The Fear Of Cookies

"The vulnerability of systems to damage or snooping by using web browser cookies is essentially nonexistent." -- U.S. Dept of Energy

Ah, what's a little cookie among friends? It's odd, but few things seem to stir up more passion among the non-technical computer users than these small text files. Ask just about anyone about cookies and they will be happy to relate their dangers and why they are the instruments of evil in the universe!

So what is a cookie, anyway? Does it need to be eradicated? 

Well, actually, a cookie is simply a small text file that a web site uses to store data. You see, the problem with the internet is that does not maintain something called "session state". This simply means there is no built in way to connect two different browser screens together. For example, you have a screen where you order something and another where you enter your credit card data. There is no native, easy way to ensure that the data you enter on the two screens is related.

Except for cookies (technically there are a few other ways to do it, but let's keep this simple). What happens is any data that you enter into a browser is stored locally on your computer (or a unique value is stored allowing the host computer to look up your data for you). That's literally all that a cookie is - a place to store some data on your computer.

So what's the problem? Well, it actually comes from several sources:

  1. Companies like Doubleclick use cookies to build up a massive database describing your personal buying and surfing habits. This is very dangerous as it invades your privacy and gives companies (and the government) more data about you than you would probably like.
  2. Banner ads and other elements on a browser window can have cookies of their own. This means that you may actually get dozens of cookies planted on your system just from visiting a single web site.
  3. There is the possibility that browser bugs exist which allow other web sites to view cookies that they did not create (normally, the only site which can view a cookie is the same site that created it).

So what are you to do? Personally, I am not fond of the Internet Explorer and Netscape cookie controls (basically all or none), so I use a third party product called Norton Internet Security to selectively turn on or off cookies on a web site or domain basis.

This allows me to decide if I want a cookie planted on my system or not. So when I visit a site which allows my data to be saved, making it more convenient for me, I will allow the cookie. However, when the nasty Doubleclick banners set a cookie, I disable it and never hear from them again.

This gives me the choice - it's a little more work, but I would rather spend some extra time and do exactly what I want instead of depending upon a company like Doubleclick to protect my private information. 

Additional Information

  • Cookies Cookies (under names like magic cookies, persistent cookies, and just plain cookies) are basically harmless, but many surfers are very much afraid of them for various reasons. Companies like Doubleclick use them to track your surfing habits. These can be a great way to personalize your experience on a web site, though, and sometimes a web site simply will not work. 

  • HTML tag reference guide - <META http-equiv set-cookie>