Are cookies hazardous to your privacy? Cookies allow businesses to collect information about Internet users, but some question whether they are valuable records or unethical tracking mechanisms.

• Author: Cunningham, Patrick J.
• Position: NetWise

At the Core

This article:

* Defines cookies and their uses

* Poses questions about cookies and privacy

"Good morning, we have four new books that may interest you ..."

A moment ago you arrived at a Web site, and suddenly that Web site not only knows your name but your interests as well. You're impressed; they may make a sale. But how did they find out that you were visiting their Web site, and how did they learn what you were interested in?

Hidden inside virtually every Internet browser are tiny files that may allow others to invade a user's privacy. These files enable companies to track users' Internet surfing, record their online purchases, and greet them by name when they visit a Web site. They are "cookies."

A cookie is a piece of information passed between an Internet server and a user's Web browser. This information is used by the server to track the specific Web browser (and thus, the user) that is making a specific request of the server. Generally, this bit of information is a string of text. The text includes an identifier for the server leaving the cookie with the user and a unique identifier for the user (in some cases by name) or his or her computer.

Technically, cookies perform "HTTP State Management," described technically in documents RFC-2109 and RFC-2965 available from the Internet Engineering Task Force (www.ietf.org). RFC (request for comments) documents are proposals for Internet standards that govern the various technical protocols used universally on the Internet. An additional proposal, RFC-2964, "Use of HTTP State Management," sets guidelines for appropriate use of cookies.

When the server answers the request and sends the cookie, it also often obtains some information about the user and his or her computer. For example, if the user has logged into the site, his or her login information (and whatever information he or she has associated with that login) can be (but typically is not) associated with the cookie identifier. At bare minimum, the Web server will be able to determine the user's Internet Protocol (IP) address, the type of Web browser being used, and the computer's operating system.

How and Why Do Web Sites Use Cookies?

There are many uses for cookies. A cookie may be used to track the "login" status of a user for both the current session and future sessions. This conveniently eliminates the need for the user to continually enter his or her name and password or other identifiers.

A Web site may use cookies to track the pages that have been visited on that site. This will enable the site's webmaster to determine how users navigate the site and which pages are most popular...