Web developers, are looking out for me. A proposal currently before the Internet Engineering Task Force, (a nonprofit organization monitoring developments within the Internet and its technology), Netscape, and Microsoft would give the user more control over the persistence and acceptance of cookies. If accepted as an industry standard, the proposal's specifications would be implemented in every browser that supports cookies.
Netscape Communicator 4.0, now in beta release, has already implemented many of the proposal's suggestions. You can specify one of four options: accept all cookies, accept only cookies being sent to the originating server, disable Cookies (rejecting all cookies by default), or Warn me before accepting a cookie. Microsoft Internet Explorer 4.0, however, has not updated their cookie policy.
But that's the future. What can I do now to thwart malignant marketing minions who would shame the good name of cookies? There are several quick and painless things. In Netscape, you can go to the Options/General Preferences menu and click the box to alert you when a cookie is offered. This works great -- you can pick and choose among cookies and sites. But it gets bit tiresome, especially if a site uses multiple cookies on multiple pages. But what if you use Microsoft Internet Explorer? Well, go to the View/Options/Advanced/ Warnings menu and uncheck "don't warn before accepting cookies."
A more permanent solution is to find your "cookie jar" and tamper with it. For Netscape, search for the file "cookies.txt," usually found in C:\Program Files\Netscape\. Delete the contents of the file, then edit its properties, making it read only, hidden, and system. Now no site utilizing cookies can update your cookie file. For MSIE, it's a bit more tedious. Cookies are stored individually in the C:\Windows\Cookies\ directory. You must go into each file, delete contents, and change properties. Or you could delete the contents of the directory after each Internet session. And, of course, there are software packages that search your hard drive for cookies and eat them.
The hysteria spewing from some quarters of the Web world is a knee-jerk reaction to legitimate privacy issues spawned by the abuse of cookies. Although the primary use of cookies today is marketing-related, the majority of sites using them stay true to the original intent of cookies -- using the information only to make your visits more enjoyable.
Final words of wisdom -- the desire for cookie monsters and workarounds will certainly subside once the two browser heavies finally agree on something that resembles a standard. Cookies are essentially good; just use caution when accepting cookies from strangers.
Related URLs: http://home.netscape.com/assist/security/faqs/cookies.html
http://www.cookiecentral.com/ http://adage. com/interactive/articles/19970512/article5.html)