Tech Tips: Cookies and Privacy

by Dan Comden, Adaptive Technology Consultant

Most people who browse the Web don't realize that they're giving information to companies every time they visit a site that uses cookies.

A cookie in the Web sense is a small file that gets transferred to your computer when you visit a site. Cookies were initially designed as a method of having user data persist from one visit to another, or to pass shopping information between one Web server and another. Many commercial sites use multiple Web servers to handle both content (the stuff you view) and purchasing (the check-out process if you buy something). Some content sites track your preferences from one session to another, allowing for a more personalized visit to their site.

Despite assurances to the contrary, there is increasing evidence that blind acceptance of using cookies while Web browsing threatens our privacy. As more and more companies begin to view the data gathered from individuals as their "right," it's clear that we need to decide just how much information about ourselves we wish to make available, and whether to take active steps to thwart this type of personal tracking.

Picture of Pat, Doug, and Dan
DO-IT Staff Doug Hayman and Dan Comden help Phase II Scholar Pat explore the inner workings of a PC.

Some of the information we're given about cookies might lead us to believe that they're a benign tool used to enhance our Web experience. Certainly that can be true in some instances, but some companies are taking additional steps that some may find startling. Microsoft's claim that "a site cannot determine your e-mail address unless you send it to the site, as by submitting it in a Web form" is misleading, if not downright false. If you are using a standard browser and default security settings, it's quite simple for a site to gather quite a lot of information about you, including your geographic location and name. If you've provided your e-mail address to a Web site, that can be matched with your cookie information with little difficulty. Matching this information with the unique ID stored in a cookie file is a trivial process. Don't believe me? Check out www.Privacy.net/analyze for a quick demo. The cookie demonstration on this page will allow you to understand how cookies work. www.vortex.com/privacy/priv.09.06 includes additional information about cookies. Though the tone of this article is a bit strident, it does lay out some alarming concepts, not the least of which is that browsing habits can be tied to actual names and household information.

Because I am reluctant to let my personal information into the hands of marketers, I browse from work and home with cookies disabled. The only time I need to turn cookies on is when I wish to purchase something or access some other secure site. Once I'm finished, I disable cookies again, and go on my merry way. Once or twice a week, I empty the cookies from my cookies folder by deleting them manually. Below are some examples of, cookie locations:

  • For MS Windows and Internet Explorer 5, cookies are in C:\Windows\Temporary Internet Files and C:WINDOWS\Cookies\. You won't be able to delete the index.dat while in Windows but that's OK. Make sure to remove the copies from both locations.
  • In MS Windows and Netscape Communicator, cookies are in C:\Program Files\Netscape\Users\yourusername in the cookies.txt file. You should be able to delete the file with no problem.
  • For Macintosh and Netscape (4.x), cookies are in System Folder->Preferences->Netscape Users->yourusername->MagicCookie
  • For Macintosh and IE, from the Edit->Preferences folder, under "Receiving Files," click on "Cookies." You can delete or change your cookie preferences here.

I encourage all Web users to be cautious about revealing personal information, even unwittingly through the use of cookies. The benefits of cookie technology are currently outweighed by the potential for abuse.