With all of the rhetoric about cookies, many people don't understand that these little text files were invented
for a reason. In fact, cookies were created to solve the internet's equivalent of Alzheimer's disease. You see,
web sites do not remember who they are talking to!
The web was designed to be simple and straightforward. You (a browser such as Internet Explorer or
Netscape) ask for something from a web server. The web server obediently hands it to you, then goes off to
do something else. This is due to the original purpose of the web - a vast electronic library!
The web was never designed to support electronic commerce. It was designed to support reading text.
Images, videos, sounds and commerce were all shoehorned into the structure later.
Okay, so web servers are forgetful. What exactly does this mean? The browser asks the web server for
an object (a web page, image, graphic or whatever) and the server obligingly returns it. The connection
to the browser is then closed and forgotten.
Thus, the next time the browser makes a request of the web server, the poor server has no easy way to
know that it is the same as before. As far as the server is concerned, every single request to do something
is a unique request from a different computer.
This makes any kind of transaction control very difficult. Think about it for a minute and you'll understand.
You enter your personal information into a screen, which sends you to a second screen to enter your name
and address. If the web server does not know that you are you, then how in the heck does it relate the credit
card information to your name and address?
The answer is cookies. To put it very simply, a cookie is simply a way for the web server to know that you
are indeed you. In the previous example, a cookie would allow the server to know that the name and address
are related to the credit card number.
How does this work? Well, the server creates a small text file on your system called a cookie. This text file
can only be referenced by that server, and it contains a simple unique number which identifies you.
Whenever the server does something it tries to read this cookie to see if it knows who you are. Thus, when
the screen allowing you to enter your name and address is displayed, the browser tries to read a cookie,
effectively asking "do I know who you are?". It does the same thing on the credit card entry
screen. Okay, this all seems harmless enough, doesn't it? So how is this very harmless and exceptionally
useful system abused?
Cookies can be set to last until the browser exits, or they can be set to expire (be deleted) far into the future.
Various advertising companies actively abuse this feature - and this has led to the public backlash against
cookies.
You see, cookies can be created and read when any object is loaded from a web server. This includes
banners and web bugs (small graphics designed to help advertisers track who is looking at their ads).
The advertising companies take advantage of this feature to set cookies on your computer so they can
build up a picture of what sites you've been looking at. The banners effectively ask "have I seen this
person (computer system) before?" If the answer is "yes" (a cookie exists), then a notation is made in
your profile on the advertisers computer system.
Believe me, it does not take long for an advertising agency to build up a very nice understanding of
exactly what you do on the internet. Why do they want to do this? To make more money, of course.
How does this work? An advertising agency sells eyeballs. The theory they operate on is simple. The
more qualified the eyeballs, the more likely that banners are to be clicked, and the more likely that sales
are to be made. Thus, if you typically surf, say, Star Trek sites, you may be interested in seeing advertisements
about Science Fiction movies, and theoretically you will be more likely to purchase tickets.
Okay, why is this a problem? Do you really want an advertising agency knowing everything about your web
surfing habits? Do you trust them? Do you think they will keep this information private?
Or to put it another way, these companies are making money (lots of money) based upon your eyeballs. They
are not sharing that money with you - in fact, they never even asked your permission to gather information
about you.
As an analogy, suppose you were reading a magazine on a park bench and someone was hiding in the
tree over your head, recording every page that you looked at in a notebook. How long would you put up with
this behavior?
Thus, the public is simply objecting to the unethical use of cookies to track their movements through the
internet. And as you can see, a very useful tool has been corrupted by companies whose motives are
suspect, to say the least.
