Previous | Home | Next

Lost in Cyberspace

Cookie Monster

© 2000 by H.B. Koplowitz


Children shouldn't accept candy from strangers. So why let your computer accept "cookies" from strangers when you're online? Until a law or at least a guideline is put in place, the only one protecting your cyber privacy is you. The issues are complex, but there are some simple things you can do to make it harder for others to spy on you online. One is to stop your computer from eating so many cookies.

Cookies are tiny text files placed on your computer by other computers so they can keep track of who you are and what you are doing online. As you visit Web sites, click on links, fill out registration forms and fill up shopping carts, other computers are silently adjusting cookies on your hard drive so the next time you contact them they'll remember your screen name and know which ads to show you.

The first browser company Netscape invented cookies to make Web surfing more convenient, and e-commerce possible. However, without your knowledge or consent, online marketing companies can use cookies to invade your privacy, revealing who you are, which Web sites you visit and when, your buying and other habits, sometimes even the contents of your hard drive, all for sale to the highest bidder. It's easy, lucrative and totally legit.

Online marketers defend their use of cookies, noting that off-line advertisers can and do collect information about consumers. Like Nielsen Ratings, cookies let marketers monitor Web usage so they can set ad rates and respond to consumer trends. Advertising is keeping e-commerce afloat right now, and privacy advocates tolerate cookies as long as they don't reveal the identities of consumers, who could then be pestered by follow-up e-mails or phone calls.

But the line keeps shifting. The leading online marketer, "DoubleClick" <www.doubleclick.com>, raised a storm of controversy and lawsuits after announcing it planned to combine its information with that of an off-line direct-marketing firm that maintains a database of names, addresses and buying preferences on nine out of 10 Americans. Businesses have also begun hiding cookies in mass e-mails, making it easy for them to associate e-mail addresses with cookie profiles.

The Federal Trade Commission wants a law to protect consumers' online privacy, and Congress has been holding hearings on what privacy advocates such as Jason Catlett, founder of "Junkbusters" <www.junkbusters.com>, call "online profiling."

Meanwhile, online marketers are racing to establish voluntary standards to regulate themselves. The "World Wide Web Consortium" <www.w3.org>, backed by such heavyweights as Microsoft and America Online, and endorsed by the Clinton administration, is developing the Platform for Privacy Preferences. P3P lets consumers choose to "opt out" of having information collected about them if they can wade through the legalese.

Privacy advocates like Marc Rotenberg, executive director of the "Electronic Privacy Information Center" <www.epic.org>, prefer an "opt in" policy. They have dubbed P3P Pretty Poor Privacy and say it would result in less, not more, privacy because Web surfers would not have access to many sites unless they agreed to accept cookies.

Consumers have raised only mild protests about online snooping, but that may be because they are unaware of how much is going on. Web browsers like Netscape, Internet Explorer and America Online are set to accept cookies automatically. However, they also let users monitor their cookie intake if they can figure out how to adjust the settings. And if you've never done it, you must surf the Web at least once with your Web browser set to warn you before accepting cookies. You won't be able to browse very long because you will be besieged by cookie warnings, which is exactly why you should do it. Know thy enemy.

Cookie warnings look like gibberish, but if you squint hard enough you'll be able to figure out where each cookie comes from and how long it is set to spy on you (expiration dates of 2030 are not uncommon). Those without expiration dates disappear as soon as you go off-line, and are more likely to help you navigate the site. Cookies that come from different Web addresses than the one you are viewing are more likely to be monitoring your Internet activities. You'll also start to recognize the same Web domain addresses, like ad.doubleclick.net, popping up at different sites. Those are the giant marketing firms tracking your clicking.
 

Cookies often come "wrapped" in graphics, like banner ads on Web pages. Usually those graphics are viewable. But security expert Richard M. Smith, "Internet Privacy Issues" <www.tiac.net/users/smiths/privacy>, has identified what he calls Web bugs, which are virtually invisible speck-sized picture files that are there for only one reason -- to deliver cookies.

Smith objects to marketers putting Web bugs in e-mails, which makes it easy for them to match online profiles with e-mail addresses. He also got the streaming media company RealNetworks to modify its privacy policy after he revealed that some of its software was setting cookies identifying users and telling RealNetworks what music CDs they were listening to, what songs they were recording onto their computers, and their music preferences based on the music files stored on their hard drives.

Once you realize how many cookies your computer is eating, you'll want to put it on a crash diet. Most browsers let you adjust them to refuse all cookies, and if you do, you'll find your computer runs just fine without them -- you can navigate most Web sites without noticing any difference.

Some sites do require cookies, especially if you're trying to make a reservation or buy something. But many browsers provide a third setting between rejecting all cookies and being warned every time, and that is to accept only cookies that come from the same Web address you are visiting. In most situations, this allows the "good" cookies that help you make a transaction do their jobs, while filtering out the "bad" cookies from third-party marketers tracking your Web movements.

However, merely telling your computer not to accept cookies doesn't mean it won't sneak one with some Javascript, html tag or other Web trickery. Besides, the cookies your computer has already consumed are still spying on you. So you're going to have to purge. Few browsers come with a button for tossing their cookies, which means you'll have to reach inside your computer's guts and pluck it out yourself. Various free or inexpensive software utilities can help you manage cookies and other privacy issues, but the first step is to look at cookie warnings for about 20 minutes. Then you'll be properly motivated to figure it out yourself.
 
 

copyright 2000 by H.B. Koplowitz, all rights reserved.


Previous | Home | Next