Internet Basics

Site hosted by Angelfire.com: Build your free website today!

Internet Basics: Cookies
by Kilen Matthews

Grab a glass of milk and your favorite ... web browser, and bring your appetite. We're talking cookies.

The cookie may be the most misunderstood item in the realm of the Web and Internet today. It is maliciously charged with powers of mayhem and risks which strike fear into the hearts of web newbies everywhere. Many web surfers, when they find out that a cookie does indeed write data to their hard disk - more or less - say a flat out "NO!" to cookies.

Fear and concerns over safety, invasion of privacy and other issues will be left to be debated - forever I am sure - to other forums. I will only slightly touch on the debate of these issues but will try to clear up a few cookie basics so you'll understand why cookies just simply are not the monsters that they have been cooked up to be.

Web Cookies CANNOT:

Give you a software virus
Run or Execute on your PC (they are not programs or executable code)
Access information on your hard drive (apart from the info they put there themselves)
Capture your e-mail address
Steal your credit card numbers
Take personal information (unless you volunteer it)
be eaten

Web Cookies CAN be used to:

Track how you move throughout a web site
Determine and record what page you enter on and leave from
Determine what web page you came form
Know and record what type of web browser - even what version - you are using
Be used to remember what things you like to read, buy and search for
Be Deleted by you from your hard disk, whenever you want

What is a cookie?

A cookie is a small amount of text only data which a web page sends to your web browser. Your browser then writes this cookie to your hard disk in a specified folder. You could think of a cookie as a "web passport" issued by a web site to you.
Every time you want to enter, the web site 'immigration officer" requests, reviews, and stamps your passport/cookie.

Do all web sites use cookies ?

Most web sites do not use cookies but their usage is definitely on the rise, with now more than one third of all corporate web sites using them. And recent versions of almost all web browsers support cookies; if you have a popular browser such as Microsoft Internet Explorer or Netscape, and have spent any time at all web surfing, you most likely have several cookies on your hard drive right now.

Cookie (noun): an HTTP header that consists of a text-only string that gets passed into the memory of a web browser. This string contains the domain, path, lifetime/expiration date, and value of a Variable string that a website sets. If the lifetime of this variable string is longer than the time the user spends at that site, then this string is written to the user's hard disk by the web browser program for future reference.

Why are there cookies anyway?

Cookies were designed to enable easy interaction between web sites and their viewers. For example, cookies are used in Internet "shopping carts" (amazon.com, cdnow.com as examples) and in online memberships to remember things (as on My Yahoo or Excite) - like your preferences - so you don't have to type them in every time you visit a web site. Since they can also be used to watch which pages on web site you visit - and in what order - cookies can be used to record your web movements - and this could be considered a bit of an invasion of privacy.

Where did the computer term cookie come from?

According to an article written by Paul Bonner for Builder.Com on 11/18/1997:

"Lou Montulli, currently the protocols manager in Netscape's client product division, wrote the cookies specification for Navigator 1.0, the first browser to use the technology. Montulli says there's nothing particularly amusing about the origin of the name: 'A cookie is a well-known computer science term that is used when describing an opaque piece of data held by an intermediary. The term fits the usage precisely; it's just not a well-known term outside of computer science circles.'"

What is usually in a cookie?

Typically a cookie contains some history of web pages you've surfed to. For sites where you have an account for free email or stock quotes, it may include your preferences, your name and customized settings and anything else you volunteered to the web site.

Commercial web site cookies may store a list of all of your past purchases so the vendor can tell you about new offers you might be interested in - like new records from your commonly purchased recording artists.

Wait a minute, web pages actually write to MY hard drive? How much space are they using?!

Yes, they can write to your hard disk, but they don't use much space. Both Netscape and Microsoft web browsers limit the number of cookies saved on your hard drive at any time.

Netscape will only store 300 cookies, deleting the oldest ones to make room for new ones. Microsoft IE saves cookies into the "Temporary Internet Files" folder, a system folder that you can set the maximum size of (the default is 2% of your hard drive).

The average size of a cookie ranges from 50-150 bytes. Get busy, you need to collect 20 million cookies to fill up a 2GB drive.

Other cookie issues...
Consider someone who uses the Web from a PC they do not own, such as at a CyberCafe, school, or at work.
They may be "used against you". In one famous case in the States documented in the New York Times, an American journalist demanded to see local government employees' cookie files under a "public records" act.

Another, usually unintentional, abuse of cookies involves sites who offer online memberships storing sensitive data, such as passwords, in an insecure (unencrypted) form. If - against all my advice - you use the same password for ALL of your web accounts, someone sniping one from a cookie file would then have access to any account you might have.

What should YOU do about cookies? 3 choices:

A. Do Nothing - Accept all Cookies
B. Reject All Cookies
C. Manage Your Cookies

A. Do Nothing - Leave Those Cookies Alone!

Let' em in. What do you lose?
Some degree of privacy on the Web. Someone might store your information insecurely on a cookie on their web server, someone might steal that and someone else might gather information about your habits and patterns of browsing the web and tell someone else or use it to send you junk mail or SPAM or - well you can make up enough scenarios yourself...Then again, someone could go through your rubbish and find out A LOT about you.

