Cookies: Trick or treat?
- By Dan J. Ryan
- Jun 19, 2000
The Internet "cookie," like an urban legend, has been around for years,
but the topic resurfaces periodically to strike fear in the hearts of the
uninitiated. The cookie, unlike most urban legends, is rooted in fact, but
it is not necessarily as scary as it's made out to be.
A cookie is a small text file that many Web sites store on your computer
the first time you visit.
The cookie contains an identification number that allows the Web site
owner to recognize you each time you return to their site and enables Web
sites to collect information on your use of the Internet. Cookies can enable
the collection of your full name, e-mail address, telephone number, mailing
address and information about what you do online such as search phrases
that you use.
Contrary to most peoples' fears, the direct security implications of
cookies are not so bad. After all, the cookie places information on your
computer. It doesn't extract information. No sensitive information such
as credit card numbers or Social Security numbers can be incorporated into
the cookie that you didn't send to the Web site as part of your interaction
with it. Presumably, you knew the owner of the site and trusted the owner
to protect such sensitive information or you wouldn't have sent the information
in the first place.
Cookies provide you with at least two benefits.
First, the information collected via cookies makes it possible for Web
sites to recognize you automatically. This means in many cases that you
don't have to log on to a site with a user name and password on repeat visits.
It also helps the site recognize you as you bounce from page to page. For
example, when you use "shopping carts" on e-commerce sites, the cookie makes
it possible for the e-store to keep track of all the items you order even
when they come from different Web pages.
Second, by noting your preferences, the Web site can offer you information
concerning products and services that may be of interest to you and not
offer those less likely to be of interest.
The bad news is that companies can use this information to build a dossier
on site visitors. You may reveal a lot about yourself through health-related
queries, travel arrangements or requests for lifestyle information. If you
supply your driver's license number, bank account numbers or other personal
information, that information can be added to your dossier.
Eventually, an alarming amount of information can be collected, amounting
to an invasion of privacy. This information can be sold to companies that
may use it in ways you never intended when you provided it to particular
You can configure your browser to alert you before it accepts any cookies,
giving you the choice of allowing or denying the placement of the cookie
on your computer. You can also delete the cookies you have already — knowingly
or unwittingly — accepted.
Internet Explorer maintains cookies as separate
text files, while Netscape combines them all into a single file. You should
also be sensitive to the privacy policies of the Web sites you visit so
you can make an informed decision about when and if to accept cookies from
— Ryan is an attorney, businessman and member of the George Washington University