making your web site work for you...
| Web
professionals dedicated to making your web site work for you... |
| |
|
 |
Welcome to the May
2003 issue of the CyberArtisans monthly newsletter! Cookies may be one of the most misunderstood technologies on the Internet. Mention cookies in a group of computer users and you will find at least one who believes that cookies are a danger to their computer or a threat to their privacy. Cookies are something we use in some cases when building a website, so let's see if we can shed some light on the subject. A cookie is a piece of data -- in the form of a very small text file -- placed on your computer by a website. It can only be read by the website that places it there and the only information the website can get from the cookie is the contents of the cookie. It cannot use the cookie to obtain any additional information about you. The cookie can be set to expire at a specific time. When it expires, your system erases it and it cannot be read by any website. Contrary to some articles we've seen in well-respected publications, cookies are not programs, so they cannot run on your computer and they cannot carry a virus to your computer. Generally a cookie contains an arbitrary but unique number. It can also contain any additional information the website designers choose to put into it. Of course, they can't put in information they don't have, and this is the critical issue with a cookie. If you fill out a form on a website giving your name, email address, and phone number, then the website has that information and can place it in a cookie. If you don't fill out the form, the website knows virtually nothing about you. By using a cookie it can determine that you visited the website previously, but that's about it. One of the more common use of cookies is for password-protected areas of a website. The web, in computer jargon, is "stateless." This means that when you traverse a website, the page you are currently looking at has no way of knowing what page or pages you looked at previously. So if you logged into a protected area of a website on one page, the next protected page would have no way of knowing that and would require you to fill out your login information all over again. This would occur on every protected page. Cookies provide a way of circumventing this problem. By using cookies you only have to log in once and then have access to all the password-protected pages in that area. Cookies can also let a website recognize you if you want it to. When I go to Amazon.com, the welcome line on the page says "Hello Jonathan Spencer...," but this is only possible because at some point in the past I gave them my name. If I delete the Amazon.com cookie, the website will treat me as an unknown visitor. Cookies are not a danger to your computer. Cookies are data, not programs, and therefore cannot transmit a virus, cannot erase anything on your hard disk, and cannot damage or disable a program on your computer. The answer to this question depends on your definition of privacy. Most people would consider it an invasion of their privacy if a website could discover their: * Name The good news is that a cookie (or website) cannot find out any of these things unless you explicitly provide them. But what if it were possible for a website to record which pages of that website you visit? The website still wouldn't know any of those items listed above but it would know which pages of the website the person who uses your computer visits. Is that an invasion of privacy? Most people would say this doesn't qualify -- after all, they are just watching which pages of their site you are visiting. It's a little intrusive but most people would shrug it off. Now let's take it one step further: Suppose it were possible for a company to compile a list of websites -- and the pages on each website -- you have visited? Is THAT an invasion of privacy? At this point we're getting close to many people's limits, although many others would still not find it a problem. These last two methods are being done today and they use cookies. Whether they are a privacy threat or not is really your decision. Fortunately, the very fact that these methods use cookies gives you several options. They include: * Disable cookies -- This works but you pay a pretty high price. Many websites use cookies for very useful (and non-invasive) purposes. Disabling cookies means you won't be able to use any of these features. * Have your system ask you about every cookie -- This also works, but it's a pain. If you go to a protected section of a website you will be asked about a cookie at least once per page. On some websites there are multiple cookies per page. Are you willing to put up with this level of annoyance? * Opt out of the services that collect this data -- This take a little time but is fairly easy to do. Go to this page http://webveil.com/optout.html for a list of the vendors that provide these services and their opt-out pages (not all have them but most do). When you opt out the vendor puts a cookie on your system that tells their website not to collect data. So, perversely, you have to have cookies enabled to opt out of these services. * Set up the privacy policies of your browser -- This only works in IE6.0, but if you're not using this browser you should download it soon. One of its better features is its privacy policy settings. You can set this by going to Tools | Internet Options and clicking on the Privacy tab. One word of caution: At the higher settings, it blocks cookies from websites that do not have a "compact privacy policy." This is a new bit of technology that most websites do not have yet (for example, we don't although we are currently researching it). So you may find you have to lower the privacy level to make some websites work. Jonathan Spencer |
|
| CyberArtisans Home Web Programming Services Clients Company Newsletter Contact Us |
