Cookies: Trick or treat?

The Internet "cookie," like an urban legend, has been around for years,

but the topic resurfaces periodically to strike fear in the hearts of the

uninitiated. The cookie, unlike most urban legends, is rooted in fact, but

it is not necessarily as scary as it's made out to be.

A cookie is a small text file that many Web sites store on your computer

the first time you visit.

The cookie contains an identification number that allows the Web site

owner to recognize you each time you return to their site and enables Web

sites to collect information on your use of the Internet. Cookies can enable

the collection of your full name, e-mail address, telephone number, mailing

address and information about what you do online such as search phrases

that you use.

Contrary to most peoples' fears, the direct security implications of

cookies are not so bad. After all, the cookie places information on your

computer. It doesn't extract information. No sensitive information such

as credit card numbers or Social Security numbers can be incorporated into

the cookie that you didn't send to the Web site as part of your interaction

with it. Presumably, you knew the owner of the site and trusted the owner

to protect such sensitive information or you wouldn't have sent the information

in the first place.

Cookies provide you with at least two benefits.

First, the information collected via cookies makes it possible for Web

sites to recognize you automatically. This means in many cases that you

don't have to log on to a site with a user name and password on repeat visits.

It also helps the site recognize you as you bounce from page to page. For

example, when you use "shopping carts" on e-commerce sites, the cookie makes

it possible for the e-store to keep track of all the items you order even

when they come from different Web pages.

Second, by noting your preferences, the Web site can offer you information

concerning products and services that may be of interest to you and not

offer those less likely to be of interest.

The bad news is that companies can use this information to build a dossier

on site visitors. You may reveal a lot about yourself through health-related

queries, travel arrangements or requests for lifestyle information. If you

supply your driver's license number, bank account numbers or other personal

information, that information can be added to your dossier.

Eventually, an alarming amount of information can be collected, amounting

to an invasion of privacy. This information can be sold to companies that

may use it in ways you never intended when you provided it to particular

sites.

You can configure your browser to alert you before it accepts any cookies,

giving you the choice of allowing or denying the placement of the cookie

on your computer. You can also delete the cookies you have already — knowingly

or unwittingly — accepted.

Internet Explorer maintains cookies as separate

text files, while Netscape combines them all into a single file. You should

also be sensitive to the privacy policies of the Web sites you visit so

you can make an informed decision about when and if to accept cookies from

them.

— Ryan is an attorney, businessman and member of the George Washington University

faculty.