|
Who stole the cookies?
Nakul Goyal
INTERNET
cookies are incredibly simple, but they are one of those things that
have taken on a life of their own. Cookies started receiving
tremendous media attention starting February 2000 because of the
Internet privacy concerns. The debate still rages on.
Cookies provide
capabilities that make the Web much easier to navigate. The designers
of almost every major site use them because they provide a better
user-experience.
What is a cookie
Cookie is the message
given to a Web browser by a Web server. The browser stores the message
in a text file called cookie.txt. The message is then sent back to the
server each time the browser requests a page from the server.
When you enter a Web
site using cookies, you may be asked to fill out a form providing such
information as your name and interests. This information is packaged
into a cookie and sent to your Web browser that stores it for later
use. The next time you go to the same Web site, your browser will send
the cookie to the Web server. The server can use this information to
present you with custom Web pages. So, for example, instead of seeing
just a generic welcome page you might see a welcome page with your
name on it. The name cookie derives from Unix objects called magic cookies. These
are tokens that are attached to a user or program and change depending
on the areas entered by the user or program. Cookies are also sometimes
called persistent cookies because they typically stay in the browser for
long periods of time. If you use Microsoft's Internet Explorer to browse
the Web, you can see all cookies that are stored on your machine. The
most common place for them to reside is in a directory called c:\
windows\ cookies. You can see in the directory that each of these files
is a simple, normal text file. You can see which Web site placed the
file on your machine by looking at the file name (the information is
also stored inside the file). You can open each file up by clicking on
it.
For example, if you
visit a site goto.com, the site places a cookie on machine. The cookie
file for goto.com contains the following information:UserID
A9A3BECE0563982D www.goto.com/
What goto.com has done
is that it stores a single name-value pair. The name of the pair is User
ID, and the value is A9A3BECE0563982D. The first time a surfer visits
goto.com, the site assigns a unique ID value and stores it on machine.
(Note that there probably are several other values stored in the file
after the three shown above. That is housekeeping information for the
browser.)
Amazon.com stores a bit
more information on the machine. It stores a main user ID, an ID for
each session, and the time the session starts on the machine (as well as
an x-main value, which could be anything).
Limitations
Cookies certainly make
a lot of things possible that would have been impossible otherwise. Here
are several things that make cookies imperfect.
1. Any machine that is
used in a public area and many machines used in an office environment or
at home are shared by multiple persons. Let's say that you use a public
machine to purchase something from an online store. The store will leave
a cookie on the machine and someone could later try to purchase
something from the store using your account. Stores usually post large
warnings about this problem.
2. When you erase all
temporary Internet files on your machine you lose all of your cookie
files. This tends to skew the site's record of new versus return
visitors and also can make it hard to recover previously stored
preferences.
3. People often use
more than one machine during the day. This would mean that there would
be three unique cookie files on all machines. It can be annoying to set
preferences time and again.
Why the ruckus?
Let's say that you
purchase something from a traditional mail order catalogue. The
catalogue company has the name, address and phone number from your order
and also knows what items you purchased. It can sell this information to
others who might want to sell similar products to you. That is the fuel
that makes telemarketing and junk mail possible.
Then there are certain
infrastructure providers that can actually create cookies, which are
visible on multiple sites. They can threaten to use it in the way they
like. DoubleClick is the most famous example of this. Many companies use
DoubleClick to serve ad banners on their sites. The portal can track
movements across multiple sites. It can potentially see the search
strings that you type into search engines (more due to the way some
search engines implement their systems and not because anything sinister
is intended). Because it can gather so much information about the user
from multiple sites, DoubleClick can form very rich profiles. But these
are anonymous.
DoubleClick threatened to link these
rich anonymous profiles back to name and address information,
personalise them, and then sell the data. That began to look very much
like spying to most persons and that is what caused the uproar.
Nakul Goyal
nakul@cwsteam.com | 
