The Cookie Monster: Privacy Pig or Shopping Shill?

I originally wrote this essay back in July 1996. It is still relevant in 1999.

It is time to talk about cookies, and I don't mean the stuff that used to come from my namesake's stores. With stories by Brett Glass in Infoworld and on National Public Radio, cookies have become a potential land-mine.

A cookie is a text file that stores persistent information about your browsing lifestyle so that a web server can recognize you when you return to its site: typically a password, a URL or answers to a form that you've filled in. Why is this necessary? Because the web is connectionless -- just because you go from page 1 on my site to page 2, doesn't mean my server knows you any better. There should be no mystery about cookies: open up the file on your hard disk (provided you are using a browser such as Netscape or Explorer that supports this feature) and see for yourself what is there. It changes as you surf around the web from day to day, of course. Until recently, you didn't have any control over what gets stored in your cookie file, but Netscape is including some controls over that in v3 of their browser and there are several "cookie killers" that wipe the file clean on various operating systems (or you can delete it yourself manually).

DoubleClick.Net along with other web-based ad services use cookies to keep track of who you are -- again, this ensures that you see different ads and ads that have been targeted to you. Is this bad? I don't think so: do people complain when they see Newsweek's regional ad pages in their copy? But I guess when Newsweek writes information to my hard disk, then I'll think twice. We can't have the web both ways: it is connectionless and there isn't too much we can do about that, short of changing HTTP itself.

Why get all worked up about cookies? Well, privacy advocates feel that cookies can tell too much information about you and don't want this information broadcast all over the net. The only problem is that there is lots more information outside of your cookie available to web servers, such as your IP address and email address (Netscape and Explorer, for example, have places where you can fill in your email address to respond to mailto's. Some servers read this information and store it for future reference.) If you are interested in finding out what servers can find out about you, go to two of the better cookie pages: Cookie Central or Andy Kington's Netscape HTTP Cookie Notes and you'll see some links and more complete explanations of cookies, along with links to cloak your surfing trail if that is a concern.

David Strom
+1 516 944 3407
Link to this essay on our site
Back issues of Web Informant essays