Return to More Computer News ...World Wide Web surfers who travel from site to site under the illusion their actions are private and anonymous don't know about "cookies." A cookie is like a passport that gets stamped as users visit various sites. This file - also known as Persistent Client State HTTP Cookies - is stored on a user's hard disk. Depending upon the Web browser and platform used, the file is usually labeled "cookie.txt" or "MagicCookie."
Those who want to see a sample of the information that can be gathered without a user's knowledge or permission should visit the Center for Democracy and Technology's Web site. The Center for Democracy and Technology, based in Washington, D.C., is a leading voice in public policy debates affecting the future of the Internet and other new communications media. The "CDT Privacy Demonstration Page" (http://www.13x.com/cgi-bin/cdt/snoop.pl) explains the cookie process - how the information is obtained and can be accessed by others.
Using a program dubbed "Snoop" and written by a Carnegie Mellon University student, the page also tells you what information it has gathered about you just because you stopped in. "Snoop is a demonstration Web page I created about two years ago to show how much information people were revealing whenever they went to a Web site," said Justin Boyan, a doctoral candidate in computer science at CMU. "A cookie is simply a piece of information, such as `UserName: Justin,' which a browser may be given by a Web site that a user has visited," Boyan said. "The browser then will give that same information back to the originating Web site whenever the user returns to that site.
Snoop, his program, shows users some of the information that can be gleaned from a Web browser. "For most users, even with the most modern browsers, Snoop can usually identify your geographic location, your computer type, your browser software and the most recent page you visited," Boyan said. "If the most recent page you came from was a search engine such as Lycos or AltaVista, it can identify the precise query of what you were searching for there. For a minority of users, the Snoop script can also identify your e-mail address and full name."
Assuringly, Boyan said people's names and e-mail addresses are not generally available to Web sites they visit - "at least, with versions of Netscape after version 2.01. But, the user's Internet address, which often corresponds to a geographic location, and the computer type are generally available." "Cookies can provide a more customized interaction with the Web sites a user visits," Boyan said.
For example, "some sites - such as `My Yahoo,' which allows users to create a personalized Yahoo home page - store a user's information in a cookie," he said. "This is done so a user does not have to type in a name and password with every new visit to the site. Sites may also use cookies to keep track of the pages a user has visited."
Boyan warned, however, that "cookies have the potential to be used for collecting information that users might not wish to reveal. One subtle point is that advertisement graphics on a site may also give and receive cookies to and from a user's browser," he said. "If a centralized ad agency places ads on many Web sites, then (it) can use cookies to keep a central record of all of a user's browsing activities on all sites which displayed the ads. This helps companies deliver more targeted advertising. But users should be aware their browsing patterns can be tracked and stored."
After the success of his Snoop program, Boyan decided to take the next logical step. "After writing the Snoop script, it was natural to try to invent a system that would allow users to surf the Web without revealing so much information about themselves," Boyan said. "The `Anonymizer' (http://www.anonymizer.com/) is like a `Caller ID Block' for the World Wide Web - it allows you to visit sites without revealing your identity."
The site warns potential users that anyone who uses the Anonymizer service to try and cause havoc on other sites will not be tolerated. The site also warns it will not tolerate "or support such morally offensive and reprehensible acts as child pornography." The site also has links to other security-related sites.
Return to More Computer News ...