How It Works: CookiesWe explain how the controversial files work, where you'll find them,
and what they can do for and to you.Cookie: a data file written to your hard drive by a
Web server that identifies you to a site.
Helps a Web site
"remember" who you are and set preferences accordingly when you return.
Eliminates the need to repeatedly fill out order forms or re-register on Web
sites.
Allows Web sites or advertising companies to track your Web
surfing behavior or patterns
It's nice to be recognized. On the Web, sites can greet you like an old
friend thanks to cookies. Beginning with Navigator
3.0 and Internet Explorer 3.0, browsers have worked with Web sites to record
these small bits of identifying information on your hard drive, which the
sites can use to track your activities and recognize you when you return.
Cookies are now ubiquitous on the Web, but users, businesses, and consumer
groups debate the nature of these tiny files: For some, they promise a more
user-friendly Web; for others, they pose a privacy threat.
When you visit a site that sets cookies, commands embedded in the page
cause your browser to contact the site's server. The server sends information
back to the browser, where it's stored in a particular place on your hard
drive. Different browsers store cookies in different places: Netscape Navigator
maintains a file called cookies.txt that contains all cookie
records from every site that creates a cookie. On a PC running Windows, Internet
Explorer stores its cookies in the C:\windows\cookies directory. When you
return to a site, the server queries your browser to find the cookie it created
before, and the browser sends the cookie's information in response.
Cookies come in two varieties: Session cookies and persistent cookies.
Session cookies clear out after you close the browser window (ending the session)
and often are used by "shopping carts" at online stores to keep track of items
you want to buy. Persistent cookies are set by news sites, banner ad companies,
and others who want to know when you return to a site. These files reside
on your hard drive after you leave the site.
Both types of cookie files contain the URL or domain name of the site you
visited and some internal codes that indicate which pages you visited. Persistent
cookies add the last time you visited the site and how many times you've been
there. They usually contain a code that becomes your unique identifier, which
lets a site know that you've been there before. Some cookies can contain personal
information, such as a name or e-mail address, but only if you've given that
information to the Web site. Contrary to popular rumor, cookies can't "steal"
your name or e-mail address if you don't give it out.
Caught With a Hand in the Cookie Jar
If you surf the Web, you likely have plenty of cookies on your hard drive.
Nearly all commercial Web sites (including PC World.com) set cookies, as do
noncommercial sites that carry advertising. Probably the only sites that won't
prompt your browser for cookies are personal home pages that don't carry ads
and originate on local or regional Internet service provider servers. Cookies
are often fewer than 100 bytes, so they won't affect your browsing speed.
But because browsers are set to accept cookies by default, you may not know
one has been placed; if you are concerned about your privacy, you may want
to avoid sites that use them.
Cookies perform myriad functions for both Web surfers and Web sites. For
the user, they make the Web more convenient. Sites that require registration,
such as the New York Times'
site, place a cookie on your hard drive with your user name and password;
the cookie logs you in each time you visit. Personalized Web pages, such as My Yahoo, use cookies to customize the
page with news, stock quotes, and other information that you indicate you
want to see. Online stores use cookies to record purchases in electronic shopping
carts before you leave the site. Those sites may also use cookies to help
with order forms, so that the next time you buy something, the shipping and
billing information gets filled in automatically.
For businesses, cookies can play a role similar to that of a salesperson.
Some shopping sites, such as Amazon.com, tie your purchase history to your cookie. These sites can
make on-the-fly recommendations for new books or music based on your tastes,
thanks to a database they keep that includes your unique ID and purchase history.
The vast majority of Web sites (as well as advertisers) also set cookies to
track how many individual users visit the site. The resulting numbers are
now seen as a measure of how busy a site is.
Some consumer groups claim that cookies have a dark side: reduced user
privacy. Cookies track where you've been and what you've looked at on the
Web. A visit to a single site can result in several cookies, and not all of
the cookies report back directly to the site you are visiting: Some send the
information to the site's advertisers. Cookie Central, a clearinghouse for
cookie information, states that some Web advertising companies, including
FocaLink and DoubleClick, surreptitiously set cookies that report back directly
to them and keep track of your cookies with a database. By cross-referencing
various cookies they have on you, they can profile your interests, spending
habits, and lifestyle to target-market products to you. And as Net advertising
companies grow and buy out related firms--as DoubleClick recently did with
direct-marketing agency Abacus Direct--more people are growing concerned about
how information gathered through cookies will be used. Using data Abacus may
have on you, such as your name and address, DoubleClick could use its cookies,
which contain a record of your surfing habits, to create a profile of your
activities.
You do have a say in this: Browsers include features to block cookies.
Both Communicator and IE let you disable cookies completely or will prompt
you when a cookie is being set. Communicator includes an option to accept
only cookies that get sent back to the originating server. But because some
sites contain so many cookies, it's often not worth being notified: You could
spend a lot of time approving or denying cookie requests.
Instead of using your browser to block them, you can run utilities that
remove cookies from your hard drive, such as IEClean or NSClean, Cookie Crusher, and Cookie Cutter. For even more protection, sites such as The Rewebber and tools such as Zero Knowledge's Freedom mask your
identity while surfing, so even if a site places cookies on your hard drive,
it has no idea who you are.
