Hawai'i Tech
Web cookies

By Vicki Viotti
Advertiser Staff Writer

Advertiser photo illustration

They're called cookies, but searches of Web sites devoted to the subject failed to identify the reason they got that name. "Cookie" is a computer science term of long standing, predating the Internet era, used to describe a piece of data that one computer holds for another.

Programmers devising Web sites adopted the term and devised the sites to place cookies files on visitors' machines so that the programmers can log, essentially, how many people access the site's pages and how frequently.

Bob Engelbardt of Kailua, a retired GTE Hawaiian Tel executive now doing computer repair and consulting, comes down on the side of these little text files.

"Personally, I feel that cookies allow me to make better use the features that many Web sites offer," Engelbardt said via e-mail. "Cookies permit the Web sites to customize their responses to users who previously visited the pages, which can save time and improve efficiency. The overall result is a more satisfying experience for those who frequently return to particular Web sites."

More recently, because of practices by some Web advertising businesses, they've raised the ire of Net surfers worried about privacy of personal information. However, few in the broad Net community really understand what they are, or how the real privacy control lies not in the cookie data itself but in the personal information that site visitors divulge on their own when they register with the site.

First, a more precise definition. A cookie is a piece of text that a Web server (the computer where the requested Web site is stored) can place on a user's hard drive. Cookies allow the site to store information on a user's machine and later retrieve it. There is usually an ID number of some kind so that the Web site's computer will recognize the surfer as a veteran the next time he or she visits the site.

They are not programs, but merely text files that vary somewhat from site to site. PC users, for example, can view them from the Windows desktop by clicking on My Computer, then the icon for the C: drive, then the Windows folder and the Cookies folder.

The primer site How Stuff Works offers a comprehensive explanation of cookies (www.howstuffworks.com/cookie.htm). In it there is an example of a cookie that How Stuff Works would place on a visitor's computer, looking like this: user 35005 www.howstuffworks.com/. That user ID is also stored in the site's data base so that it will recognize the visitor when he or she returns.

Most sites would only have a user ID like this, but others might include additional numbers linked to other information. For example, the user may have established preferences for certain information (stock reports and local weather, perhaps) to be displayed.

Most commonly, a site uses the data to determine how many readers actually visit and how often they return. E-commerce sites also need to track visitors as they move through the site, adding merchandise to their virtual "shopping carts." While the visitor is picking up items, the computer is setting a cookie matched to each item on the shopper's computer. Then when the "checkout" button is hit, the site knows who the shopper is and can deliver all the items listed in its data base.

Some people have no problem with any of this, but others are uneasy about the level of oversight a Web site can have using the cookies, especially if the Net surfer has also handed over their ID information. While a mail-order company also retains customers' names and addresses as well as their order, a Web site also tracks the pages you access and the ads that you click. This information is even more interesting to telemarketers and junk e-mail purveyors.

Additionally and more disturbingly, some Net advertising companies (DoubleClick being the best-known example) are able to place their own cookies on computers that visit any of its clients' sites and thus can track a surfer's movements across several sites.

Privacy advocates became even more worried in February, when DoubleClick bought its first e-mail marketing company, allowing it to compound the customer information that it could control.

Software companies have responded to the public concern; a range of cookie-managing programs can be downloaded at low or no cost from the Web.

And Microsoft is planning to release its next Internet Explorer upgrade, Version 6, next month. It will be the first browser to support a new standard called Platform Privacy Preferences, or P3P (more information is at www.w3.org/P3P/).

P3P enables surfers to configure browsers to determine the site's privacy policy: whether a Web site collects ID information, uses that information to create user profiles or permits visitors to bar the collection of that information.

Engelbardt sees less of a danger from data collection than from viruses that can be transmitted.

"As for potential security risks and the possibility of generating unwanted e-mails, I feel that the advantages offered by the use of cookies outweigh the down side," he said. "So long as the user has an anti-virus application and also a firewall (like ZoneAlarm) when they are connected to the Internet via cable or DSL, cookies do not pose much of a threat."

Browsers let you remain in control

The method for controlling cookies varies from browser to browser. Internet Explorer is completely different from Netscape, and even within those major brands the situation changes from one version to the next (PCs versus Macs, or between upgrades of the software). But here's a primer on how to turn off cookies or be notified of them in two popular PC browsers, Netscape Communicator and Internet Explorer 5:

• Netscape — Select Edit/Preferences/Advanced. In the "cookies" area on the right side of the dialog box, you can choose to accept all cookies, accept only those that are sent back to the originating server, or disable cookies altogether. If you'd like to be notified whenever a cookie is sent, check "warn me before accepting a cookie."
• Internet Explorer 5 — Select Tools /Internet Options, then click the Security tab. Click the Custom Level button at the bottom and scroll down to Cookies. Under "Allow cookies that are stored on your computer," check the radio button in front of Disable or Prompt (use Prompt if you'd like to be asked before cookies can be inserted).