Primer on Internet Cookies

Am I a brownie? Am I a cookie? I'm so conflicted!

Am I a brownie? Am I a cookie? I’m so conflicted! (Photo credit: Wikipedia)

I spent some time recently educating myself on how Internet cookies work and thought I would share what I learned. I think that most people assume that cookies are largely malicious and that is not necessarily the case. But there are certainly types of malware on the Internet that can do every bad thing to you that you can imagine.

Plain cookies by themselves are pretty simple. People think of cookies as programs that are put on to your computer to spy on you. But cookies are nothing like that. A good definition of a cookie is a piece of text that a server puts onto a computer. For example, a cookie allows a web site to store something on your computer that it can retrieve later if you come back to the same web site.

Basic cookies perform a number of simple tasks that make your web browsing experience more enjoyable. For example, a cookie might record your preferences for a given website so that it doesn’t have to ask you about yourself every time you visit. A good example is when you visit a weather site and it gives you the weather for your zip code. Having a cookie from that site stops you from having to type in your zip code every time you want to check the weather. And if you want to track the weather in a dozen locations it will remember all of them.

The basic tool used by cookies is referred to as a name value pairs. Most cookies from website assign you a user ID and that is the first half of the name value pair. This lets them know who you are (actually, only which computer you are on) no matter how many times you come back to the site. The second half of the name value pair is then whatever data they want to store on your machine to prepare for your next visit, such as the zip code for the weather website.

If you have ever deleted all of the cookies from your computer you know the hassle you have after that. All of a sudden the web pages for your bank, credit cards, music site, games, and whatever else you routinely use don’t know who you are any more. Those sites were probably using cookies in the basic value pair mode, using them only to store your preferences.

You have the ability to control these kinds of cookies if you want. There is a setting in most web browsers that will allow you to get notified and make a choice every time a web site asks for a pair value from you. Try this and you will quickly abandon it because it will slow your web browsing to a crawl.

Of course, basic cookies can create annoyance at the user level. For example, my wife and I share a computer sometimes and I don’t really want to log automatically onto her Facebook or Amazon page. In fact, one day I bought a Kindle book without noticing it was her account and the book downloaded to her Kindle instead of mine. And I use multiple computers and thus I often get a different experience from a given web site based upon which computer I am using.

So why the big controversy over cookies? Unfortunately there are now companies that take cookies to the next level, and these are the ones that bother people. For example, DoubleClick is used by a lot of web shopping sites and it allows your user ID and data to be used across multiple web sites. If you buy something on the web you obviously have to tell whoever you are buying from all about you – your name, address, credit card number etc. But with cookies that can create an identify across multiple we sites the companies you buy from can start putting together profiles about you and they can see all of the different sites you are visiting that are within the DoubleClick universe. And this is all done without you knowing it.

And of course, there are all sorts of malware on the Internet that do all of the bad things that people associate with cookies. There are all sorts of adware, sneakware, keyloggers, browser hijackers, trojan horses and worms that gather all sorts of information about you. But basic cookies are not a threat to you. A cookie is a data file and it cannot gather other information on your computer. That requires one of the forms of malware. However, cookies that share information across multiple web sites can gather a lot more information about you than you might want to share. It’s a tricky world on the Internet and it’s really easy for people to forget that somebody else is at the other end of every keystroke you make.