One of the ECTalk members lamented over the intrusive nature of cookies. This prompted an informative discourse from some of the other list participants.
TL offered this insight:
"... cookies are sometimes used to track a person''s movements on the Web and to see whether or not they''ve opened their mail. You think that''s bad, you should worry more about the Javascript that can be added to HTML e-mail that allows the sender to secretly receive a copy of that e-mail everytime it''s forwarded (with all comments, etc.)!
Anyway cookies are also used to track site visits and identify return visitors. For e-commerce sites, cookies are most often used to keep track of a customer''s shopping cart and their order. Without cookies, in fact, most e-commerce sites couldn''t ''work'' -- the shopper would have to purchase everything immediately and couldn''t save their shopping cart, for example, among other problems (cookies are most often used in e-commerce sites to securely track the session ID).
My point is that cookie technology is not evil in and of itself, though cookies can be used for unsavory purposes. And the Web cookie battle is all but lost -- try disabling cookies in your browser and see how far you get surfing the Web (some sites won''t even let you in the door). As for e-mail, however, you must be using an HTML-enabled e-mail program such as Outlook or something to face cookie issues there. If you''ve got HTML-enabled e-mail, go to the e-mail program vendor''s Web site to download the security patches they''ve posted to address recent vulnerabilities found in HTML e-mail (such as the Javascript trick I mentioned earlier)."
KB knew of an informative site:
"Check out Cookie Central especially the ''Cookie FAQ'' link. I have always found this to be the best source of information on the subject of cookies."
DA had some thoughts to share:
"In some ways it is not as bad as you think ... in other ways it is worse.
First of all, you don''t need special software to detect cookies, you can just set your browser preferences to warn you, or not to accept cookies.
Next, the site creating the cookie cannot put anything personal in it (like your e-mail address) unless you furnish it to them first (enter it into a form). If the site gets this information in a form, it doesn''t need a cookie to exploit it.
Third, the information a site usually stores in a cookie is usually innocuous ... a token, a date, or an ID that only has meaning to the site setting the cookie.
Fourth, your browser will only send a cookie back to the site which created it ... so it is not propagating this information to other sites ... just back to itself so it can determine who you are (usually for your own convenience).
That said, there are ways that cookies can be misused to track your movement. Each image downloaded (even if not visible) to your browser can cause a cookie to be set.
Say you visit site A, and it sets a cookie. Site A includes a banner ad (picture) that actually resides on site X. Site X can set a cookie that indicates you ... are visiting site A (It knows that you are on site A because it keeps track of that in the picture request so it can do its affiliate counts).
Later, you visit site B. Site B has no offsite pictures/banners or if it does they are from other than site X (not meaningful to this explanation).
Still later, you visit site C ... this also has a banner ad from site X. When the banner picture is requested from site X, your browser determines it has a cookie that was set by site X and sends it along to site X ... now site X knows that someone has visited sites A and C. (It doesn''t know about site B).
If you ever click on a banner ad or otherwise go to site X and furnish personal information, site X will finally know who you are and it can determine where you''ve been (or at least any site that uses its banners) and can continue tracking any further visits to sites with banner ads which retrieve pictures from site X.
So, is it the cookies at fault? Well, maybe ... but it''s kinda like blaming the mailman for bringing the bills!"
From BR:
"I use WebRoot software to cleanse my computer of cookies, temp files, etc.
You can disable cookies in your settings, but this may not permit you to enter certain sites so WebRoot has been a viable alternative by running it a few times a day. It used to be $29.95, though I''m not certain of its pricing now."
From RB:
"In both Netscape Navigator and Internet Explorer it''s simply a matter of choosing ''warn me when before accepting cookies'' in the preferences. There is absolutely no need to install separate or third party software to detect cookies.
In terms of cookies being used on e-comm sites, they are usually used to track what you''ve purchased and to pre-fill things like shipping info.
Given the annoyance of cookies, I can''t imagine why anyone would accept them other than from sites that they are familiar with.
By the way, there''s an interesting article about browsing and searching available through Creative Good @ goodexperience.com."
CW brings up another detail:
"I think someone should point out that whereas some cookies can be offensive and create a lot of the spam e-mail that is a now about -- they do have a genuine useful purpose as well. The personalization they enable can help create a better product for the customer. As an example, in our case we use cookies so that customers looking at foreign web sites can see all prices automatically in their own currency, thereby making buying decisions a lot easier -- and enabling merchants to accept foreign payment types that would otherwise be unusable. Other cookies make conversion into foreign languages automatic -- again, a very helpful feature that may not be obvious in any other manner.
Yes, it''s correct to worry about the invasion of privacy and the selling of data to third parties, but there is a danger of throwing the baby out with the bathwater if you just reject all cookies. Anyway, what are you going to have with your afternoon cup of tea!"
IE 7
Firefox 2.0
