A "cookie" is a message given out to your browser by the web server. The cookie's message is then sent back to the server each time the browser requests a web page. 

The name "cookie" itself derives from UNIX objects called "magiccookies", tokens attached to a user or programme which change depending on the areas entered by the user or the programme. In Netscape these messages are all stored together in a file called COOKIE.TXT whilst in recent versions of Internet Explorer each cookie is stored as an individual file. 

The main purpose of the cookie is to identify users to customise or personalise web pages e.g. by recording passwords or preferences. When you enter a site which uses cookies you may be asked to complete a form providing such information as your name and your special interests. This information is packaged into the cookie and sent to your browser for later use. The next time you go to that same website your browser will send the cookie to the server; "reporting", so to speak. 

Now, using Find in the Start Menu, look for a file called COOKIES.TXT (or MAGICCOOKIE if you have a Mac machine). Using a text editor, open the file and take a look. If you've been doing any browsing, the odds are that you'll find a cookie in there from someone called "doubleclick.net".

So you never went to a site called "DoubleClick"? How then did they give you a cookie? 

DoubleClick

Close the cookie, connect to the Internet, and jump to www.doubleclick.net.  Read all about how they are going to make money giving us cookies we don't know about, collecting data on all Internet users, and delivering targeted realtime marketing based on our cookies and our profiles. 

The people at DoubleClick say that this entire transaction is "transparent" to the user. In plain English, that means you'll never know what hit you. So what's happening is that subscribers to DoubleClick put a "cookie request" on their home page for the DoubleClick cookie. 

When you hit such a site, it requests the cookie and takes a look to see who you are and gathers any other information in your cookie file. It then sends a request to DoubleClick with your ID, requesting all available marketing information about you. (They're very coy about where this information comes from, but it seems clear that at least some of it comes from your record of hitting DoubleClick-enabled sites.) 

You then receive specially targetted marketing banners from the site. In other words, if Joe and Iggy log on to the same site at the exact same time, Iggy will see ads for wetsuits and basketballs but Joe will see ads for cameras. If you log in to a DoubleClick-enabled site, and it sends a request for your DoubleClick cookie, and you don't already have one, each and every one of those sites will hand you a DoubleClick cookie!

All that all this is done without anyone's knowledge. Some people may find the gathering of any information in this way an invasion of privacy - what right should anyone have to collect information about you without your knowledge, infringing your right to privacy? - but others consider the use of this information to be harmless in itself.  You have to find the right balance between these views. One of the main issues here is certainly awareness. 

Nobbling your Cookies ...

One way of handling cookies which has been suggested is to delete the file and then replace it with a write-protected, zero-length file of the same name. This won't guarantee that someone won't  hand you a cookie but if they do it will be very obvious by the non-zero-length file size. 

If you want to keep cookies but want rid of the DoubleClick place and other future invasions in the future, try this with Internet Explorer: Find the DoubleClick cookie and corrupt it so that DoubleClick recognizes and doesn't replace it but it gives it no information. Then lock the file. In Netscape, you could try tackling the "Cookie Monster" like this:  Set the COOKIES.TXT and NETSCAPE.HST files to 0 (zero) bytes and set attributes to "system", "hidden", and "read only". 

New Cookie Technology on the Way?

The Cookie Protocol was not designed to be malicious - the cookie is just another tool on the web - but it is the manner in which some sites implement the tool that can compromise privacy.

A coalition of privacy advocates is setting out to change that protocol. A new proposal being put forward to the IETF- the Internet Engineering Task Force - as well as the heads of Microsoft and Netscape. If it were enforced it would limit the persistence of cookies and give the user a wider choice of which cookies to allow and where from. If the new specification is implemented as a standard it will be integrated into all browsers that support cookies. This would give people these options in their standard browser rather than having to purchase additional software.

The IETF is a non-profit organisation with thousands of members, and currently holds a lot influence on decisions deciding the future of the web, set up October 1996.

"We want defaults set in such a way that no one can send you a cookie without you knowing it," says Marc Rotenberg, director of EPIC, one of the organisations supporting the new proposal.

Other organisations currently backing the new proposal are: Center for Media Education, Computer Professionals for Social Responsibility, the Consumer Project on Technology, the Electronic Frontier Foundation, and the Electronic Privacy Information Center (EPIC).

In Conclusion ...

The so-called 'targeted marketing' companies include: DoubleClick, Focalink, Globaltrack, ADSmart.  They use cookies to target advertisements at you. If the IETF proposal goes through their future would be bleak.

The Persistent Cookie protocol - first developed by Netscape to maintain state in the stateless environment of HTTP - has turned out to have many uses - good and bad. The subject of the cookie has touched on the very controversial issue of privacy.