What are cookies? A "cookie" is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. This is useful for having the browser remember some specific information.

What are they used for ? An example is when a browser stores your passwords and user ID's. They are also used to store preferences of start pages, both Microsoft and Netscape use cookies to create personal start pages. Common cookies which companies use are find info are listed below:

Online Ordering Systems. An online ordering system could be developed using cookies that would remember what a person wants to buy, this way if a person spends three hours ordering CDs at your site and suddenly has to get off the net they could quit the browser and return weeks or even years later and still have those items in their shopping basket.

Site Personalization. This is one of the most beneficial uses, let's say a person comes to the MSNBC site but doesn't want to see any sports news. They allow people to select this as an option, from then on (until the cookie expires) they wouldn't see sports news. This is also usefull for start pages.

Website Tracking. Here is a hot button! A lot of people think it is an invasion of privacy, if a web site designer wanted to see what interests them. Site tracking can show you "Dead End Paths", places in your website that people go to and then wander off because they don't have any more interesting links to hit. It can also give you more accurate counts of how many people have been to pages on your site. You could differentiate 50 unique people seeing your site from one person hitting the reload button 50 times.

Targeted Marketing. This is probably one of the main uses of cookies, they can be used to build up a profile of where you go what adverts you click on, this information is then used to target adverts at you, which they think are of interest, companies also use cookies to store which adverts have been displayed so the same advert does not get displayed twice. Doubleclick's use of cookies.

User ID's. In Internet Explorer the first part of the cookie is your windows log in name, It's not certain if this is passed on to the server.

How Do They Work A command line in the HTML of a document tell the browser to set a cookie of a certain name or value. Here is an example of some script used to set a cookie. Set-Cookie: NAME=VALUE; expir es=DATE; path=PATH; domain=DOMAIN_NAME; secure Cookies are usually run from CGI scripts, but they can also be set or read by Javascript.

Security? An HTTP Cookie cannot be used to get data from your hard drive, get your email address or steal sensitive information about your person. Early implementations of Java and JavaScript could allow people to do this but for the most part these security leaks have been plugged. But HTTP Cookie can be used to track where you travel over a particular site, This site tracking can be easily done without using cookies as well, using cookies just makes the tracking data a little more consistent. If you want to disallow cookies you can do so with version 3.0 or greater of Netscape. Go to the Options Menu Select the Network Preferences Menu Item From the window that appears Select Protocols Locate the Section Show an Alert Before Check the box labeled Accepting a Cookie From now on you will get an Alert box telling you that a server is trying to set a cookie at your browser. It will tell you what the cookie value is and how long it will last before it is deleted.

The Dark Side

Find out how you are traced while surfing on the Web

Using Find File, look for a file called cookies.txt (or MagicCookie if you have a Mac machine). Using a text editor, open the file and take a look. If you've been doing any browsing, the odds are about 80/20 that you'll find a cookie in there from someone called "doubleclick.net".

If you're like me, you never went to a site called "doubleclick". So how did they give you a cookie? After all, the idea of the cookie, according to the specs published by Netscape, is to make a more efficient connection between the server the delivers the cookie and the client machine which receives it. But we have never connected to "doubleclick".

Close MagicCookie, connect to the Internet, and jump to www.doubleclick.net Read all about how they are going to make money giving us cookies we don't know about, collecting data on all World Wide Web users, and delivering targeted REAL TIME marketing based on our cookies and our profiles. Pay special attention to the information at:advertising/howads.htm You'll see that the folks at "doubleclick" make the point that this entire transaction (between their server and your machine) is transparent to the user. In plain English, that means you'll never know what hit you. So what's happening is, subscribers to the doubleclick service put a "cookie request" on their home page for the DoubleClick Cookie.

When you hit such a site, it requests the cookie and take a look to see who you are, and any other information in your cookie file. It then sends a request to "doubleclick" with your ID, requesting all available marketing information about you. (They're very coy about where this information comes from, but it seems clear that at least some of it comes from your record of hitting "doubleclick" enabled sites.) You then receive specially targetted marketing banners from the site. In other words, if Helmut Newton and I log on to the same site at the exact same time, I'll see ads for wetsuits and basketballs, and Helmut will see ads for cameras. If you log in to a "doubleclick" enabled site, and it sends a request for your "doubleclick" cookie, and you don't have one, why each and every one of those sites will hand you a "doubleclick" cookie. Neat, huh? And you can bet they're going to be rolling in the cookie dough.

The main concern is that all this is done without anyone's knowledge. Some people may find the gathering of any information invasive to their privacy, but to the average level headed personal, the use of this information is harmless in itself as long as you know the limitations of these networks, who is collecting what information and for what purpose. On the other hand, what right should anyone have to collect information about me without my knowledge, and why should they break my right to privacy, you have to find the right balance between these views. One of the main issues is awareness.

So much for making the "client-server negotiation more efficient", whatever your view on tracking, the cookie protocol has certainly been manipulated for this use, against its original intent. Note that recent versions of Netscape have an option to show an alert before accepting a cookie and they also allow you to block cookies completely, see the Version 4 update and the Stopping Cookies page for more detailed information.

This is what other surfers did to work around Cookies

A suggested way to handle this was to delete the file and then replace it with a write-protected, zero-length file of the same name. It's not my suggestion (and I don't remember who did suggested it) but I did that on my system and that same zero-length, write protected file is still there. I surf to literally hundreds of WWW pages per month and if any of them handed me a "cookie", it sure didn't take. I can't provide a guarantee that this will prevent someone from handing you a "cookie" but if they do it will be very obvious by the non-zero length file size.

In Internet Explorer

Actually, if you want to keep cookies but want rid of the double-click place and other future invasions in the future, try this: Internet Explorer 3.0 no longer has a single cookies.txt it has a folder in the windows directory with lots of individual txt file inside. Find the double-click one and corrupt it so that double-click recognizes and doesn't replace it but it gives it no information. Then lock the file.

In Netscape

I have found a way to protect myself from the "Cookie Monster". My cookies.txt and netscape.hst files are set to 0 (zero) bytes and are attributed as system, hidden, and read only. This seems to work very well in Netscape Navigator 2.02 (32 bit). You can do the same thing, if you choose. There seems to be a slight problem in some of the sites that will allow you to configure them to your preferences, but I'll trade security for convenience any day. I use an app from Privnet called Internet Fast Forward. It will block out cookies (you can also filter them selectively... let certain cookies for site preferences through, block all others), ad images, images larger than a certain size in KB, images that you select. It's currently in beta, but is a very good app.