Monday, June 25, 2001		Article

INTERNET cookies are incredibly simple, but they are one of those things that have taken on a life of their own. Cookies started receiving tremendous media attention starting February 2000 because of the Internet privacy concerns. The debate still rages on.

Cookies provide capabilities that make the Web much easier to navigate. The designers of almost every major site use them because they provide a better user-experience.

What is a cookie

Cookie is the message given to a Web browser by a Web server. The browser stores the message in a text file called cookie.txt. The message is then sent back to the server each time the browser requests a page from the server.

When you enter a Web site using cookies, you may be asked to fill out a form providing such information as your name and interests. This information is packaged into a cookie and sent to your Web browser that stores it for later use. The next time you go to the same Web site, your browser will send the cookie to the Web server. The server can use this information to present you with custom Web pages. So, for example, instead of seeing just a generic welcome page you might see a welcome page with your name on it.

The name cookie derives from Unix objects called magic cookies. These are tokens that are attached to a user or program and change depending on the areas entered by the user or program. Cookies are also sometimes called persistent cookies because they typically stay in the browser for long periods of time. If you use Microsoft's Internet Explorer to browse the Web, you can see all cookies that are stored on your machine. The most common place for them to reside is in a directory called c:\ windows\ cookies. You can see in the directory that each of these files is a simple, normal text file. You can see which Web site placed the file on your machine by looking at the file name (the information is also stored inside the file). You can open each file up by clicking on it.

For example, if you visit a site goto.com, the site places a cookie on machine. The cookie file for goto.com contains the following information:UserID A9A3BECE0563982D www.goto.com/

What goto.com has done is that it stores a single name-value pair. The name of the pair is User ID, and the value is A9A3BECE0563982D. The first time a surfer visits goto.com, the site assigns a unique ID value and stores it on machine. (Note that there probably are several other values stored in the file after the three shown above. That is housekeeping information for the browser.)

Amazon.com stores a bit more information on the machine. It stores a main user ID, an ID for each session, and the time the session starts on the machine (as well as an x-main value, which could be anything).

Limitations

Cookies certainly make a lot of things possible that would have been impossible otherwise. Here are several things that make cookies imperfect.

1. Any machine that is used in a public area and many machines used in an office environment or at home are shared by multiple persons. Let's say that you use a public machine to purchase something from an online store. The store will leave a cookie on the machine and someone could later try to purchase something from the store using your account. Stores usually post large warnings about this problem.

2. When you erase all temporary Internet files on your machine you lose all of your cookie files. This tends to skew the site's record of new versus return visitors and also can make it hard to recover previously stored preferences.

3. People often use more than one machine during the day. This would mean that there would be three unique cookie files on all machines. It can be annoying to set preferences time and again.

Why the ruckus?

Let's say that you purchase something from a traditional mail order catalogue. The catalogue company has the name, address and phone number from your order and also knows what items you purchased. It can sell this information to others who might want to sell similar products to you. That is the fuel that makes telemarketing and junk mail possible.

Then there are certain infrastructure providers that can actually create cookies, which are visible on multiple sites. They can threaten to use it in the way they like. DoubleClick is the most famous example of this. Many companies use DoubleClick to serve ad banners on their sites. The portal can track movements across multiple sites. It can potentially see the search strings that you type into search engines (more due to the way some search engines implement their systems and not because anything sinister is intended). Because it can gather so much information about the user from multiple sites, DoubleClick can form very rich profiles. But these are anonymous.

DoubleClick threatened to link these rich anonymous profiles back to name and address information, personalise them, and then sell the data. That began to look very much like spying to most persons and that is what caused the uproar.