From...

September 11, 1998
Web posted at 1:45 PM EDT

by Roberta Furger

(IDG) -- Not long ago, I had what could only be described as a life-changing experience. Cyberlife, that is.

It all started when I bought my first book from Amazon.com, the savvy bookstore that pioneered online shopping. I was short on time, so rather than making the trek to the neighborhood bookstore, I decided to give Amazon.com a try. In just a few minutes, I'd found the book and placed my order. It arrived two days later, thanks to a complimentary upgrade to priority shipping.

With that single transaction, I became an evangelist for the wonders of online shopping. In no time, I was back at Amazon.com, ready to place another order. That's when I discovered I had unwittingly received more than I paid for when I bought that first book.

As most larger online merchants do, Amazon.com had left behind a browser cookie or two on my hard drive, the effects of which became clear during my next visit to the site. Instead of the anonymous browsing I'd grown accustomed to at online stores, this time I was greeted with, "Welcome back, Roberta Furger!" and presented with a list of recommended books, based on my earlier order.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
PC World home page
FileWorld find free software fast
Make your PC work harder with these tips
Reviews & in-depth info at IDG.net
		IDG.net's desktop PC page
		IDG.net's portable PC page
IDG.net's Windows software page
IDG.net's personal news page
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for computer geniuses (& dummies too)
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

Now, I'm all for personalized service (I love it when the attendant at the gas station remembers my name), but this was eerie. I'd only bought one book from Amazon.com, and voilà! --my name and my taste in books were automatically called up the next time I visited the site.

Amazon.com knew who I was thanks to selectively placed cookies (text strings it planted in a file on my hard drive and used to reference specific information in the site's database).

We know who you are

Suddenly, the esoteric discussions I'd long ignored about Internet cookies took on a whole new -- and highly personal - -meaning. Intrigued and disturbed by the ease with which cookies can be used to track consumer behavior, I did what any good reporter would do: I started researching the subject, exploring both the advantages and the downsides of cookies. And believe me, there are both.

First I looked at my cookie.txt file in Netscape Communicator 4.0 (Internet Explorer users would check the Cookies folder in the Windows directory). And I found dozens of entries made by sites ranging from Amazon.com to Yahoo to Major League Baseball. Like most users (I suspect), I hadn't customized my browser's security preferences to warn me before it accepted cookies. So for months the file had grown, as each new site I visited added its own entries.

To my surprise, some of the cookies were from sites that I had never visited or even heard of. For instance, I'd never browsed the Barnes & Noble online bookstore, and yet there was an entry for the site in my cookie file. And what about the entries for Focalpoint, DoubleClick, and AdForce? Clearly, it was time to learn a little more about cookies and the companies that were freely placing them on my hard drive.

To keep closer track of the accumulation of entries, I changed my preferences in the browser's security options to notify me before accepting any cookies. I then deleted the contents of the Netscape Navigator cookie.txt file and started surfing to see what would turn up.

Just about every site I visited wanted to place at least one cookie on my hard drive, and some sites wanted to drop in several. In most instances, I was able to get into a site even if I refused to accept a cookie, but not without perseverance. For example, I had to refuse the Dell Computer site's remarkably insistent cookie requests about 15 times before I could get into it.

But you don't have to visit a company's Web site to wind up with one of its cookies. It turns out I got that Barnes & Noble cookie courtesy of a visit to the Book Review section on the New York Times site. Along with it was one from www. focalink.com, the URL for a Web-based marketing firm called AdKnowledge.

Similarly, a visit to the automobile section of the Times site spawned a cookie from Imigis, another Web-based advertising agency, and a trip to the travel section of Business Week Online yielded a cookie from Trips.com, an online travel agency specializing in business travel. Even the PC World Online site will deliver cookies from its advertisers.

How the cookies crumble

Although the rules of the Web's HyperText Transfer Protocol (better known as HTTP) state that one site cannot deposit a cookie for another, Internet marketing firm DoubleClick came up with a clever way to circumvent this provision.

