WebJunction - Using the Internet

As you sit at your own computer, in your own private office, with the door closed, you may have the impression that you are alone. But you're not. The Internet may be a window to the world, but it is also a two-way mirror. As you view Web content, software on the Internet is recording -- and often sharing -- information about you, what sites you visit, what ads you click on, what you buy, view, or listen to. It does that in large part by using cookies.

What's a cookie?

Cookies are text files generated by a Web server and stored in your computer. They arrive via an HTML page that you have requested. Like stowaways, they arrive undetected and can stay in your computer for years, stored on your hard drive. There are two kinds of cookies: per-session and persistent. Per-session cookies are programmed to time out at the end of your Internet session. They do not permanently record data to your hard drive. When you sign off, they are gone. Persistent cookies are stored on your hard drive and sometimes take years to expire. The minute you start visiting Web sites, cookies will start flowing into your computer.

To non-technical folk, cookies sound cute and friendly, especially the yummy, chocolate chip variety. But in computer science, cookie is a rather dry term used to describe a small token of data that helps two programs on separate computers interact. Browser cookies are named after Unix objects called magic cookies, and in some versions of the Macintosh operating system, there is actually a document called MagicCookie. Netscape, which invented cookies for its browser, calls them Persistent Client State HTTP cookies.

Why do Web Sites Use Cookies?

Cookies were invented as a convenience that let you set up a personal page, keep track of a shopping cart, record a password, save your preferences, and let a Web server detect your computer operating system and Web browser. This made it easier for you to access information on the Web. Cookies contain information that Web sites use to track passwords, lists of pages you've visited, the date when you last looked at a certain page, your IP address, the time of day, and similar items. They do this transparently and without your knowledge.

There are other reasons why Web sites employ cookie technology. They may want to know how many visitors their site is getting, how many are new and how many are returning, or how often a viewer is visiting.

A cookie is designed to act as a token or marker that identifies your computer to a particular Web site's server (the one that sent the cookie) and will access that information when you hit that site. A serial number (a string of alphanumeric characters) that it generates to identify your computer is used to retrieve your information from the site's database, where it stores cookie information.

There is nothing inherently sinister about cookies. By themselves, they are benign and can make your browser function more efficiently. A Web site can retrieve only the cookie that it sent to your computer. It cannot read any other cookie or anything else in your hard drive.

WebJunction's Cookie Policy

Before you register on any Web site, including WebJunction, check the site's privacy policy to make sure that it will not sell or otherwise reveal your personal information. WebJunction's privacy policy is located on its registration page http://www.webjunction.org/do/UserServices?method=initSelfRegister . Among other things, WebJunction's privacy policy explicitly states that it does not share information with third parties. To access WebJunction's online courses and forums, your Web browser must have cookies enabled. If cookies are disabled, the site will sign you out.

Managing Cookies

Netscape (Mac OS X and Windows)

Recent versions of Netscape have an elaborate cookie manager that lets you control cookies - keeping the ones you want, deleting forever the ones you don't, and letting you set parameters on which cookies to accept on a permanent basis. The Macintosh and Windows versions are virtually identical.

The object with managing cookies is to understand what they do and decide what you want. There are many choices on how to handle cookies, and there is no one right or wrong way. You can always change your mind.

1. From the menu bar, choose Tools>Cookie Manager to quickly block and unblock cookies from any Web site, or to open the cookie manager. When you select Tools>Cookie Manager>Manage Stored Cookies, a Stored Cookies window opens containing a complete list of all the cookies Netscape has received. Click on each individual cookie to reveal its name, a serial number, the server that sent it, whether that server is a secure server for Web-based transactions, when it expires, and its policy (if it has one).

2. Select a cookie and decide whether or not you want to keep it. Use the Remove Cookie button to get rid of a single cookie, or the Remove All Cookies button to eliminate all of them.

3. If you don't want cookies to be re-sent from the servers you removed, check the box that reads, "Don't allow removed cookies to be reaccepted later."

4. Click OK.

5. A Cookie Sites tabbed window in the cookie manager shows you which sites can and cannot send cookies. You can select and remove sites from this list too.

Here is another way to control cookies in Netscape.

1. From the menu bar choose Netscape>Preferences (Mac) or Edit>Preferences (Windows). The Preferences dialog box appears.

2. Open the Privacy & Security category by double-clicking the Privacy & Security section or clicking the arrow tab.

3. Click Cookies to bring up the Cookies dialog box.

From here you can disable all cookies, enable them only from the server you are viewing, enable them based on privacy settings, or enable all cookies. You can also disable cookies in mail and newsgroups, have the browser ask before sending a cookie, or limit their duration.

