'Tracking' cookie can tell somebody a lot about you
3/11/2000Most consumers have accepted Internet "cookies" as a harmless and even helpful part of visiting sites on the World Wide Web. The potential uses for one kind of cookie, however, are disturbing enough to raise new concerns about privacy of personal information on the net.
It is the so-called "tracking" cookie.
Cookies are small text files sent to your computer by many sites on the Web. The computer hosting that particular Web site automatically transmits the cookie, which records your activity on the site.
Most cookies are helpful and pose little threat of invading your privacy. Web site owners may use them, for instance, to provide personalized pages, including pages you can customize to monitor a stock portfolio or read certain categories of news stories.
When you enter such a Web site, it reads a cookie that it previously deposited on your hard drive. The cookie identifies you as a specific user, and the Web site returns your personalized page. Online book stores and other merchants use cookies to provide access to your account information and maintain a record of your purchases that you can review.
Cookies caused a lot of paranoia a few years ago as a new generation of computer users became aware of their existence. People feared that cookies might read information from other files on their hard drive or damage files.
Unfounded concern also arose that Web sites might use the cookies to compile dossiers on the private lives of consumers, collecting information about their preferences in visiting Web pages, buying books, videos, and other merchandise.
Ordinary cookies, however, have a built-in safety feature. They can be used only by computers in the Internet domain that sent the cookie. A cookie from an online bookstore named Goodbooks.com, for instance, could be used only by other computers at Goodbooks.com. That prevents other Web sites from reviewing Goodbooks' cookies on your hard disk.
Tracking cookies are something else. They are not exclusive to the site that you visit when they are deposited on your hard drive. Rather, tracking cookies often come from big, centralized banner advertising agencies like DoubleClick.com that serve hundreds of Web sites.
When you click on a banner ad on site XYZ.com, the ad content - and the cookies - are not sent to your computer by XYZ.com. They are sent from an "ad server" computer at DoubleClick.com, or whatever banner ad agency serves XYZ.com. Tracking cookies record that you clicked on the banner ad, as well as subsequent activity involving the banner ad.
A banner ad agency may serve hundreds of Web sites. The agency's computers thus can read cookies with information about your interests, spending habits, and lifestyle as reflected in your activity on many sites. Click on a banner ad for legal advice and select "divorce" or "bankruptcy." Click on a mortgage ad and call up information on "financing a vacation home." View material on Viagra in a medical banner. Snoops can infer a lot from that knowledge.
People concerned about tracking cookies have several options. Obviously, if you don't click on a banner ad, the ad server won't deliver the ad content or its cookies to your computer. Second, DoubleClick has an "opt-out" policy in which consumers can stop its tracking cookies. For information, go to www.doubleclick.net, and click on Privacy.
Michael Woods is The Blade's science editor.