The truth about web cookies


(This article was originally published in the January/February issue of i/s newsletter).

Last week you browsed through the travel section of your favorite on-line bookstore. Today when you returned to their Web site, the first page highlighted best-selling travel books. This confirms a pattern you've noticed: when you revisit certain Web sites, they serve pages that are customized to your interests. What enables this sort of personalization? And should you be worried about it?

COOKIES WITHOUT CALORIES

The behind-the-scenes mechanism that stores information about your Web preferences is called a cookie. Browsers such as Netscape set aside a small amount of space on your hard drive for Web sites to store information for future use. A Web site may deliver one or more cookies to your browser, which in turn stores the data on your computer in a text file. The next time you go to that Web site, the server looks at its cookie in your cookie file and puts up a page based on what it finds.

What kind of information gets saved in a cookie? A catalog company may keep a record of your virtual shopping basket; an online newspaper may track which topics interest you. Other sites may store your user name and password if they charge for a service or maintain confidential data, such as your investment portfolio.

In short, a cookie can track any information that you volunteer by clicking on buttons or links or by filling out fields or forms at a Web site. That's about it. A cookie can't read or collect other data on your hard drive.

If you're curious about cookie contents, take a look at your own cookie file. On Windows computers running Netscape, it's called cookies.txt; on Macintoshes, MagicCookie; and on Athena, cookies. You can find your cookie file by doing a search based on the cookie filename for your platform.

ARE COOKIES GOOD FOR YOU?

Well, that depends. If you are a Web site maintainer, cookies let you track user preferences and count individual users (rather than just hits). You can also see how people navigate your site, which may help you to improve its layout.

If you are browsing the Web, cookies can preserve certain settings or options that you use each time you visit a site. If your navigation within a site is tracked, the site's server can customize pages for you. You may view this tracking as customer service or as snooping.

WHAT ABOUT PRIVACY?

Privacy is very subjective: what is private to one person may not be private to another. And information you consider private today you may be willing to share tomorrow for convenience or some other perceived benefit. So when it comes to cookies perhaps the important question is, what options do you have for controlling their use?

By default, most browsers, including Netscape and Internet Explorer, accept all cookies automatically. Recent versions of these browsers do offer you more control. If you use Netscape 3, you can go to the Protocols section of Network Preferences under Options and check an option to "Show alert before accepting a cookie." In this instance, every time a site wants to send a cookie, a dialog box will appear giving you the option to accept or refuse. You may soon find this very annoying, though, since requests to send cookies are commonplace.

Netscape 4 gives you more options. In the Advanced section of Preferences under the Edit menu, you can choose to accept or reject all cookies, accept only cookies that get sent back to the originating server, or get a warning before accepting a cookie.

There are other strategies as well. You can delete your cookie file on a regular basis, or install freeware or shareware applications that give you more control over cookies. To learn about and download these programs, go to the Cookie Central Web site at http://www.cookiecentral.com/ and select the Stopping Cookies link.

Cookie Central is the place to go for all kinds of cookie-related material. The site covers the uses and abuses of cookies, offers FAQs and demos, and provides solutions for those who want to limit their cookie intake.

A version of this article appeared in MIT Tech Talk on May 6, 1998.


Topics: Computer science and technology

Comments

Back to the top