Who Stole the Cookies ?

INTERNET
     cookies are incredibly simple, but they are one of those things that
     have taken on a life of their own. Cookies started receiving
     tremendous media attention starting February 2000 because of the
     Internet privacy concerns. The debate still rages on.

Cookies provide
     capabilities that make the Web much easier to navigate. The designers
     of almost every major site use them because they provide a better
     user-experience.

What is a cookie

Cookie is the message
     given to a Web browser by a Web server. The browser stores the message
     in a text file called cookie.txt. The message is then sent back to the
     server each time the browser requests a page from the server.

When you enter a Web
     site using cookies, you may be asked to fill out a form providing such
     information as your name and interests. This information is packaged
     into a cookie and sent to your Web browser that stores it for later
     use. The next time you go to the same Web site, your browser will send
     the cookie to the Web server. The server can use this information to
     present you with custom Web pages. So, for example, instead of seeing
     just a generic welcome page you might see a welcome page with your
     name on it.

The name cookie derives from Unix objects called magic cookies. These
    are tokens that are attached to a user or program and change depending
    on the areas entered by the user or program. Cookies are also sometimes
    called persistent cookies because they typically stay in the browser for
    long periods of time. If you use Microsoft's Internet Explorer to browse
    the Web, you can see all cookies that are stored on your machine. The
    most common place for them to reside is in a directory called c:
    windows cookies. You can see in the directory that each of these files
    is a simple, normal text file. You can see which Web site placed the
    file on your machine by looking at the file name (the information is
    also stored inside the file). You can open each file up by clicking on
    it.

For example, if you
    visit a site goto.com, the site places a cookie on machine. The cookie
    file for goto.com contains the following information:UserID
    A9A3BECE0563982D www.goto.com/

What goto.com has done
    is that it stores a single name-value pair. The name of the pair is User
    ID, and the value is A9A3BECE0563982D. The first time a surfer visits
    goto.com, the site assigns a unique ID value and stores it on machine.
    (Note that there probably are several other values stored in the file
    after the three shown above. That is housekeeping information for the
    browser.)

Amazon.com stores a bit
    more information on the machine. It stores a main user ID, an ID for
    each session, and the time the session starts on the machine (as well as
    an x-main value, which could be anything).

Limitations

Cookies certainly make
    a lot of things possible that would have been impossible otherwise. Here
    are several things that make cookies imperfect.

1. Any machine that is
    used in a public area and many machines used in an office environment or
    at home are shared by multiple persons. Let's say that you use a public
    machine to purchase something from an online store. The store will leave
    a cookie on the machine and someone could later try to purchase
    something from the store using your account. Stores usually post large
    warnings about this problem.

2. When you erase all
    temporary Internet files on your machine you lose all of your cookie
    files. This tends to skew the site's record of new versus return
    visitors and also can make it hard to recover previously stored
    preferences.

3. People often use
    more than one machine during the day. This would mean that there would
    be three unique cookie files on all machines. It can be annoying to set
    preferences time and again.

Why the ruckus?

Let's say that you
    purchase something from a traditional mail order catalogue. The
    catalogue company has the name, address and phone number from your order
    and also knows what items you purchased. It can sell this information to
    others who might want to sell similar products to you. That is the fuel
    that makes telemarketing and junk mail possible.

Then there are certain
    infrastructure providers that can actually create cookies, which are
    visible on multiple sites. They can threaten to use it in the way they
    like. DoubleClick is the most famous example of this. Many companies use
    DoubleClick to serve ad banners on their sites. The portal can track
    movements across multiple sites. It can potentially see the search
    strings that you type into search engines (more due to the way some
    search engines implement their systems and not because anything sinister
    is intended). Because it can gather so much information about the user
    from multiple sites, DoubleClick can form very rich profiles. But these
    are anonymous.

DoubleClick threatened to link these
    rich anonymous profiles back to name and address information,
    personalise them, and then sell the data. That began to look very much
    like spying to most persons and that is what caused the uproar.

    
     Nakul Goyal

nakul@cwsteam.com