Blog » Are Cookies Dangerous?
The web has been around for many years, and since the early days, websites have been requested by users and delivered to them using HTTP - the HyperText Transfer Protocol. HTTP is the means by which web browsers and web servers communicate. Unfortunately, HTTP is what we call a "stateless" protocol - meaning, effectively, that when you visit a page on a website, and then another page, the website you are visiting has no way of knowing it is the same person that visited the two pages.
This makes things like user login systems difficult to manage. You can't use IP addresses to track users for a variety of reasons, most notably proxy servers that might be used by several people (many hundreds in the case of AOL) to access the web. This is where cookies come in handy.
A cookie is a simple, tiny, text file. It is stored on your PC, and is incapable of performing any tasks or functions. It is simply a text file containing data in text form, just like this (an example cookie from Google):
en_GB www.google.com/ 1425 2053574882 29726548 4298754968 23581292 *
Cookies, once stored on your PC, are tied to a specific web address. That can be a domain (eg google.com), a sub-domain (eg www.google.com), or even a folder (eg www.google.com/folder/). When you revisit a web page, your browser checks to see if any cookies that are stored on your PC are valid ones for the page you are visiting. If they are, the information contained within them is sent back to the server.
Which means, essentially, that a website can only get from a cookie information it put there in the first place. Not all that dangerous in the vast majority of cases. With the above cookie on my PC, any time I visit a page within the "www.google.com" subdomain my browser will send the contents of the text file above to Google.
The next time you request an advert from DoubleClick (i.e. the next time you visit a web page with advertising provided by DoubleClick, or whoever the advertising provider is), your browser may send back data you received in a cookie from a previous time you viewed a DoubleClick advert. One advertiser cannot read cookies from another, as web servers will only send cookie data out when you request a page from within the domain of the cookie.
What this allows the advertising provider to do is to identify that someone who visited one page also visited another page. It can't identify you personally, but it can tell that someone who viewed a review of "Smokey and the Bandit" on one site then went on to order 6 cases of Jack Daniels on another. Assuming both sites carry advertising from the same provider (increasingly rare). They provide basic thematic profiling - the above example, if repeated by thousands of people, would tell them that people with excellent taste in movies also have excellent taste in drinks. They might use that information to help provide more accurate advertising - Jack Daniels ads on the "Smokey and the Bandit" review, for example.
Can cookies ever contain private information? Yes, they can. A web site can only place information in a cookie that it already has, and only that web site will be able to retrieve that information, so if you have given that web site personal information about yourself, they could store that in a cookie. Is that dangerous? Not in the slightest.
If you want to avoid being tracked by advertisers (and remember, any tracking they do is not personally identifiable to you), there are measures you can take. Most competent browsers allow cookie control (at the end of this article is a guide to preventing your browser from accepting third party cookies). Some allow you to accept and reject cookies individually, or based upon domain. Some will allow you to reject "third party cookies" (the above, cookies sent with advertising, would count as third party cookies), or all cookies altogether.
Personally, I have my version of [url=http://www.opera.com/]Opera[/url] set to reject third party cookies without notifying me. I've had no problems at all using the web since, and running ad-aware every few months turns up no more than one or two tracking cookies, usually ones that have turned up when I've used Internet Explorer for brief testing purposes.
How to prevent your browser from accepting third party cookies.
- Click in Tools > Internet Options.
- Select the "Privacy" tab.
- Click "Advanced".
- Select "Override automatic cookie handling".
- Check that you are set to "Accept" (or "Prompt") First Party Cookies, and to "Block" Third Party Cookies.
- Though it is up to you, I recommend you also make sure "Always allow session cookies" is checked.
- Click "ok" to close the "Advanced Privacy Settings" Window.
- Click "ok" to close the Internet Options pop-up.
- Press "ALT-P" or click Tools > Preferences.
- Select "Privacy" on the left.
- Make sure "Enable Cookies" is ticked.
- Next to "Normal cookies", check that "Accept all cookies" is checked.
- Next to "Third party cookies", check that "Refuse all cookies" is checked.
- Click "ok".
- (There are other settings in there you may wish to experiment with until you are happy with your cookie setup).
- Click on Tools > Options.
- Select "Privacy".
- Expand the "Cookies" section.
- Check that, of the four boxes, only the top two, "Enable cookies" and "for the originating web site only" are both ticked.
- Click "ok".