Children shouldn't accept candy from strangers. So why let your computer accept "cookies" from strangers when you're online? Until a law or at least a guideline is put in place, the only one protecting your cyber privacy is you. The issues are complex, but there are some simple things you can do to make it harder for others to spy on you online. One is to stop your computer from eating so many cookies.
Cookies are tiny text files placed on your computer by other computers so they can keep track of who you are and what you are doing online. As you visit Web sites, click on links, fill out registration forms and fill up shopping carts, other computers are silently adjusting cookies on your hard drive so the next time you contact them they'll remember your screen name and know which ads to show you.
But the line keeps shifting. The leading online marketer, "DoubleClick" <www.doubleclick.com>, raised a storm of controversy and lawsuits after announcing it planned to combine its information with that of an off-line direct-marketing firm that maintains a database of names, addresses and buying preferences on nine out of 10 Americans. Businesses have also begun hiding cookies in mass e-mails, making it easy for them to associate e-mail addresses with cookie profiles.
The Federal Trade Commission wants a law to protect consumers' online privacy, and Congress has been holding hearings on what privacy advocates such as Jason Catlett, founder of "Junkbusters" <www.junkbusters.com>, call "online profiling."
Meanwhile, online marketers are racing to establish voluntary standards to regulate themselves. The "World Wide Web Consortium" <www.w3.org>, backed by such heavyweights as Microsoft and America Online, and endorsed by the Clinton administration, is developing the Platform for Privacy Preferences. P3P lets consumers choose to "opt out" of having information collected about them if they can wade through the legalese.
Privacy advocates like Marc Rotenberg, executive director of the "Electronic Privacy Information Center" <www.epic.org>, prefer an "opt in" policy. They have dubbed P3P Pretty Poor Privacy and say it would result in less, not more, privacy because Web surfers would not have access to many sites unless they agreed to accept cookies.
Consumers have raised only mild protests about online snooping, but that may be because they are unaware of how much is going on. Web browsers like Netscape, Internet Explorer and America Online are set to accept cookies automatically. However, they also let users monitor their cookie intake if they can figure out how to adjust the settings. And if you've never done it, you must surf the Web at least once with your Web browser set to warn you before accepting cookies. You won't be able to browse very long because you will be besieged by cookie warnings, which is exactly why you should do it. Know thy enemy.
warnings look like gibberish, but if you squint hard enough you'll be able
to figure out where each cookie comes from and how long it is set to spy
on you (expiration dates of 2030 are not uncommon). Those without expiration
dates disappear as soon as you go off-line, and are more likely to help
you navigate the site. Cookies that come from different Web addresses than
the one you are viewing are more likely to be monitoring your Internet
activities. You'll also start to recognize the same Web domain addresses,
like ad.doubleclick.net, popping up at different sites. Those are the giant
marketing firms tracking your clicking.
Cookies often come "wrapped" in graphics, like banner ads on Web pages. Usually those graphics are viewable. But security expert Richard M. Smith, "Internet Privacy Issues" <www.tiac.net/users/smiths/privacy>, has identified what he calls Web bugs, which are virtually invisible speck-sized picture files that are there for only one reason -- to deliver cookies.
Smith objects to marketers putting Web bugs in
e-mails, which makes it easy for them to match online profiles with e-mail
addresses. He also got the streaming media company RealNetworks to modify
cookies identifying users and telling RealNetworks what music CDs they
were listening to, what songs they were recording onto their computers,
and their music preferences based on the music files stored on their hard
Once you realize how many cookies your computer is eating, you'll want to put it on a crash diet. Most browsers let you adjust them to refuse all cookies, and if you do, you'll find your computer runs just fine without them -- you can navigate most Web sites without noticing any difference.
Some sites do require cookies, especially if you're trying to make a reservation or buy something. But many browsers provide a third setting between rejecting all cookies and being warned every time, and that is to accept only cookies that come from the same Web address you are visiting. In most situations, this allows the "good" cookies that help you make a transaction do their jobs, while filtering out the "bad" cookies from third-party marketers tracking your Web movements.
However, merely telling your computer not to accept
or other Web trickery. Besides, the cookies your computer has already consumed
are still spying on you. So you're going to have to purge. Few browsers
come with a button for tossing their cookies, which means you'll have to
reach inside your computer's guts and pluck it out yourself. Various free
or inexpensive software utilities can help you manage cookies and other
privacy issues, but the first step is to look at cookie warnings for about
20 minutes. Then you'll be properly motivated to figure it out yourself.