5. Use any combination of settings you want.

6. Click OK.

Privacy Settings in Netscape

You can enable cookies based on privacy standards that you set in the browser. When you select the "Enable cookies based on privacy settings" radio button, click the View button to see the privacy settings. These settings were established as the P3P standard (Platform for Privacy Preferences).

The Privacy Settings dialog box gives you the four basic options in addition to some standardized settings. To reject cookies from third-party sites - sites you have not visited - do the following.

1. Click the Custom radio button under Level of Privacy.

2. Use the pull down menu to set standards for third party cookies on every level of privacy. Reject is usually a good choice.

3. Choose the conditions under which to accept cookies for first party cookies

4. Click OK.

Despite your best efforts, you may still be plagued with dialog box requests to send cookies. If that happens and it annoys you, adjust your settings accordingly and then remove cookies at a convenient time, or accept session cookies only.

Internet Explorer (Mac OS X )

1. In the menu bar choose Explorer>Preferences.

2. Check the arrow Receiving Files in the left hand menu.

3. Click Cookies to see the list of cookies in this browser.

4. Select and double-click on each cookie (or click the View button) to get its description.

5. To delete a cookie, click on it, and click the Delete button.

6. You have four options for viewing cookies: Never ask, Ask for each site, Ask for each cookie, and Never accept.

Internet Explorer (Windows)

1. Choose Tools>Internet Options and you will see the General tab.

2. Delete all cookies by clicking Delete Cookies.

3. If you don't want to delete all cookies, you can customize your cookie policy. Under the Privacy tab use the slider bar to check out the different levels of settings. If one is right for you, then move the slider bar to that setting.

Another way to control cookies is the following:

1. In the Privacy tab click the Advanced button.

2. Check the box labeled, "Override automatic cookie handling." This gives you the option of accepting or rejecting first and third party cookies. It also has a checkbox for allowing session-only cookies. That setting will accept cookies for that session and then discard them when you sign off.

3. Even if you click the Default button, you can still specify which sites you want to handle specifically, by clicking the Edit button.

You can also do this:

1. In the General tab find the Temporary Internet Files section and click Settings.

2. In the Settings dialog box, click the View Files button to reveal your cookie documents.

3. Click any cookie file to reveal the details about it, such as the server that sent it and when it expires.

4. With the cookie file selected, press the delete button on your keyboard to remove it from the file.

What Do Cookies Know?

While cookies do not automatically know your identity or record personal information about you - your name, address, social security number, or credit card number - they do recognize your computer whenever you view a Web page on that server. If you already have a cookie from a particular Web site, your browser will find it and send that information back to the site's server. That server queries its database and retrieves your history on the site.

However, cookies can and do store and transmit personal data that you give out voluntarily. If you signed a guest book, bought a product, registered on a Web site, or revealed demographic information such as your name, address, age, gender, income, pets, or hobbies, it is possible that such information can be accessed via your cookie. While a cookie cannot reveal your e-mail address, some servers can access that information if your e-mail program is embedded in your browser.

Cookies can be convenient when you are shopping at or visiting a Web site, but privacy experts have pointed to an intrusive underside to some Web sites' use of cookies. The information in a cookie can be shared with unknown third parties, not just the Web sites you are visiting. An Internet marketing company that contracts with a Web site to serve its ads, for example, can also throw you a cookie, record information about your computer, track which Web sites you visit and from which you buy products, and share this information with its other clients without your knowledge or consent. Because personal information can be shared with third parties without your permission, read the site's privacy or security policy to find out whether it shares information with third parties before entering personal information on a Web site form.

Another reason why privacy advocates dislike cookies is because they are linked to advertisements that are pushed to your computer screen. If you recently went to a Web site to get information about cats, and you find that ads for pet toys and cat food are appearing on your screen, this is no accident. It's a result of cookies being read and distributed by marketing companies to determine your interests and preferences. Such companies make money by sharing your cookie information with their partners who are selling products they think will interest you. If you don't like the idea of marketers following you around the Internet and eating into your bandwidth with ads for goods and services you did not ask for, there is a solution.

Can I Throw Them Away?

You can rid your computer of offending cookies in several ways, depending on your operating system and browser. Unless you are totally offended by the concept of swapping information back and forth from your hard drive to a Web server you regularly visit, you can set some standards for which cookies to accept and which to reject by setting preferences in your browser.

You can disable cookies entirely, but that is probably not a good idea, as many sites depend on cookies to function properly. If you use a Web-based e-mail program, you must have cookies enabled. Any site where you have to register to use its content needs cookies. You can set the browser to warn you or ask permission to send cookies, but that can be intrusive, and you may be driven to distraction by the number of times you are asked to accept a cookie before a site will serve up a page.

A more practical solution is to accept cookies only from servers that you are visiting, and not from third party servers, such as the ubiquitous DoubleClick Corp., an online-targeted marketing site that distributes your cookie information - its user profile of you -- to its many clients even though you have never visited its Web site.

