Understanding Cookies and Their Effect on Your Privacy

As you view Web content, software on the Internet is recording — and often sharing — information about you, including what sites you visit; what ads you click on and what you buy, view or listen to. It does that in large part by using cookies.

What's a Cookie?

A cookie is information (usually a small text file) that a Web site puts on your computer so that it can remember something about you at a later time (definition from SearchSoftwareQuality.com). They’re usually saved to your hard drive, though temporary cookies might reside in your computer’s system memory (also known as RAM). When you revisit the site that created the cookie, your browser sends it back along with the page request. The information in the cookie might remind the Web server about your preferences and configuration options for that site. If you logged in earlier, the cookie might contain an authentication token so you can get into your account without retyping the password. In these respects, cookies improve your browsing experience and save you time. However, Web sites also use cookies to improve their marketing efforts. By tracking your search terms, your browsing behavior and other information, Web sites can target ads better than they could otherwise.

Session Cookies vs. Persistent Cookies

Session cookies (also known as temporary cookies) are saved in system memory (RAM) and they disappear when you close your browser. Persistent cookies are saved to your hard drive for varying periods of time, depending on the expiration date set by the originating Web site. One year is usually the maximum. Persistent cookies that contain authentication tokens (tokens that let you log in to a site without entering your username and password) usually last two weeks at most.

Security and Privacy Concerns

Privacy and security experts worry about cookies for a few reasons. First, some privacy advocates object to any tracking of user behavior, especially when the user hasn’t given their explicit permission and the site in question is trying to make money off of what they know about you. This standard sets the bar pretty high, and most Internet users accept that sites will record and store some information about their behavior. First-party cookie is the technical term for a cookie that tracks your activity across a single Web site or a single domain (for example.cnn.com). In most cases, we visit these sites willingly.

Third-party cookies:

On the other hand, when you visit a site with ads on it (either text ads or graphic ads), those ads frequently come from servers owned and operated by a third-party advertising network such as DoubleClick or ValueClick. Some of these ad networks put cookies on your machine and then track your browsing behavior across multiple Web sites owned and operated by different organizations. As the ad network learns more about your habits and browsing patterns, they serve you ads related to your interests. Third-party cookies cause controversy because we often have no idea that we’re connecting to a ValueClick or DoubleClick server. If I go to Amazon.com and Amazon puts a cookie on my machine, I at least had some control over that transaction. Also, some folks object to one company storing so much information about their browsing habits. Therefore, they block all third-party cookies, using the steps described later in this article.

Hackers and cookies:

In most cases, your browser will only give a cookie (or the information it contains) back to the Web site that created it in the first place. However, under certain circumstances, hackers can circumvent these controls and intercept your cookies as they pass back and forth between your machine and the originating server. Also, hackers can use a technique known as cross-site scripting to trick your browser into forwarding a cookie to one of their machines.

To a large extent, preventing attacks such as these depends on the security put in place by the Web site administrator. You can’t force them to configure their sites responsibly. However, you can take a few steps to protect yourself. You’re most vulnerable to cookie-based attacks (and other exploits) when using an open, unencrypted wireless connection. Five Tips for Secure Wireless Web Surfing has some valuable tips in this regard. Also, wherever possible, use a Secure Sockets Layer (SSL) connection for sensitive transactions. When the Web address in your browser is preceded by https: instead of http, your connection is using SSL, which encrypts communication between your browser and the Web server. It’s used as a default setting on many sites. With other sites, you have to type in “https” before the address to let the server know that you want encryption. On some sites, such asGmail, there’s a setting for SSL and you can find it in your mail options and turn it on.

Managing Cookies

You have a few options for dealing with cookies. You can:

1. Ignore them altogether.
2. Ignore them as they accumulate and clear the cookie cache occasionally.
3. Allow all first-party cookies, block all third-party cookies and clear the cookie cache occasionally. We’ll explain how to block third-party cookies.

Technically, you can block all cookies, all the time, but this approach isn’t practical since so many sites rely on cookies for their basic functionality. You could also get selective and granular, blocking cookies at some sites and not others. However, this approach is also more trouble than it’s worth in my opinion. If you’re about to visit a site that makes you uncomfortable, most major browsers let you restrict cookies on a per-site basis.

Finding the Cookie Management Features in Your Browser

For most folks, the built-in browser options offer as much control as they need when it comes to blocking and erasing cookies:

• In Internet Explorer 6 or Internet Explorer 7, go to Tools → Internet Options → Privacy. Click the Advanced button for general cookie-related settings. To override your general settings, click the Sites button.
• In Firefox 2 or 3, go to Tools → Options. Click the Privacy tab. For fine-grained control, click the Exceptions button.
• In response to widespread privacy concerns, the major browser companies all have plans to include a “stealth mode” in their upcoming releases. Google has already implemented this in their new browser, Google Chrome. Mozilla will build a Privacy Mode into its browser beginning with Firefox 3.1, and Microsoft will do the same with Internet Explorer 8. With all of these, you launch a new window and the sites you visit there aren’t recorded in your browser’s history. In addition, any cookies you receive get erased when you close the window. However, the Web sites you visit can still save information about you on their servers.

Blocking Third-Party Cookies

Again, most modern Web browsers let you block all third-party cookies:

• In Internet Explorer 6 or Internet Explorer 7, go to Tools | Internet Options | Privacy. Click the Advanced button. Select the “Override Automatic Cookie Handling” check box. Under “Third Party Cookies,” choose Block.
• In Firefox 2, you have to alter your config file, as described in this Knowledge Base article.
• In Firefox 3, go to Tools | Options. Click the Privacy tab. Clear the “Accept third-party cookies” checkbox.

Clearing Out Old Cookies

Rather than obsess about each and every cookie that’s placed on their PC, most folks allow all first-party cookies and then clear them out every few months as part of their routine maintenance. Every browser lets you erase the stored cookies along with all of the other pieces of personal information (e.g., browsing history, temporary files, saved form information). In most cases, you’ll go to Tools → Options and proceed from there. If you want to save some cookies and erase others, third-party tools are often more flexible and easier to use. Cookie Monster will compare your cookie cache to your Favorites list so that you can keep the cookies from well-known sites and erase the rest. CCleaner is a free, all-in-one tune-up utility. Go to Options → Cookies, and you can protect the cookies that you trust while erasing the rest.

Other Tools for Managing Cookies

If you find that the options in your Web browser are too clunky or too limited, you can install a number of free tools and plug-ins that give you more control.

• Browser plug-ins:

  You’ll find dozens of cookie-related browser extensions at the Mozilla site. Some of the more popular ones areCookie Safe, Add N Edit Cookies and Cookie Monster. IECookiesView is a plug-in for Internet Explorer.

• Other utilities:

  CCleaner, Cookie Monster and other maintenance tools have cookie management features. Spyware removers such as Windows Defender, Spybot Search and Destroy and Ad-Aware 2007 Free will find and remove third-party tracking cookies. However, they usually don’t touch the less intrusive first-party variety.

Copyright © 2008 CompuMentor.