Cookie is the deceptively sweet name for a
small file that may be placed on your computers hard drive, often without your
knowledge, when you visit a web site. The cookie is a unique identifier that enables the
site to which you are linked to recognize that you have been there before. It enables the
site to which you are linked to keep track of you as you go to different pages on that
site, or to other sites, and to retrieve from its database any record of your previous
visit or visits to the site.
Cookies are a reminder that surfing the web
is not an anonymous activity. Your movements in cyberspace can be and often are tracked.
Cookies serve legitimate purposes, but they
can also be misused to invade your privacy. Contrary to some popular rumor and myth,
cookies do not damage your computer or your files in any way. They also do not make
information on your computer more vulnerable to compromise.1
How Cookies Are Used
Here are some of the ways in which cookies
- When you log on to many Internet shopping
sites, you are sent a cookie with the number of a shopping cart. Each time you select an
item to buy, that item can be added to your shopping cart. When you are done shopping, the
checkout page lists all the items in the shopping cart associated with that cookie.
Without the cookie, the shopping site to which you are linked could not keep track of all
your purchases. You would have to keep track of the items yourself and type their names
and/or numbers into the checkout page, or else buy each item one at a time. If the only
purpose of the cookie is to keep track of your shopping cart, the cookie is automatically
deleted as soon as you leave the site. As noted below, however, there are other uses of
cookies for online commerce that involve leaving the cookie on your hard drive for a
- Suppose you buy a book from one of the
prominent Internet booksellers. When you go to that site again, you will be greeted by
name. The books that are featured prominently on the booksellers home page will be
selected to match your interests based on what is known about you from your previous
purchases. And you may have the convenience of an expedited checkout procedure that does
not require you to give your address or credit card number, as the site already has that
information. The cookie that was put on your hard drive during your first visit to the
site, and which remains on your site until some specified expiration date (often one
year), is what makes this possible. It enables the bookseller to recognize you as a
previous visitor, automatically access the database record of your previous visit or
visits, and to customize the site to best meet your needs.
- Suppose you want to read one of the major
national newspapers online and use its archives for research. You are required to become a
registered user of the site. To register, you provide your user name and password and are
then required to give your age, gender, and zip code. You are also asked for your income,
but this is optional. The next time you visit the site you do not need to log in, as you
are recognized automatically as a registered user. The newspapers computer system
tracks electronically all your moves while on its site. Based on what the newspapers
computer knows about your demographics and your interests, you will be shown those
advertisements to which you are most likely to respond and not shown ads in which you are
unlikely to be interested. Every time you click on an ad, this will be recorded in a
database. Using the records of ad clicks and demographic data for thousands of registered
users, the newspaper analyzes the effectiveness of each online advertisement. All this is
made possible by the cookie placed on your hard drive when you registered at this site.
- A major online advertising agency places
online advertising for hundreds of clients on hundreds of different web sites. When you go
to a web page with one of its ads, the ad comes directly from the advertising firm and is
not merged with the rest of the page until it arrives at your computer. It takes the
advertising agencys computer less than 20 milliseconds to read the cookie on your
hard drive, access information on you in its data base, and decide which of its many ads
to insert on the page you requested. It sends a cookie along with each ad, and the
previous cookie on your hard drive is sent back to the agency to update its database. In
order to build up your interest profile, a database in the agencys computer
maintains records of which sites you have visited, which ads you were exposed to, how
frequently you were exposed to them, whether you clicked on the ad, and whether you
purchased anything as a result. The goal is to use your interest and demographic profile
to customize which ads you are shown in order to maximize the effectiveness of the
Cookies are controversial because they raise
privacy issues. They are put on your computer without your explicit approval and are used
to track where you go on the Internet. Most sites track your movements only within their
site, but online advertising agencies with multiple clients track your movements among all
their clients sites. When you register to use many sites and services you are
required to provide demographic information about yourself, often including your name, or
an e-mail address that can lead to identification of your name.
There is concern that dossiers of personal
information on individuals and their behavior in cyberspace could be compiled, sold to
advertisers or insurance companies, and used in ways that violate ones right to
privacy. Privacy advocates argue that online marketers should be kept out of the
"cookie jar," and they urge Internet surfers to "toss their cookies"
to protect themselves from the "Cookie Monster."
There is no question that cookies, and the
information they enable others to collect, could be misused. The open questions are: How
often is this information actually being misused? And how much of a threat does this
represent? Most advertisers comply with the Direct Marketing Associations Marketing
Online Privacy Principles. At least one major advertising agency specializing in Internet
advertising has voluntarily opened its practices and systems for third-party auditing.
Options for Dealing with
Netscape and Microsoft browsers offer users options for dealing with cookies. Depending
upon which browser you are using and how current it is, the controls for dealing with
cookies will usually be found on the Edit or View menu, under Options or Preferences. You
may then have to click on a tab called Advanced, Security, or Protocols. There are four
possible options, although all options are not offered by all browsers.
Accept All: This is
usually the default setting and means that all cookies are accepted.
- Accept only cookies that get sent back
to the originating server: This means you accept only temporary cookies that are
deleted as soon as you exit a site. They help the site keep track of your activities only
while you are connected to it. For example, such temporary cookies are needed if you want
to be able to put multiple purchases into a "shopping basket" as discussed
- Disable Cookies: Your
computer will not accept any cookies under any circumstances. You will need to turn
cookies back on if you want to use any online services that require them.
- Warn me before accepting a cookie:
Whenever a site to which you are connected tries to put a cookie on your hard drive, you
are warned and given the option of accepting or rejecting it. The down side of this is
that responding to all the warnings at a busy shopping site can become very tedious.
Several companies offer special software
packages that work with your browser and enable you to designate which sites can send you
a cookie and which can not.
If you want to look at your cookies, the most
common place for them to be located is in a directory subordinate to the directory where
your browser is located. However, they may be in several different locations, so the most
efficient way to find them is to use the Find command and type in cookies. Cookies are
ordinary txt files, so they need to be read with a program such as Wordpad or Notepad.
You may delete all cookies from your computer
if you wish, but be sure to close your browser first. Cookies are held in memory while the
browser is open, so deletion while the browser is open will be ineffective. Remember,
however, that deleting all your cookies will cause you to start from scratch with every
web site you normally visit. It may be preferable to delete only those cookies you
dont want or dont think you need.
1. U.S. Department
of Energy, Computer Incident Advisory Capability (CIAC), I-034: Internet Cookies,
March 12, 1998. Barry D. Bowen, "How Popular Sites Use Cookie Technology," Netscape
World, April 1997.