Hi all,
With regard to the recent discussion about clearing cookies and privacy, I
think it would be right to clear any confusion about cookies and explain
how in my view you should best deal with them.
A cookie is a piece of information (usually represented as a text file on
Windows systems) stored by a web browser upon request by a web server
which the browser, upon future establishment of connection with a web
server to a given resource and upon request by the server providing it,
will retransmit to the server. It is, in essence, like a tracking ticket.
When you log in to a site, for instance, the web server can store a
cookie in your cookiejar with details of the login credentials so that
when you next visit the site and the site claims that a given cookie will
provide the necessary information for the server to authenticate you, your
browser will send the credentials stored that you would otherwise have had
to resubmit in a form. The same is true for stored preferences and other
situations where a stateless transaction is not sufficient, such as in an
online shop. The security of the cookie lies in your desire and ability
to protect the data therein, normally because the cookie is local to your
computer. By a curious coincidence, a cookie is also the American
terminology for a biscuit, typically the variety with chocolate chips and
raisins inside...
Cookies are not software. Cookies are stored by your browser. Your
browser has the choice (and should offer it to the user) of rejecting
cookies. The really smart ones like Mozilla Firefox even let you reject
cookies in disgise by accepting the cookie and then immediately throwing
it away - this is useful for sites which claim that you absolutely must
accept cookies from their minions or else unsightly warts will begin to
develop all over your body, when clearly no cookies are really needed.
Cookies are not in themselves dangerous. However, they hold information
about you which any web server puts there. Anyone with a fancy for
knowing what you are up to just has to plant one on your computer and, at
the absolute least, will be able to tell the path through which you travel
on their site (and sometimes, through the dreadful process of affiliation,
other sites). It is an unfortunate fact that these affiliations and
advertisers and aggressive marketers are everywhere, and cookies you
supply them give useful insites into your habbits, your preferences and
your interests suitable for marketing droids and advertisements thrown, by
force or otherwise, in your direction.
For a long while, I used to accept all cookies, too. It just made
everything more convenient. But with all the useful cookies storing
useful information on my behalf, came lots of useless, intrusive cookies.
Those cookies have more than once shown their intrusiveness, in fact once
by leading to the attempted download of a rather nasty but tenuously
appropriate adware component from a popup referral. Fortunately, my
security settings are custom-specified and the attempt failed. This lead
to my beginning to filter cookies. I started by filtering all cookies on
all sites which sent them by hand. I would block permanently all known-to-
be-disreputable sites. Such is the vastness of the Internet that I soon
gave up this fruitless pursuit - every site I visited, 10 more sites would
go into my refuse list, and I would have to answer to each site to have it
refused. Clearly this was no good, so I adopted the surprisingly
appropriate first security principle: only accept what you *know* to be
good. All cookies would now be blocked by default - only sites which I
knew needed to save cookies for whatever legitimate reason were now
permitted to do so. This now applies to popups too, and the principle
works very well. Its only drawback is inconvenience - I can often visit a
site that will not inform me it needs cookies, and have to add it manually
to get it working upon discovery of this. Sometimes, too, since all sites
are either always OK or always blacklisted in my new configuration, you
sometimes end up needing to test the effects of allowing cookies from
certain sites when you visit a non-functioning site. Still, it works
best, and I would like it if BrailleNote gave us control over the allow
and block lists in the fashion now adopted by IE and indeed, better, by
other browsers.
Sidenote: pulsedata.propagation.net is an example of a site which will not
inform you if cookies are necessary so that you will have no idea why you
cannot log in if cookies are disabled. I also add that many, many
instances of usage of cookies are in fact unnecessary because other more
appropriate methods, such as tracking parameters for CGI scripts, are
better suited (especially on shared computers where SSL mode is
available).
In a nutshell, to BrailleNote users: you can't do nothing yet, but it is
my general view that you are better clearing out your cookies regularly
than not unless you do any kind of really serious browsing that would make
cookies profitable. In that case, consider the sites you visit carefully.
Cheers,
Sabahattin
--
Thought for the day:
Communist (n): one who has given up all hope
of becoming a Capitalist.
Sabahattin Gucukoglu
Phone: +44 20 88008915
Mobile: +44 7986 053399
http://www.sabahattin-gucukoglu.com/
Email/MSN: <[EMAIL PROTECTED]>
