Learn IT strategies from the 500 most innovative companies in North America. Get the InformationWeek 500 Analytics Report FREE today!

Welcome Guest. | Log In| Register | Membership Benefits


The Cookie Debate Heats Up: How Many Has Your Browser Eaten Lately?

By Jason Levitt
April 14, 1997

My friend Terry and I had one our regular discussions about television the other night. We both are rather passionate about technology, and TV is certainly one of the most pervasive, if not invasive, examples. Our conclusions are inevitably the same. We don't think that TV, as a technology, is inherently evil -- it's just not implemented properly and it's not being used effectively. The same could be said for cookies, the simple mechanism for saving information on users that Netscape introduced in its Navigator 2.0 browser. (Cookies are sometimes called "HTTP cookies," "Netscape cookies," "magic cookies," "client-side cookies," "persistent cookies," and even "persistent client-state HTTP cookies").

Although cookies can be used to enhance a user's Web experience by customizing a Web-site visit or by letting "shopping cart" Web sites maintain your shopping list, they can also be used to track your movements at sites and collect marketing data on your Web-page choices. This intrusiv e use of cookies has stirred controversy in the Internet community. On one side of the debate are the privacy advocates who say that users should be able to control exactly how much information their browsers reveal. On the other side are the marketing and advertising folks who say that some kind of tracking mechanism is necessary so that Web sites can determine what users are doing and collect demographic information to drive advertising.

Because of the positive uses of cookies, neither side wants to see cookies eliminated altogether. What has privacy advocates steaming is that, by default, your browser (if it's Navigator or Internet Explorer 2.0 or later) silently lets sites create and retrieve cookies on your machine. That means that sites that want to track your Web movements can do so, typically without your knowledge. Privacy advocates are demanding that Netscape and Microsoft disallow cookies by default in the Navigator 4.0 and IE 4.0 browsers and that the new proposed standard for cookies be adopted by both vendors.

The current beta of Navigator 4.0 has an option that lets users defeat cookies, but the current beta of IE 4.0 does not, though Microsoft and Netscape both say they will support the new cookie standard . A recent online article describes the debate more fully.

Tastes Great, Less Filling
The new proposed standard for cookies is really just a formally written version of the original Netscape de facto standard with some backward-compatible improvements. However, the proposed standard contains an important section that talks about how browser vendors should implement the user interface so that users have control ove r Web sites that try to use cookies to collect marketing information. Here's an excerpt from that section:

7.1 User Agent Control
An origin server could create a Set-Cookie header to track the path of a user through the server. Users may object to this behavior as an intrusive accumulation of information, even if their identity is not evident. (Identity might become evident if a user subsequently fills out a form that contains identifying information.) This state management specification therefore requires that a user agent give the user control over such a possible intrusion, although the interface through which the user is given this control is left unspecified. However, the control mechanisms provided shall at least allow the user:

  • to completely disable the sending and saving of Cookies.
  • to determine whether a stateful session is in progress.
  • to control the saving of a Cookie on the basis of the Cookie's domain attribute.

    Such control could be provide d by, for example, mechanisms:

  • to notify the user when the user agent is about to send a Cookie to the origin server, offering the option not to begin a session.
  • to display a visual indication that a stateful session is in progress.
  • to let the user decide which Cookies, if any, should be saved when the user concludes a window or user agent session.
  • to let the user examine the contents of a Cookie at any time.

The Here And Now
The cookie controversy isn't new. In fact, it's been going on for quite a while. Even this article from a February 1996 issue of the San Jose Mercury News warns about the possible uses, and abuses, of cookies. I should also point out that the cookie mechanism has become a de facto standard . It persists in the current version of Navigator and was also picked up by Microsoft for Internet Explorer. Other browser developers have also implemented cookies.

While using the Navigator 3.x or IE 3.x browsers, you may have seen cookie download warnings . If you haven't seen those warnings but are using one of those browsers, that means your browser has been silently eating cookies fed to it by Web sites. You might enjoy taking a look at the cookie file stored on your computer . You can enable cookie download warnings in your browser (if you are using Navigator 3.x or IE 3.x) so that you have the option of accepting, or rejecting, cookies. However, it's such a nuisance to constantly see and respond to those cookie download warnings that you'll probably want to find an easier solution.

Cookie Central has an excellent page on how to inhibit cookies in various browsers. They also have a Web page that lists software that can help inhibit and track cookies.

Should you worry about your browser's diet? Probably not, but you should know that your browser is eating cookies all the time and that those cookies allow Web sites to monitor your movements. Need more info? Here's a list of cookie resources .

Cookie Warnings
Cookies scared people for a while, especially after the browser vendors decided, as a security precaution, that you might want to see a warning message every time a site tried to write a cookie to your machine. Perhaps you've seen these warning dialog boxes before. These warnings occurred when I went to the NetGuide Live site .

Internet Explorer 3.x under Windows 95:

Or maybe you've seen this one --

Netscape 3.x under Windows 95:

Configuring Your Web Browser For Cookie Alerts
If you want to see a warning message every time a Web server tries to write a cookie to your machine, and have the opportunity to keep the cookie from downloading, then you need to configure your browser to warn you (if you are using Navigator 3.0 or later, or IE 3.0 or later). Here are the configuration dialog boxes for those two browsers.

Internet Explorer 3.x under Windows 95:

Netscape 3.x under Windows 95:

Where To Find The Cookie File
The format of the cookie file is browser-dependent, so, depending on the browser you use, the cookie file will likely have a slightly different name and location. Here are some locations of the cookie file for common browsers .

Navigator 3.x:
If you're running Navigator under Windows 95, you'll probably find your cookie file here . Or you can just search your C: drive (or search whatever drive on which you installed Navigator) for a file named "cookies.txt." If you're running Navigator on the Macintosh, look in "System Folder," then look in the "Preferences" folder, then look in the "Navigator" folder, then look for a file named "MagicCookies."

Internet Explorer 3.x for Windows 95:
For IE 3.0 under Windows 95, Microsoft decided to put cookies in separate files. Your cookie files will probably be in this folder . If not, search the drive on which you installed Windows for a folder named "Cookies."

Internet Explorer 2.x for Macintosh:
Look in the "Preferences" folder, then the "Explorer" folder, then the "Explorer Cache" folder, then look for a file named "cookies.txt."

Cookie Resources
There are several excellent sites dedicated to spreading the word about cookies. Here are a few of them:

 Cookie Central -- The definitive cookie site.
  Andy's Netscape HTTP Cookie Notes -- Lots of great info about Cookies.
Malcolm's Guide To Persistent Cookies -- Excellent discussion and pointers to resources.
  Center For Democracy And Technology Privacy Demo Page -- Shows how much info your browser gives awa y (scary!). This page isn't really about Cookies, but the security issues it discusses are related.
  How To Make Netscape Cookies And Shopping Cart -- Example of Cookie usage including C source for CGI program.
  Bill Dortch's Cookie Functions -- JavaScript functions you can use to create and access Cookies.

Return to AuthorITies or view AuthorITies archives

Comments?

http://www.informationweek.com


CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center

Today's Top News





Specialty Resources

Featured Microsite