Sunday, August 1, 1999
For most Internet users, sitting in solitude behind their computer screens, privacy is not a concern. If no one is around, and no one can see you, you can drop your guard.
Well, that’s so — in the real world. In the Internet world, the reality is that every time you visit a Web site and every time you click on a link, your actions are being tracked and your movements monitored, thanks to the innovation of cookie technology.
In recent years, the usage of cookies has sparked widespread concern, even paranoia, about privacy issues on the Internet. This has led groups such as the Internet Engineering Task Force, a loose coalition of technical experts responsible for the development of standards for the Internet, to consider a proposal that would limit the ability of companies to use cookies.
A cookie, simply put, is a small piece of information (no more than 255 characters and 4K bytes of disk space) sent by a Web server, and written to the hard drive of an Internet user. Cookies are "passed" from Web servers to a user’s hard drive when the user visits some Web sites. In this way, a cookie can be used to identify you whenever you return to that particular Web site.
The Original Concept
A Netscape-invented technology in 1995, cookies were originally designed to make it easier for users to access their favorite Web sites without having to go through a lengthy process of identifying themselves every time they visited. For instance, on your first visit to a particular Web site, you may be asked to reveal personal information such as your name, address, or possibly even some financial information. The site will then store this information and pass a cookie to your hard drive. Then whenever you return to that Web site, information will be retrieved from the stored cookie to determine if you have authorization to access the site.
Some search engines also began to use cookies to identify users in order to offer them customized news and services based on their prior use. Cookies have also been used to maintain "shopping baskets" on online ordering systems. As time passed, people began to quickly catch on to the fact that cookies could be used to customize home pages to a particular user. For example, if someone visited the MSNBC site but didn’t want to see any sports news, the site would offer an option to not display anything sports-related.
So, What’s the Big Deal?
Unsuspected — but not unexpectedly — other entities got their hands into the cookie jar. Webmasters soon realized that cookies could be used to track where a user went on their Web site. In this way, Web servers were able to differentiate 30 individuals visiting their site as opposed to one individual hitting the reload button 30 times. Each click on a link in a Web site could be added to a profile of the user maintained by the Web server.
Advertising companies began to utilize cookies to accumulate browsing behaviors and build profiles of users, sometimes very detailed, to target advertisement to individual users.
If you don’t mind companies tracking your movements for commercial purposes, then there is no problem here. However, the very nature of cookie use is not out in the open. While recent versions of popular Web browsers like Netscape and IE offer options to reject cookies, the default options are set so that the user is not warned that a cookie is being passed.
Data-Collecting Cookies
There are two types of cookies in use by Web servers. Non-persistent cookies exist only during the time a user is visiting a site. Once the user leaves the site, the cookies are deleted. Persistent cookies, on the other hand, are stored on a user’s hard drive and remain there until an expiration date set by the Web server permits its deletion. These are the types of cookies that can store data and information about your online habits. Now, if this isn’t enough to make you wary, then consider the use of third-party cookies. Some Internet users have begun to notice cookies passed to them by Web sites that they had never visited. This meant, of course, that their personal information obtained via a cookie on one Web site was relayed to maintainers of another Web site. Alas, a marketer’s haven had been created. Without controls over online activity, marketing companies began to take advantage of cookies.
So Why Not Eliminate Cookies?
First off, as long as the designers of Web browsers allow cookies, they will continue to exist. And the designers allow them. End of story. RFC 2109 was a proposal set before the Internet Engineering Task Force that would set standards on the use of cookies, but it did not have a significant impact because the Web browser designers didn’t fully endorse it. Instead, companies such as Netscape and Microsoft decided to include options for users to reject cookies if they so chose.
Even if cookies hang around for a while, fear not. Cookies can only harm you if you allow them to harm you. Cookies can’t get anything. In other words, they can’t pry into your hard drive and retrieve personal information such as passwords, e-mail addresses or bank account numbers. They can only store information that you have submitted to a Web server.
Not a New Phenomenon
If this thought comforts you at all, consider this: even outside of the Internet, the cookie concept is nothing new. Database technology and caller ID have long been storing your personal data. Employees at Pizza Hut, for instance, can bring up information about your last order, not to mention your phone number, address and method of payment. Companies in the real world relay your personal information to other companies quite often, which explains the abundance of junk mail in your mailbox. Database technology has long been in use without much concern over privacy issues. So has caller ID.
A Matter of Chocolate Chip, . . or No Thanks
Despite the negative publicity that cookies have endured, their threat to privacy is minimal. You most definitely have more important concerns than cookies invading your privacy. Again, options for rejecting cookies are readily available, as are a variety of add-on programs that eliminate cookie files altogether. For more information on cookies, including how to stop them, visit www.cookiecentral.com. There is a wealth of information available online. Just beware of the cookie monster!
