Nearly all commercial websites today pass one or more unique, encrypted text files to visitors’ computers that can be used for various purposes. Some uses are considered beneficial and others, invasive. These encrypted files are known as Internet cookies, computer cookies, or just cookies. Aside from the website itself, third-party cookies can be issued to visitors by parties affiliated with the website, most commonly marketers.
There are two classes of Internet cookies: temporary and permanent. Temporary cookies are saved to browser memory and are lost at the end of each session, as soon as the browser is closed. These cookies hold information that does not need to persist across sessions, and are sometimes required for a site work properly. Permanent cookies, also known as persistent cookies, are passed to your hard disk and can “live” for years. These cookies save information either for your benefit, or for the issuer’s benefit.
When you visit a website for the first time, chances are the site will pass a cookie to your browser to be saved to your hard disk. This cookie has a unique ID that will map back to your computer alone. A matching file is created on the issuing Web server with the assigned, anonymous ID. Since Internet cookies are encrypted, the main part of the cookie is only readable by the issuer, but certain data is visible, including the issuer’s website address, time/date stamps and expiration date.
Uses for cookies vary. If the site requires registration, a cookie will keep this information permanently stored so that on subsequent visits you can be recognized immediately and automatically logged into the site. This can occur without your intervention because when Web browsers request a Web page, they are designed to scan the hard drive for any cookies that match the site’s address and hand them over. Once the site receives a cookie, it triggers open the server’s counterpart, revealing registration information that’s been previously provided.
Internet cookies are also used to facilitate online shopping. If you have to leave a shopping session, for example, the items will be saved and restored to a cart the next time you return to the site, even months later. If you personalize a site, a cookie will store your preferences for you so that when you subsequently visit the site, your preferences will be loaded according to the information in your cookie.
Internet cookies are also used for Web profiling, a less popular application of the encrypted text files. Every mouse click through a site’s pages can be recorded into the visitor’s unique cookie log, saved as roadmap of that person’s surfing habits. Each visit to the site adds more data to the cookie, building on the previous information collected. If the surfer provides personal information to the site, this can become associated with the profile, replacing the anonymous ID.
Even less popular is profiling by major marketers. Marketers can issue third-party Internet cookies from hundreds of thousands of the most popular websites. This allows the marketer to not only track a visitor through a single website, but across the Web. The amount of information that can be gleaned by tracking the surfing habits of an individual over a single day is surprising, but over the period of weeks, months and years, it becomes hard for the average person to comprehend. Sophisticated software analyzes profiling information gathered by Internet cookies to categorize the target in several ways based on statistical data. Age, gender, location, political leanings, hobbies, marital status, religious interests, health problems, lifestyle choices, real-estate holdings, financial investments, and many other personal areas of life are easily revealed through surfing habits.
In 1995 when cookie technology was built into browsers, there were no controls included to turn cookies off. A backlash occurred in the Internet community once it was discovered that Internet cookies were being used to profile the public surreptitiously. Those in the know relied on third-party cookie managers, but the average person was being profiled automatically without his or her permission or awareness.
That backlash resulted in the cookie controls we have today, available in all post 3.x browsers. While most browsers still install with cookie controls enabled by default, one can navigate to the proper Options or Tools menu to turn cookies off completely, turn third-party cookies off only, or allow session cookies only. One can also turn off cookies while creating an exempt list that will allow certain sites to use them. Controls are also included that allow one to erase all Internet cookies from the system.