July 22, 1996
Cleaning up the crumbs
By Bob O'Donnell
It's a fact of life that whenever you eat cookies, you're bound to leave a few crumbs
behind. Think of it as evidence of your consumption.
Though you may not know it, the same can be true of the cookie files used by today's
popular web browsers, most notably, Netscape's Navigator and Microsoft's Internet
Explorer. (For more on what cookie files are and how they work, see Netscape's Persistent
Client State HTTP Cookies page http://home.netscape.com/newsref/std/cookie_spec.html
and Malcom's Guide to Persistent Cookies http://www.emf.net/~mal/cookiesinfo.html.)
The cookie files maintained by these browsers, which are not readily visible to end-users,
can be used to track your "consumption" of the web; that is, what sites you
visit and what pages you choose to view. Of course, there are other methods for tracking
where you go on the InternetÐNavigator maintains a hidden database of all the sites
you've visited, for example, and many firewalls can log individual users' IP addresses and
the destinations they're going toÐbut cookies are gaining a reputation as a mechanism for
tracking an individual's web preferences.
The truth is, however, not many sites on the Web are using cookie mechanisms yet. (For
the record, InfoWorld Electric does not; though we are thinking about, as I'll explain
below.) A lot of people are talking about them, but for a number of reasonsÐnot the least
of which is that not all browsers support themÐthey are not a universally used tool.
Nevertheless, many people are concerned about potential invasions of privacy through
the misuse of cookies. The fear is that someone could get a hold of your cookie file and
potentially take advantage of the information it contained. For example, if you decided to
visit a sexually explicit site that used cookies, just to see what all the fuss is about,
and you ended up with an addition to your cookie file that contained information about
that visit, someone might use that information against you.
Another concern, raised in an InfoWorld Page One story last week (see "Tool
sweeps away Web security fear") is that cookie files could be used for even more
nefarious purposes that might pose a security threat to an individual's desktop machine or
a company's network. The tool described in that article, NSClean (which you can download
at http://www.simtel.net/pub/simtelnet/win3/inet/ns-demo2.zip),
lets you view and clean the contents of your cookie file, as well as the recently visited
sites list, Netscape's hidden database log of site visits, and a few other files that
contain information about your travels throughout the Web. In addition, the latest betas
of Netscape Navigator 3.0 now include a preference that will warn you if a site is about
to add to your cookie file and will let you prevent them from doing so.
In spite of all these potential problems, however, I think cookies are a practical,
useful tool for end-users, as well as for Web sites. At InfoWorld Electric, for example,
we've been thinking about using cookies to maintain usernames and passwords so that once
you've registered with us, you'd never have to worry about remembering or typing in this
information when you wanted to visit Forums or other password-restricted areas of the
site. In addition, cookies are a great mechanism for storing personal interests so that we
could offer individual users a customized view of the news just by looking at the contents
of their cookie file when they came to visit the site. We might also use cookies or
another mechanism to see how different individuals moved throughout our site so that we
could analyze which parts of the site were working and which ones weren't.
As personal tracking mechanisms like cookies and Caller ID become more prevalent,
difficult questions about limits on information gathering will have to be raised and
debated. In the mean time, enjoy your cookies, but watch out for the crumbs.
©
Copyright 1996, by InfoWorld Publishing Corp., a
subsidiary of IDG Communications, Inc. Reprinted from InfoWorld,
155 Bovet Road, San Mateo, CA 94402. Further reproduction is prohibited.
