Return to my Computer pages
Go to my home page
© Copyright 2000, Jim Loy
When you visit a WWW page, you often get a cookie. Did you know that? A cookie is a data file that goes onto your hard disk. It can be very small (usually it is) and it can be very large (some are huge). What goes into such a file? Information about your computer (Pentium, Windows 98, etc.), information about your browser (version number), and some other information. Why do they put this info on your computer? Because then the WWW page can request this information. All of this may be done without your knowledge or permission. This was all Netscape's idea, and for a while, it was impossible to disable this secret flow of information out of your computer.
Quite a few people are upset by all this. See Junkbusters - How Web Servers' Cookies Threaten Your Privacy, Cookies and Privacy FAQ and Cookies - by Roger Clarke.
Addendum #1:
OK, cookies often provide you with very handy features, like sites that must verify that you are who you say you are. The alternative may be to ask you for your password on every sub-page, which would be disgustingly unhandy. So, you may choose to enable cookies, despite the risk. If you have a fairly recent version of your browser, then you can choose the option: "Enable cookies for the originating website only." If you do this (I recommend it), then site-A cannot read the cookies placed on your computer by site-B. If you don't do this, an unscrupulous website owner may read all of your cookies, and thereby see which sites you have visited for the last few months, and see some of the things that you have done at these sites. If you are not concerned about this, consider that a cookie may contain your credit card number, if you have ordered anything from a site that does not encrypt such data.
There are sites where you cannot get in unless you accept their cookies. Some sites give cookies for legitimate reasons (passwords or to format the screen for your browser). Others seek info about you the customer, so they can target you for advertising. And there is the potential for some invasion of privacy.
See The New Generation of Spam, where we see that email can now send you cookies.
Addendum #2:
These are the fields in a cookie (with sample data):
A WWW page can determine which WWW site you were just visiting, which browser you are using, which version, whether JavaScript is turned on or off, whether you use Windows or not, and a few other things. These can go into a cookie on your computer. WWW pages may also record within a cookie which specific page you are looking at. So, while you go from page to page, within that host's pages, cookies may list some of the pages you have visited. If one of the pages that you have visited had a form (login, password, questionaire, whatever), all of that info may also be placed within a cookie. This info can then be read by the site that wrote it.
The downside: Too many cookies from one page may slow down the loading of the page (some pages will leave a dozen or so cookies on your hard disk, which is bad programming practice). Some cookies are very large. Many cookies are set to expire many years into the future, so they may stay on your computer a very long time, and all those cookies may fill up a significant amount of your hard disk. Your browser may not delete expired cookies. There may be a limit to the number of cookies that your browser will allow, and sites that depend upon cookies may not be able to write a cookie if the limit has been reached. A site which you visit may have ads from other sites, and you may get cookies from those sites too, just by visiting the one site.
The good news: In general, a WWW page cannot read the cookies placed on your computer by someone else's page. So, my page cannot read your password from some other site. My page cannot tell whether or not you visit porn sites. Just to make sure, set your browser preferences to the setting where only the site that writes a cookie can read that cookie.
Cookies in email: One more piece of information can be gathered by email which writes a cookie. Just the fact that you accepted a cookie informs the originating web site that the email was delivered to a valid email address. And so, accepting cookies in email may make you the target of Spam (junk email).