Beware Ad Networks

Online advertising networks like DoubleClick, which resell advertising space for many popular sites, maintain a database full of user profiles derived from cookies. How? DoubleClick sends cookies to computers that visit its client Web sites by arranging to place a transparent graphic (known as a Clear Gif, Web Beacon, or Bug) on the client's Web page. When you view that page, you also download that invisible 1 x 1 pixel graphic it contains, which sends you a cookie directly from DoubleClick, and lets DoubleClick track your Web use, create profiles based on that use, and deliver online ads to you from its other clients according to your profile.

Such ad networks have placed cookies on countless browsers. If you use one of the popular search engines, your queries are likely being logged and analyzed. Over time, information about you can be compiled into a distinctive and alarmingly specific profile, potentially containing a great deal of personal information that you have given out over time to various Web sites.

According to the JunkBusters Web site, "Any Web site that knows your identity, and has cookies for you, could set up procedures to exchange their data with the companies that buy advertising space from them, synchronizing the cookies they both have on your computer. This possibility means that if your identity becomes known to a single company listed in your cookies file, any of the others also might know who you are when you visit their sites."

Use a Privacy Program

If you don't want to go into your browser settings to handle your cookie files, there are numerous software programs available that you can set up to do the job for you. The vast majority of applications are for the Windows operating system.

AD Subtract Pro (Windows only)

http://www.adsubtract.com/

Intermute

This program blocks ads, cookies, pop-up windows, animations, music, and more.

Bad Cookie! (Mac)

Bains Software

http://www.bainsware.com/badcookie/

This tool scans your cookie file for new cookies every time you launch your browser and lets you delete them. You can add comments to cookies so you know what they are for, or edit the content of cookies.

Internet Cleanup (Mac and Windows)

Aladdin Systems

http://www.aladdinsys.com/internetcleanup/mac/index.html

Cookie Tosser and CookieEditor are two of the utilities contained in this program to automate cookie management and delete cookies you don't want. You can also set the program to delete your Web history and cache. It also includes a digital document shredder.

Cookie Crusher (Windows only)

The Limit Software

http://www.thelimitsoft.com/

This program blocks cookies and classifies incoming cookies according to purpose. Add sites or individual cookies from sites to a filter list. It keeps a detailed list of cookies accepted in each Web session and lets you analyze and delete cookies.

Privacy Pal (Windows)

Zemerick Software

http://www.zemericks.com/products/privacypal/index.asp

This program can remove cookies, temporary Internet files, Internet history, recycle bin, Windows temporary files, and more.

Guidescope (Windows and Linux)

http://www.guidescope.com/home/

This Internet proxy software blocks ads and cookies by selecting them from a list. You can turn blocking off or on whenever you want.

Complete Cleanup (Windows only)

http://www.softdd.com/complete/index.htm

This Web privacy and disk clean-up software for cookies, cache, and Web history removes all Internet browser tracks and performs many additional disk and system cleanups.

Bugnosis (Windows only)

http://www.bugnosis.org/

This software detects invisible Gifs (Web beacons and bugs) used by third party Web sites to track information about your Web browsing habits.

Resources

For more information about computer privacy in general and cookies in particular, see the following Web sites. They contain information about cookies, as well as a wide range of security and privacy issues.

JunkBusters

http://www.junkbusters.com/

This is a security oriented Web site that gives you detailed analyses and advice about cookies, spam, telemarketing, junk mail, Web ads, and a host of other privacy and security topics, both online and offline.

Cookie Central

http://www.cookiecentral.com

This site tells you everything you ever wanted to know about cookies - their history, their intent, their implementation, and all relevant news pertaining to Internet tracking.

Electronic Privacy Information Center

http://epic.org/

EPIC is a Washington-based research institute that focuses on civil liberties issues, privacy, the First Amendment, and other constitutional issues. It publishes a newsletter as well as reports and books on civil liberties topics.

Electronic Frontier Foundation

http://www.eff.org/

EFF is a San Francisco based organization devoted to defending online freedom of expression. It sponsors legal cases, submits amicus briefs, supports technology innovations, monitors legislation, and educates the public and government officials.

Center for Democracy and Technology

http://www.cdt.org

An activist organization, the CDT focuses on democratic values and constitutional liberties. Its expertise is in law, technology, and policy, and it seeks practical solutions on issues such as freedom of expression and privacy.

Library Resources

Resources for Librarians

http://castor.tsl.state.tx.us/ld/pubs/security/paws.html

This is an overall guide for securing public access workstations and covers browser configuration, securing and controlling PCs, and disk cloning.

Securing Netscape 4 in the Public Library

http://northville.lib.mi.us/tech/netscape.html

This is a list of tips, trick, and how-tos on how to manage your library's Netscape browser.