Taking cookies from strangers

Inside the cookie jar A recipe for Good or Evil

Do cookies make the Web easier to use or abuse? David Flynn tells you what you need to know before you accept a cookie from a stranger.

Visit any of the Web's most popular sites and you're getting more than you bargained for. Before you start to download cool software, view stunning images or explore the links of that page, something happens behind your back. The Web server asks your browser to tell it a little something about you and in return downloads a small file called a 'cookie' onto your PC.

Your Web browser can give you the choice to accept or reject any cookie that is offered.

Hot tip
Surfing anonymously
One of the biggest drawcards of the Internet is its anonymity. But if you believe your online life is private, think again. Virtually every move you make is tracked or recorded somewhere. If you want to surf the Net without having to look over your shoulder try The Anonymizer (www. anonymizer.com). This handy little site was created by a group of 'concerned citizens' who claim to hide your personal details from other sites you may visit. They claim to give you an anonymous identity and let you hop from page to page without anyone tracing your footsteps.

So just how do cookies work, and what do they mean to you?

Whenever you visit a Web site that supports cookies, the Web server asks if your browser has a cookie from that site.

If it's the first time you've been to that site, the server gives your browser a cookie. Each cookie is unique and only applies to the site that issued the cookie, but at the most basic level a cookie serves to identify you to that site. Cookies can also store individual preferences and records of what you've last seen at that site.

If you already have a cookie, which is the case if you're re-visiting the site, the cookie file is uploaded to the server. The server reads the cookie, performs some action based upon its contents, and then hands your browser an updated cookie. This process of storage and retrieval continues until the cookie reaches an expiry date specified by the server.

So you can think of cookies as passports for the Web. Each time you visit a cookie-enabled site, your passport is checked and stamped.

Inside a cookie file: the view through Internet Explorer 3.0.

Cookie alert
Enabling the cookie alert feature in Netscape Navigator 3.0.
1. Click the Options menu.
2. Select Network Preferences .
3. Click the Protocols tab.
4. Go to the box labelled 'Show
an alert before'.
5. Check the box 'Accepting a Cookie', then click OK.

Each Web browser handles cookies in a different way.

Netscape Navigator saves cookie information in a single file named cookie.txt, which can be found in the same directory as the browser itself.

Microsoft Internet Explorer stores each cookie as an individual file inside a WINDOWS\COOKIES folder.

Because cookies are plain text files, you can easily view them with the likes of QuickView or open them with the Windows Notepad accessory. If you choose the later path, be careful not to edit the data in any way or next time around the cookie won't function.

Each cookie contains a complex string of characters and the address of the issuing site. These numbers identify the cookie to the server and match you to the server's record from your most recent visit.

A quick trip to www.13x.com/ cgi-bin/cdt/snoop.pl will illustrate the essential ingredients inside any cookie: the ability to detect if you're using a PC or a Macintosh, what operating system you are running, your browser version and from which site you arrived at the page.

Some of the more sophisticated cookies can detect your e-mail address (if entered into the browser) plus the IP address and domain name from where you're calling. Whenever you are given the option to have your own 'personalised' page with the content tailored just for you, these preferences — what types of information you want to see, a password so you can change your settings, even your name so you can be greeted personally — are stored in a cookie.

Sites that carry advertising often resort to cookies to ensure you don't see the same advertisement too many times. Web page designers use cookies to track how often pages are visited, and by whom, as well as the route visitors take to get to the page. This is why you can receive several cookies from a single site.

Cookies keep track of the potential purchases you add to a 'shopping basket' on an online shopping site (one is www.sofcom.com.au/mall/)

An increasing number of search engines (such as WebCrawler at www.webcrawler. com) have also begun employing cookies to save your search preferences.

Enabling the cookie alert feature in Microsoft Internet Explorer 3.0.
1. Click the View menu.
2. Select Options.
3. Click the Advanced tab.
4. Check the box labelled 'Warn before accepting cookies', then click Apply.

Your browser of choice will now flash an 'Alert' box on your screen each time a server tries to lodge a cookie on your system. You can then either accept the cookie by clicking Yes or decline by clicking No or hitting the Escape key. Many sites won't give up that easily, however, and will persist in badgering you until you accept their gracious offer of a cookie or two.

A cookie-wary browser will also inform you of each cookie's expiry date.

E-mail hot tip
Multiple personalities
It's increasingly common for Internet users to have more than one e-mail account, yet of the leading e-mail software, only Eudora Pro 3.0 provides for multiple 'profiles' which let you consolidate e-mail from any number of accounts into the one Inbox instead of having to manually reconfigure server and address settings.

We've found three pieces of shareware that perform the same trick with other popular e-mail clients: Endora for Eudora Lite 1.54, NS Providers for Netscape Navigator 3.0 and SwitchIt for Microsoft Internet Mail. They are available on this month's CD-ROM and can also be downloaded from PC User Online at www.pcuser. com.au

Whether you consider cookies to be the embodiment of Big Brother watching over your shoulder or an unobtrusive way to make surfing the Web a more pleasant and personal experience depends on your level of paranoia.

The customisation ability of cookies can certainly work to your benefit if you are a regular visitor to a page.

Most Web sites are happy to share the information they gather with potential advertisers who desire details on who accesses a page, what are the most popular times and where they come from — a perfectly legitimate concern for any business.

But to stealthily collect e-mail addresses for on-sale to mailing list companies who delight in filling your Inbox with unwanted 'spam mail' is another matter.

Concerns that cookies are an invasion of privacy are easily justified. Even the humblest and most innocuous-looking personal Web page can issue cookies and collect data from you that is neither monitored nor covered by any privacy law.

Perhaps the most annoying aspect is that the average Internet user has no real degree of control or choice in the matter.

Although Netscape Navigator 3.0 and Microsoft Internet Explorer 3.0 warn you that a cookie is being offered and permit you to accept or reject it, the default setting of both browsers is to accept cookies without any such warning.

Even if you enable cookie monitoring (see 'Cookie alert' above) you are faced with manually and blindly accepting every cookie which comes your way or laboriously refusing each one, remembering that some sites thrust a dozen cookies your way on each visit. There's no option to reject all cookies that come your way.

In either case, you have no idea of exactly what information is being transferred or what is being done with it.

Being social and inquisitive animals, we humans like to gather information. Whether it's a scientific research project, a quick gossip session or tracking a population's spending habits, information remains the most valuable commodity. In this information age, your name, address, income and other personal details already exist on countless databases around the world. The question is, how much more information are you willing to pass on? And that, alas, is the way the cookie crumbles!

by David Flynn

Top of page

|What's New | Software | Net Guides | Web Workshop | Net Sites | About PC User |

All text © 1997 Australian Consolidated Press - PC User Magazine