C is for Cookie

If you grew up with Sesame Street then you probably remember that Cookie Monster (that lovable blue haired cookie eating machine) loved cookies. Alas, the cookies in your web browser are a bit different. For those that are unaware, cookies are one of the ways that a web site can save little bits of information to your computer. These bits of information are stored so that websites can remember things about you.

Although there are other ways to track users online (Flash super cookie, Windows Media Player user ID, XML data islands, etc.) cookies are by far the most common. (Why you might care about this is dealt with in my post about behavior based marketing which will go up next week). The concern for privacy comes in two ways, one is in the cookies on your machine, and the other is what sites do with your cookies. A cookie from a site, by definition, means that you were on that site (unless you’ve placed a fake cookie on your machine to make it look like you were there, which is quite uncommon). Some hackers will try to steal, or corrupt, your cookies to create desired effects (access to webmail accounts for instance). Sites will use the cookies to know when you are coming back to them. Cookies come in several varieties; Session cookies, 1^st party cookies and 3^rd party cookies. Session cookies are cookies that are only good for the time you are using your web browser. Once you close your web browser, those cookies are gone (or expired). 1^st party cookies are cookies that are sent by a site to you machine for that site (cookies should only be returned to the sites that sent them to you (hackers sometimes get around this). 3^rd party cookies are cookies set by sites that you aren’t on, but are showing you material (the most common use of this is advertising on a site that comes from an advertiser but is shown on a different site). All cookies have the ability to set an expiration date after which they are no longer valid. Many sites will set these far off into the future.

Many browsers now give you the ability to manage cookies in various ways though (according to someone I spoke to in internet marketing) most people do not alter their cookies settings so they don’t worry about the small fraction of users that do. Each user can decide what the want to block or allow (making this automatic or having it prompt you each time. Note: prompting sounds like it gives you the most options but is really a pain in the butt, try it and you’ll see). You usually can choose to always block (or allow) cookies from various sites (and some sites won’t let you use them without having cookies enabled). One thing most people don’t realize is that if you choose to block cookies (or allow) from a particular site, that information is stored on your machine. If someone were to search your machine they could tell what sites you had been to (or not) based upon which cookies you chose to block or accept. This information is generally not transmitted across the net (unless your machine is hacked) so someone would need physical access to your machine to obtain this information but it is a trail for those that are concerned about such things).

In general it is important to understand how information is tracked about you and your browsing activities. There are easy ways to limit this tracking and cookies is the primary way websites do this. If you are concerned, you can disable these technologies in most browsers, but many of them greatly diminish your online experience. Examples of these measures are: always clearing your cache, not accepting cookies, not installing plug-ins/add-ons like Windows Media Player, Flash, disabling JavaScript, etc..