Cookies: That's the way your privacy crumbles
September 11, 1998
by Roberta Furger
(IDG) -- Not long ago, I had what could only be described as a life-changing experience. Cyberlife, that is.
It all started when I bought my first book from Amazon.com, the savvy bookstore that pioneered online shopping. I was short on time, so rather than making the trek to the neighborhood bookstore, I decided to give Amazon.com a try. In just a few minutes, I'd found the book and placed my order. It arrived two days later, thanks to a complimentary upgrade to priority shipping.
With that single transaction, I became an evangelist for the wonders of online shopping. In no time, I was back at Amazon.com, ready to place another order. That's when I discovered I had unwittingly received more than I paid for when I bought that first book.
As most larger online merchants do, Amazon.com had left behind a browser cookie or two on my hard drive, the effects of which became clear during my next visit to the site. Instead of the anonymous browsing I'd grown accustomed to at online stores, this time I was greeted with, "Welcome back, Roberta Furger!" and presented with a list of recommended books, based on my earlier order.
Now, I'm all for personalized service (I love it when the attendant at the gas station remembers my name), but this was eerie. I'd only bought one book from Amazon.com, and voilą! --my name and my taste in books were automatically called up the next time I visited the site.
Amazon.com knew who I was thanks to selectively placed cookies (text strings it planted in a file on my hard drive and used to reference specific information in the site's database).
We know who you are
Suddenly, the esoteric discussions I'd long ignored about Internet cookies took on a whole new -- and highly personal - -meaning. Intrigued and disturbed by the ease with which cookies can be used to track consumer behavior, I did what any good reporter would do: I started researching the subject, exploring both the advantages and the downsides of cookies. And believe me, there are both.
First I looked at my cookie.txt file in Netscape Communicator 4.0 (Internet Explorer users would check the Cookies folder in the Windows directory). And I found dozens of entries made by sites ranging from Amazon.com to Yahoo to Major League Baseball. Like most users (I suspect), I hadn't customized my browser's security preferences to warn me before it accepted cookies. So for months the file had grown, as each new site I visited added its own entries.
To my surprise, some of the cookies were from sites that I had never visited or even heard of. For instance, I'd never browsed the Barnes & Noble online bookstore, and yet there was an entry for the site in my cookie file. And what about the entries for Focalpoint, DoubleClick, and AdForce? Clearly, it was time to learn a little more about cookies and the companies that were freely placing them on my hard drive.
To keep closer track of the accumulation of entries, I changed my preferences in the browser's security options to notify me before accepting any cookies. I then deleted the contents of the Netscape Navigator cookie.txt file and started surfing to see what would turn up.
Just about every site I visited wanted to place at least one cookie on my hard drive, and some sites wanted to drop in several. In most instances, I was able to get into a site even if I refused to accept a cookie, but not without perseverance. For example, I had to refuse the Dell Computer site's remarkably insistent cookie requests about 15 times before I could get into it.
But you don't have to visit a company's Web site to wind up with one of its cookies. It turns out I got that Barnes & Noble cookie courtesy of a visit to the Book Review section on the New York Times site. Along with it was one from www. focalink.com, the URL for a Web-based marketing firm called AdKnowledge.
Similarly, a visit to the automobile section of the Times site spawned a cookie from Imigis, another Web-based advertising agency, and a trip to the travel section of Business Week Online yielded a cookie from Trips.com, an online travel agency specializing in business travel. Even the PC World Online site will deliver cookies from its advertisers.
How the cookies crumble
Although the rules of the Web's HyperText Transfer Protocol (better known as HTTP) state that one site cannot deposit a cookie for another, Internet marketing firm DoubleClick came up with a clever way to circumvent this provision.
David Whalen, creator of the FAQ file on Cookie Central explains it this way: "As you load a page from a given site (like AltaVista, for example) there are pieces of that page (specifically, the banner advertisements) that come from other sites. Since your browser actually connects to DoubleClick to get the ads on the page, DoubleClick can send you a cookie -- even though you're on AltaVista."
And as my little experiment illustrated, DoubleClick isn't the only online business that's taking advantage of this loophole. Although some cookies are temporary -- expiring at the end of the day or the end of a visit -- others are what are called "persistent" cookies, staying on your hard drive for months or even years. Such cookies may be used by an online merchant to call up the items in its database that refer to you -- hence, Amazon.com's ability to customize my visit to the site or offer one-click ordering.
Some consumers object to cookies being used for any and all forms of consumer tracking. I'm inclined to be more flexible on the practice. I enjoy the convenience and customization that customer tracking can bring, as long as I have willingly given the site information about myself for its purposes alone.
On the other hand, I'm offended when cookies are used for tracking by companies I've never done business with -- without my permission or knowledge. I loathe the covert capability that tracking cookies give an advertising or marketing firm to tailor ad banners to fit my interests, and I detest even more the notion that third parties might be compiling information from several sites to develop a profile of Roberta Furger.
That's why I've opted for a longer-term solution to the unwanted-cookie problem: anticookie software. There are numerous programs you can select from. (For more information on anticookie software, see "The Defenders," link below) I chose Cookie Pal, an easy-to-use filtering shareware program that goes beyond the rudimentary notification features in either Netscape Communicator or Internet Explorer. Cookie Pal keeps track of cookies, summarizing after each session, for example, the number of accepted and rejected cookies; it also lets me develop lists of sites from which I will always -- or never -- accept cookies.
Each time I visit a new site, the software notifies me of a cookie request. Like the browser itself, Cookie Pal gives me the option of accepting or denying the individual request, but Cookie Pal also allows me to add the site to my permanent list -- and thereby eliminate the multiple queries whenever I visit a site. Do I enjoy adding cookie management to my already long list of computer-related chores? Not a chance. But considering the alternatives, it's a price I'm willing to pay for a modicum of privacy.
Mind your cookies
Want to take control of your cookies? Here are some tips on how to start:
Roberta Furger is a contributing editor for PC World and author of Does Jane Compute? Preserving Our Daughters' Place in the Cyber Revolution (Warner Books, 1998).
Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.