Sunday, September 23, 2007


No, I'm not talking the edible kind, but the Internet ones.

For those that aren't familiar with them, Internet 'cookies' are little bits of information stored on your computer by some (most, actually, nowadays) Web sites to keep track of what you do on the site. All they are is little bits of text that is stored on your computer - rummage around in your computer, and I'll wager that you can find a directory called 'cookies'; have a look at what's in it, and even open up a few of them with a text editor to see what I'm talking about. It's also worth mentioning that the cookies you get on one particular site can ALSO be for organizations than the one you're visiting:

While this is a truly great idea for places like blogs (to keep track of your user info for making comments, for example), online shopping (what items you have in a 'shopping cart' or your user ID), and so on, they're also subject to being abused.

You see, cookies like these can be set to expire at the end of whatever time the website wants them to - anything from the end of your current online session to many, many years in the future. As long as the cookie hasn't expired, the website can use it to keep track of your specific computer, and what you do on their site.

What a lot of people don't know is that a lot of sites are signed up with various marketing outfits to try and gather as much information as they can about who visits their site: when they visit, how often, how long they stay, what they look at, and so on. When enough of this kind of information is collected, the data can be analyzed (or "mined") to determine some fairly precise profiles - not just of users in general, but even specific users if they have broadband (or a permanent or semi-permanent connection [and thus unique Internet 'address'] to the Internet). To verify this for yourself, configure your browser to 'always ask' whether or not to accept cookies; I think you'll be amazed at how often you get a little popup dialog! And while you're doing that, also have a look at when those cookies expire. I just did a visit to the New York Times website, and the first cookie that my computer asked me about was set to expire in 2015. Now why in the name of Cthulhu would the NYT need/want to keep track of little 'ol ME for that long?

The reason I bring this up is that I have my web browser configured to 'always ask', and set to apply my answer to ALL cookies for the site in question, and I've noticed that a lot of websites are defaulting to trying to get me to accept their cookies for really long times - most of them seem to want to expire in 2038. Now, this is fine, as I say, for blogs or an online store (if/when I actually start to buy something), but it seems a bit much for a site to try to give me a cookie like that when I first drop into their main page.

Granted, in MOST cases, these cookies aren't that big of a deal. But the operative term there is "in MOST cases". Personally, I don't think that any of the online marketing and data-collection outfits has any inherent 'right' to keep track of where I go and what I do on the Internet; and I'm enough of a privacy and rights advocate to think that companies and people shouldn't be trying to collect the kinds of information that's possible with cookies unless they both tell the user what they want to use the cookie FOR, and limit the use of the cookie to a specific purpose and for an appropriate period of time. Otherwise, the use of cookies will be subject to even MORE 'mission creep', resulting in even more personally-identifiable information being collected simply because the site owners can. For example, if (say) Amazon wants to give me a cookie, then they shouldn't do it until/unless I actually indicate that I want to buy something, limit the use of that cookie to keeping track of stuff I want to buy, and have it expire at the end of my browser session - and clearly tell me what they want to use it for (and ONLY use it for that purpose); giving me a 'forever' cookie immediately when I arrive on their site should be strictly verboten.

As I said, I have my browser set to always ask me whether or not to accept cookies, and to apply my answer to all the other cookies the site tries to feed me; I am very intolerant of cookies being set to expire later than I think is necessary or appropriate, and generally tell my browser to have them expire at the end of the current session.


Erica said...

Screw the blogs and online shopping -- can I surf porn and not be exiled to Coventry if my cookies are discovered?

Dick said...

Ya know, I had a buddy from Maryland back in the service who spelled his name the same way, first name Daniel, about 44 now I'd imagine.
Any relation?

Randy said...

Eri, didn't you know that if you're caught doing that you're exiled to Jersey?