B. Forced Diet: Reject All Cookies

No way, nobody write to MY hard drive...What do you lose?
The capability to: shop online with a shopping cart, use most free web based email accounts, personalize web home bases and portals, get daily stock quotes from a customized tracking page, etc. You give up a lot of the power of the web.

C. Manage Your Cookies
A compromise - and my recommendation - is to regulate your cookies. This includes deciding which sites, and which types of sites you permit to set cookies and which sites you will forbid from setting cookies on your hard drive.

With many browsers, you can already opt to be alerted every time a site tries to place a cookie. Many people,
however, find the alert mechanism to be annoying because cookies are used so extensively on the Web.

My favorite program is the 15$ shareware program Cookie Pal, which lets you control cookies, delete them, selectively block sites, always accepts certain types - this is a great application, from Kookaburra software.

Three other programs to consider, each $15 shareware: Cookie Crusher by The Limit Software, Cookie Cutter PC by Ayecore and Cookie Terminator by 4Developers,

To get details about these and other cookie management software try http://download.cnet.com and search for "cookies"

And since I believe everything should be free, I recommend checking out Cookie Cruncher 2.11, also available on the cnet site.

You could think of a cookie as a "web passport" issued by a web site to you. Every time you want to enter, the web site 'immigration officer" requests, reviews, and stamps your passport/cookie.

The Privacy Issues

There are at least two problem areas involving cookies and privacy: widespread lack of knowledge about
cookies, and abuse (intentional and unintentional) of cookies

Are you SURE I can't get a virus from a cookie ?

It's very unlikely. Cookies are generally created in a text-based format, a format not usually used in the creation of computer viruses. On the other hand, there have been data-based viruses, and there is a possibility that a cookie could be created as a potentially "executable" file, enabling it to house a virus. However the availability of other, easier, means to spread viruses means that cookies haven't yet been used to deliver them.

Do cookies stay on my hard drive forever?
No. Your browser typically deletes cookies when your cookie file is filled to a certain limit. Also, many cookies have an expiration date at which time they die.

After I get rid of unwanted cookies, can I enjoy total privacy in using the Web?

Are You kidding? Absolutely not. Email, newsgroups you read and submit to, etc. all leave a trail...

Cookie bugs

OK, there is at least one already discovered cookie bug. This would allow one domain to set a cookie and by coding it very specifically to allow other domains to read it. Nothing is gained by whoever set the cookie so there is not a lot of threat here.

HOW TO EMPTY THE COOKIE JAR:

In order to do this properly, remember to close your browser first. This is because all your cookies are held in memory until you close your browser, which writes the cookies in memory to your hard disk when you close it.

Caution: if you delete your cookie file entirely, you will not be recognized by some web sites as you were previously.
You'll still get there but they may have forgotten your name and preferences. Instead you might want to, if you use Netscape Navigator, open the file cookies.txt in Notepad and remove only the entries you don't want. For Microsoft Internet Explorer (MSIE), where the cookies are stored each in their own file, just delete the ones you don't like. And consider just moving them to another director in case you want them back later!

How do I set my browser to reject or accept cookies?

If you don't have separate cookie management software, both Navigator and MSIE allow some level of cookie verification. Netscape 3.0 and MSIE 3.0 both have a setting for "alert before accepting cookies." To do this:

Navigator: Options/Network Preferences/Protocols menu
MSIE: Internet Options/Advanced menu

This setting mean any time a cookie is sent to your browser a window will pop up and you must click on "OK" to allow it, or "Cancel" to reject it.

Both Netscape 4.0 and MSIE 4.0 are even more flexible in your cookie options. They have choices which permit you to accept all, some, or none of your incoming cookies and you still have the "warn before accepting" feature if you like.

Netscape 4.0: go to the Edit/Preferences/Advanced menu
MSIE 4.0: go to the View/Internet Options/Advanced menu

MSIE 5.0 has significant menu and dialog changes from earlier version but still allows some cookie control. Go to Tools/Internet Options/Security menu. There, choose your security level for 4 different browsing conditions: Internet Sites, Local Sites, "Trusted" Sites, and Restricted Sites. Select "Internet," and click on Custom Level, you'll get a dialog box where you can accept all, warn before accepting, or reject all cookies.

Technical Cookie stuff - ingredients

A cookie has 6 parameters that can be passed to it

Cookie name
Cookie text data string
Cookie expiration date
Path the cookie is valid for
Domain the cookie is valid for
Requirement (or not) a secure connection to exist to use the cookie

The first two are required and present in every cookie, the others are optional.

Finally, Are cookies Year 2000 Compliant?
The major browsers do not have an issue with this. Cookies with expiration dates set with 2-digit or 4-digit years are understood properly. Cookies can be set from the browser-side or from the server-side.

Feedback
Hate this column? Love this column? Have ideas for what should be covered - Send suggestions for Internet Basics topics by email to basics@y2kegypt.com. The best suggestion gets a PC World-Egypt T-shirt! Kilen Matthews (kilenm@y2kegypt.com) is an Web-Commerce, Internet and Year 2000 Consultant for Y2KEgypt LLC (http://www.y2kegypt.com).