At the heart of the privacy matter is what some privacy advocates would call the clandestine manner in which Web site sites are, unbeknownst to the user, collecting personally identifying information through stealth technology called "cookies." It's a deceivingly innocuous term for a relatively unsophisticated piece of technology that allows a Web site to collect information about the user and his browsing behaviors on the Internet.
Cookies were created by Netscape in 1994 with little fanfare because Netscape envisioned it as a technical solution designed to work in the background to make the user experience on the Web easier. A cookie is a text file with a maximum size of 4k that a Web server places on a user's hard disk. Cookies are embedded in the HTML information that flows between the user's computer and a Web server. They are usually run from CGI scripts (Common Gateway Interface, a method that allows a Web server to send data to and receive data from a database) although they can also be set or read by Javascript. Even if you aren't familiar with HTML, the markup language of Web pages, you should be able to understand the following script that is used to set a cookie:
Cookies were initially designed to have a life span equal to that of the user session, but many Web servers set the expiration date to a future date that often makes them permanent files on a user's hard drive.
Cookies are based on what the CookieCentral Web site calls a two-stage process. First, they are stored on a user's hard drive when he enters a Web site address in his browser and displays the Web site page (on a Windows system, cookies generally reside in the \\Windows\Cookies directory although this directory structure can vary depending upon machine configuration). For example, when a user decides to go to Lycos.com to sign up for a new account. In order to create the account, the user must supply his name, birth date, mailing and email addresses. At this point, Lycos has transferred a text file to the user's hard drive and inserts a unique identification number that identifies the user's browser, but not the individual.
Cookies can have different lifespans and vary in the information they store, but in general a cookie contains a unique identifier, the domain name of the site that created the cookie, and any number of variables and values that are site specific, and they can have an indefinite lifespan. To a human being the text is mostly unintelligible. However, to the issuing Web site server, the cookie stores a wealth of personal information including the user's ID, site preferences, browsing habits, and more.
The second stage of the cookie process involves the clandestine transfer of the cookie from the user's computer to the Web server. For example, the user does not have to re-enter his password and other personal information when he returns to the site. The Web site serves up all the personalized views of the site since the Web server recognizes the user's browser identifier and can retrieve personal information saved from previous sessions.
If Cookies Aren't for Eating, What Are They For?
As mentioned earlier, cookies were initially envisioned by Netscape as a means of storing user IDs and user preferences. However, the explosion in the number of Internet sites and the rapid growth of electronic commerce have created pressures on Internet companies to differentiate themselves by providing services and creating a "user experience" that no other site has. In the days of yore, gas stations would wage price wars and offer services such as free oil and tire pressure checks, even glassware giveaways, as a way of luring the passing motorist into their station. However, their competition was local and limited to a precise geographic locale. The global reach of the Internet, however, has made the competition so fierce that Web site sites struggle simply to keep the loyalty of their customers. They have no friendly attendants greeting you at the pump, checking your tires, or washing your windshield. There is only the computer, the user, and in between, the user experience.
Since cookies are a key tool for customizing the customer experience on your web site, The unanticipated expansion in the use of cookies is not surprising., and the consequent public outcry, was therefore inevitable. The most prevalent uses of cookies are: described below:
Site Personalization: As mentioned previously, Since cookies can save the user from having to re-enter his ID and password. They can also remember his preferences. Does he prefer not to see sports news and go directly to the business page where he can get the latest stock quotes on Yahoo? Does he want to see what the latest releases in classical music are on Amazon.com without having to make the same request each time he returns to the site? This kind of personalization is the best face that the Internet can put on an impersonal medium, and is probably the most prevalently used method by Web site sites to distinguish themselves from "the guy down the street."
"Shopping Cart" Systems: The shopping cart system used today on many online ordering systems is the equivalent of the bricks-and-mortar layaway plan. It allows users to browse the store, make selections, and return later to complete the purchase, with the added convenience that the user never has to leave home. In order for a Web site to "remember" a user's purchases from one session to another, the cookie became a convenient mechanism for storing selections from the online catalog. This activity inevitably led to customer "profiling" whereby a site could make future recommendations to a customer based on his past purchases. This use of cookies is particularly popular at the sites of booksellers and music vendors where products by the same or "like" writers or musicians are suggested to the customer.
Tracking Web site Behaviors: Many sites now follow the user's footprints as he traverses their Web site sites. Again, the pressure to constantly improve a Web site has led site administrators to track how customers used the Web site in order to improve their design. They can, for example, determine how many individuals have accessed a specific page, just as they can determine that another page is rarely visited. Some customers object to this kind of "surveillance as " (in a recent class action suit in Texas, plaintiffs have accused Yahoo of what they call "stalking").
Targeted Marketing: If a user were to look in his Cookies directory, she would probably notice files whose domain names belonged to sites she never visited. These files were created by companies that resell ad space belonging to a number of frequently visited sites, much like billboard salesmen. The difference is, companies that put their ads on billboards have a difficult time knowing exactly how many people see their ad and what effect it has on them. So "targeted marketing companies, " as they are called, such as DoubleClick, Inc. and Interse Corporation, buy ad space on popular Web sites like Yahoo.com then resell the space to other companies who pay to rent the spot. Targeted marketers then place 3rd party cookies on the user's computer and collect information about their behaviors (like click-throughs, and other clickstream data), often without their knowledge. Targeted marketers then re-sell this information to a third party who collates it along with other previously collected user information to dynamically create a customer profile. This is the use of cookies that most enrages privacy advocates and consumers alike once they learn the truth!
Advocates of cookies, however, argue that the consumer grows less concerned about cookies once he personalizes his browsing experiences using cookies to save him time and reduce his aggravation of wading through unwanted advertising. Cookie advocates believe that cookies will help to deliver exactly what the individual wants and nothing more. However, according to the Pew survey, only 27% of the respondents felt that tracking their behaviors through the uses of cookies was helpful.
Cookie Myths
Some persistent stories continue to circulate about the havoc that cookies can wreak such as deleting files from a user's hard drive. This simply isn't true. The controversy surrounding cookies isn't about the harm they can do to a computer but the way in which they store and pass information about the individual. Out of fairness to the cookie, the following list of concerns are only myths about the cookie that need to be debunked:
Cookies can access my hard drive. This is simply not true. Cookies are text files, not executables. They play a passive role in storing data and are not able to scan hard drives, read directories, delete files, or perform any other role other than holding information. For this reason they are not capable of spreading computer viruses, another myth about cookies.
Cookies from one Web site can be accessed by another site. False. A cookie can be accessed only by the domain that placed it there.
Cookies can retrieve email addresses. Not true. The only way this can happen is if the user enters his email address on a form and the address is saved in the cookie.
Cookies are the only means of tracking a Web site user. False again. Cookies can be the most persistent form of data tag that identifies the individual, but they are by no means the only way in which a users sacrifices some information about himself. Whenever he accesses a Web site, he is revealing his ISP, the operating system and browser he is using, his IP address, and other information about the hardware and software he is using. Although this kind of information may not be as threatening as more personally identifying information, the user should be mindful that by virtue of accessing the Web site, he automatically begins to "leak" data.
It's rather amazing what information you reveal just by visiting a URL on the Internet. The "I Can See You" program from anonymizer.com is one frightening example of what people can collect from a simple visit by your browser. See for yourself at: www.anonymizer.com/snoop.cgi
Re-printed with permission from the American Management Association, AMACOM Books Purchase this book at Amazon.com, or Barnes and Noble.com.
Tools:
Add ecommerce-guide.com to your favorites Add ecommerce-guide.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.xReceive news via our XML/RSS feed
IE 7
Firefox 2.0
