So What's A Cookie For, Anyway?
With all of the rhetoric about cookies, many people don't
understand that these little text files were invented for a
reason. In fact, cookies were created to solve the internet's
equivalent of Alzheimer's disease. You see, web sites do not
remember who they are talking to!
The web was designed to be simple and straightforward. You (a
browser such as Internet Explorer or Netscape) ask for something
from a web server. The web server obediently hands it to you,
then goes off to do something else. This is due to the original
purpose of the web - a vast electronic library!
The web was never designed to support electronic commerce. It
was designed to support reading text. Images, videos, sounds and
commerce was all shoehorned into the structure later.
Okay, so web servers are forgetful. What exactly does this mean?
The browser asks the web server for an object (a web page,
image, graphic or whatever) and the server obligingly returns
it. The connection to the browser is then closed and forgotten.
Thus, the next time the browsers makes a request of the web
server, the poor server has no easy way to know that it is the
same as before. As far as the server is concerned, every single
request to do something is a unique request from a different
computer.
This makes any kind of transaction control very difficult. Think
about it for a minute and you'll understand. You enter your
personal information into a screen, which sends you to a second
screen to enter your name and address. If the web server does
not know that you are you, then how in the heck does it relate
the credit card information to your name and address?
The answer is cookies. To put it very simply, a cookie is simply
a way for the web server to know that you are indeed you. In the
previous example, a cookie would allow the server to know that
the name and address are related to the credit card number.
How does this work? Well, the server creates a small text file
on your system called a cookie. This text file can only be
referenced by that server, and it contains a simple unique
number which identifies you.
Whenever the server does something it tries to read this cookie
to see if it knows who you are. Thus, when the screen allowing
you to enter your name and address is displayed, the browser
tries to read a cookie, effectively asking "do I know who you
are?". It does the same thing on the credit card entry screen.
Okay, this all seems harmless enough, doesn't it? So how is this
very harmless and exceptionally useful system abused?
Cookies can be set to last until the browser exits, or they can
be set to expire (be deleted) far into the future. Various
advertising companies actively abuse this feature - and this has
led to the public backlash against cookies.
You see, cookies can be created and read when any object is
loaded from a web server. This includes banners and web bugs
(small graphics designed to help advertisers track who is
looking at their ads).
The advertising companies take advantage of this feature to set
cookies on your computer so they can build up a picture of what
sites you've been looking at. The banners effectively ask "have
I seen this person (computer system) before?" If the answer is
"yes" (a cookie exists), then a notation is made in your profile
on the advertisers computer system.
Believe me, it does not take long for an advertising agency to
build up a very nice understanding of exactly what you do on the
internet. Why do they want to do this? To make more money, of
course.
How does this work? An advertising agency sells eyeballs. The
theory they operate on is simple. The more qualified the
eyeballs, the more likely that banners are to be clicked, and
the more likely that sales are to be made. Thus, if you
typically surf, say, Star Trek sites, you may be interested in
seeing advertisements about Science Fiction movies, and
theoretically you will be more likely to purchase tickets.
Okay, why is this a problem? Do you really want an advertising
agency knowing everything about your web surfing habits? Do you
trust them? Do you think they will keep this information private?
Or to put it another way, these companies are making money (lots
of money) based upon your eyeballs. They are not sharing that
money with you - in fact, they never even asked your permission
to gather information about you.
As an analogy, suppose you were reading a magazine on a park
bench and someone was hiding in the tree over your head,
recording every page that you looked at in a notebook. How long
would you put up with this behavior?
Thus, the public is simply objecting to the unethical use of
cookies to track their movements through the internet. And as
you can see, a very useful tool has been corrupted by companies
whose motives are suspect, to say the least.