David Whalen, creator of the FAQ file on Cookie Central explains it this way: "As you load a page from a given site (like AltaVista, for example) there are pieces of that page (specifically, the banner advertisements) that come from other sites. Since your browser actually connects to DoubleClick to get the ads on the page, DoubleClick can send you a cookie -- even though you're on AltaVista."

And as my little experiment illustrated, DoubleClick isn't the only online business that's taking advantage of this loophole. Although some cookies are temporary -- expiring at the end of the day or the end of a visit -- others are what are called "persistent" cookies, staying on your hard drive for months or even years. Such cookies may be used by an online merchant to call up the items in its database that refer to you -- hence, Amazon.com's ability to customize my visit to the site or offer one-click ordering.

Some consumers object to cookies being used for any and all forms of consumer tracking. I'm inclined to be more flexible on the practice. I enjoy the convenience and customization that customer tracking can bring, as long as I have willingly given the site information about myself for its purposes alone.

On the other hand, I'm offended when cookies are used for tracking by companies I've never done business with -- without my permission or knowledge. I loathe the covert capability that tracking cookies give an advertising or marketing firm to tailor ad banners to fit my interests, and I detest even more the notion that third parties might be compiling information from several sites to develop a profile of Roberta Furger.

That's why I've opted for a longer-term solution to the unwanted-cookie problem: anticookie software. There are numerous programs you can select from. (For more information on anticookie software, see "The Defenders," link below) I chose Cookie Pal, an easy-to-use filtering shareware program that goes beyond the rudimentary notification features in either Netscape Communicator or Internet Explorer. Cookie Pal keeps track of cookies, summarizing after each session, for example, the number of accepted and rejected cookies; it also lets me develop lists of sites from which I will always -- or never -- accept cookies.

Each time I visit a new site, the software notifies me of a cookie request. Like the browser itself, Cookie Pal gives me the option of accepting or denying the individual request, but Cookie Pal also allows me to add the site to my permanent list -- and thereby eliminate the multiple queries whenever I visit a site. Do I enjoy adding cookie management to my already long list of computer-related chores? Not a chance. But considering the alternatives, it's a price I'm willing to pay for a modicum of privacy.

Mind your cookies

Want to take control of your cookies? Here are some tips on how to start:

• SET YOUR BROWSER to warn you before accepting cookies. In Navigator, go to Edit, Preferences, Advanced and select your preferences. In Internet Explorer, go to View, Options, Advanced.

• EDUCATE YOURSELF. One of the best sources for cookie information is Cookie Central, which includes a primer on how cookies work, a step-by-step guide to reading your cookie file, and an excellent frequently-asked-questions section.

• BE SELECTIVE about the information you volunteer about yourself. Cookies themselves don't track people, they just point to the site's database in which the information resides. Share only necessary information and only with sites that you intend to frequent.

Roberta Furger is a contributing editor for PC World and author of Does Jane Compute? Preserving Our Daughters' Place in the Cyber Revolution (Warner Books, 1998).

Related stories: It pays to be paranoid online - August 6, 1998 The long, strong arm of the NSA - July 27, 1998 CNN IDG.net - Is there a privacy double standard on the Web? - June 17, 1998

Latest Headlines Pakistan begins troop withdrawal from Indian border White-collar workers in Jakarta join anti-Habibie chorus Veteran politicians hand over EU reform blueprint Klan rally in New York fizzles under counterprotests Falwell hosts summit with gay minister Critics assail plan to give women addicts money to use birth control Chemical that could power microbes is found at Jupiter moon Texas downs No. 3 Huskers, continues hex Illinois stuns No. 9 Michigan 35-29 Agilent plans $1.1 B IPO Agents boycott United for slashing commissions Advocates assail legislation encouraging mergers Today on CNN

Related IDG.net stories: Note: Pages will open in a new browser window The Defenders (PC World Online) Cookies: There are good uses, too (PC World Online) Goodbye to free Web content? (PC World Online) CIAC crumbles cookie critics (Computerworld) Download useful Internet tools from FileWorld (PC World Online) Related sites: Cookie Central DoubleClick External sites are not endorsed by CNN Interactive.