Cookie Security Scares

Oct 16
07:56

2008

Sandra Prior

Sandra Prior

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Spreading viruses and giving out personal information are among the many accusations leveled at cookies. This article quashes the half baked ideas and reveals the truth.

mediaimage

Read every concern ever expressed on cookies and you'll have heard that they can put a virus on your PC. Some people think that Web sites can use cookies to get your e-mail address,Cookie Security Scares Articles others believe that cookies might be used to track every single site you visit on the Internet. Worst of all, a major newspaper once wrote that ‘cookies are little programs planted by a remote Web site on your PC, which then feed back personal information without your knowledge’.

It's no wonder people are scared, but they shouldn't be - this is all nonsense, there are concerns about cookies, but they're not the ones that appear in the scare stories.

What is a cookie?

Whether it's remembering a password so it can automatically log you on to a site when you return, or storing the contents of your shopping basket the next time you visit an on-line store, Web sites need a means of storing data about their visitors.

Each time you choose an item at your favorite Net shopping site, the site sends a cookie request to your browser, asking it to store a line of text that identifies that particular item. This means you can stop shopping any time you like, go visit some other sites, and whenever you return, the site will read its own cookies and you can carry on shopping where you left off.

Sounds sinister? Er, no, and there are a couple of clues that undo some of the more extravagant scare stories.

First, cookies only contain information that you have already given to the Web site (a user name and password, a shopping selection, or whatever). Cookies cannot be used to get personal information about you that you haven't already provided, such as your e-mail address.

Second, cookies aren't programs, they have no intelligence of their own, they cannot infect your system with a virus or anything similar. They are a few lines of text, nothing more.

Are you being tracked?

One of the biggest concerns over cookies is that they can be used to track all the sites you visit on the Web. What if one site read all your other cookies, for example? No worries there - a site can only read its own cookies, not anyone else's. There is another concern, though, one that does have a degree of truth to it.

Many Web sites use banner adverts to fund them, and some of the companies that produce these came up with an ingenious scheme, using a cookie to give your PC a unique number. Visit another site using the same advertiser and they'll recognize you, know the adverts you've seen before, and can show you similar ones (if you've clicked on some), different ones (if you haven't), or otherwise customize what you see.

Recognize you? Sounds alarming, but really they're just recognizing the system. They know that the computer that visited site A on Tuesday is now at site B on Wednesday - but they don't know who is using it, or even where it is.

However, if you provide your personal details at one site, they could be attached to the unique ID provided by the cookie and, if they agreed, all the sites could share in the information. Surely this must be a concern?

Well, consider this. First, not all sites use advertising, and those that do don't all use the same companies - there's no system that would track anything but a small percentage of the places you visit. What's more, cookies are very unreliable. Many PCs are used by different people, and cookies won't record that.

They might get deleted if you upgrade your browser or reinstall it. Is this a useful way to track people's activities? We don't think so.

To put this into perspective, in the real world, information is collected without our knowledge every time we buy something with a credit card or use a supermarket loyalty card, and mailing lists relating to each of us are being sold all the time. Where do you think junk mail comes from?

Data sharing is much less prevalent on the Internet, where any company that was shown to be collecting data on people and even only potentially creating a mild infringement of privacy would immediately create a firestorm of bad publicity.

Overall, cookies do more good than harm. It's time to let the scare stories rest, and move on to issues that really matter.