Advertising and Cookies

What are Cookies?

According to Netscape:

Cookies are a general mechanism which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection. The addition of a simple, persistent, client-side state significantly extends the capabilities of Web-based client/server applications. http://wp.netscape.com/newsref/std/cookie_spec.html

In simpler terms, cookies are small text files a web server stores on a user's hard drive to retrieve later. They serve as an identification card, notifying that web server when a particular user has visited their site. Only that web server can access and read the file. The server cannot access cookies placed on a user's hard drive by other servers. They are files, not programs or plug-ins, so they cannot access any other files on a user's computer.

The fact that users probably don't know when and what information is being accessed about them leads many people to see cookies as an invasion of privacy.

How do Cookie Files Work?

A good way to explain the cookie process is by using an example. This explanation comes from the following site: http://computer.howstuffworks.com/cookie2.htm

1. If you type the URL of a web site into your browser, your browser sends a request to the Web site for the page. For example, if you type the URL http://www.amazon.com into your browser, your browser will contact Amazon's server and request its home page.
2. When the browser does this, it will look on your machine for a cookie file that Amazon has set. If it finds an Amazon cookie file, your browser will send all of the name-value pairs in the file to Amazon's server along with the URL. If it finds no cookie file, it will send no cookie data.
3. Amazon's web server receives the cookie data and the request for a page. If name-value pairs are received, Amazon can use them.
4. If no name-value pairs are received, Amazon knows that you have not visited before. The server creates a new ID for you in Amazon's database and then sends name-value pairs to your machine in the header for the web page it sends. Your machine stores the name-value pairs on your hard disk.
5. The web server can change name-value pairs or add new pairs whenever you visit the site and request a page.

How are Cookies Used?

Web sites use cookies differently. Some of the most common ways sites use cookies are to track visitors, to store user preferences and to enable quicker online shopping functionality.

Tracking visitors
Sites can use cookies to more accurately determine how many people actually visit the site. One way to more accurately count visitors is to set a cookie with a unique ID for each visitor. Using cookies, sites can determine:

• How many visitors arrive
• How many are new vs. repeat visitors
• How often a visitor has visited
• Demographic information about visitors

Sites use this information within a database. When a visitor arrives for the first time, the site creates a new ID in the database and sends the ID as a cookie. The next time the user comes back, the site can increment a counter associated with that ID in the database and know how many times that visitor returns.

Cookies are not perfect for tracking, though, because people sometimes share machines (such as ones in schools or public libraries), cookie files can be erased and some people surf the Internet on multiple computers. A site would then have a user ID for that site for each computer they have viewed it on.

User preferences
Web sites can store user preferences so that an individual user can determine the look and features a site will have when they visit. This is known as customization. Items such as color, content, and layout can be adjusted to meet an individual's tastes and interests. If a ZIP code has been entered, the site can even include local weather or news stories of local interest.

Most sites store these preferences in their database and store only an ID as a cookie. When the user's individual ID appears on the web site's server or when the user logs in, the user's preferences appear on the site.

Quicker online shopping
E-commerce sites can implement "shopping carts" and "quick checkout" options. The cookie contains an ID and lets the site keep track of the user as he or she adds different things to a virtual cart. Each item added to the shopping cart is stored in the site's database along with the user's ID value. Upon checkout, the site knows what is in the cart by retrieving all the selections from the database. The site can also be set up so that default shipping and billing information is automatically available when a user logs into a site. The user then only has to enter this information during their first shopping experience or if they want to select a different method.

The database stores things a user has selected from the site, pages viewed from the site and information given to the site in online forms. All of the data is stored in the site's database, and a cookie containing only the user's ID is stored on the user's hard drive.

Privacy and Anonymity Issues

The topic of cookies is very relevant in the discussion of privacy on the Internet. Many consider the placement of cookies on their hard drive to be an invasion of their privacy. Two things have caused many of the concerns about privacy.

The first is concerns about what the site will do with information it gathers. If they gather demographic information as well as a name, address and phone number through transactions made on their site, what are they going to do with that information? Consumers may worry that other companies may buy their information for web-based, telephone or direct mail advertising of similar products.

On the web, the site can track not only purchases, but also the pages a user reads, the ads that they click on, etc. If users then purchase something and enter a name and address, the site potentially knows much more about them than a traditional mail order company does. This makes for very precise targeting, but it makes much of the public nervous.

Consumers can battle this to some extent by viewing the privacy policies of the sites they visit. The privacy policy tells visitors how the company uses information gathered about its' users. Each site's policy can be different. Some will not share any information, while others will make it all available to anyone who is willing to pay for it.

This becomes an even scarier prospect when the second major concern is factored in. Companies can alter the cookie system so that the cookies are visible on multiple sites. DoubleClick, Inc. is the most recoginized example of this. DoubleClick develops and markets programs that help companies manage their promotional data. Many companies use DoubleClick to serve ad banners on their sites. DoubleClick can place tiny image files on the site that allow DoubleClick to load cookies on a user's computer and then track movements across multiple sites. It can potentially see the search strings that typed into search engines and can gather so much information about a user from multiple sites that the profiles it develops are loaded with information about a user. These are still anonymous, but they are full of details.

DoubleClick then took it a step further. They acquired a marketing database company called Abacus Direct. They attempted to link their detailed anonymous profiles back to name and address information. Data had been gathered under the presumption (through privacy policies) that it would be used anonymously. Linking the data back to names made their practices deceptive and subject to legal action. (http://www.epic.org/privacy/internet/cookies/) Settlements have been reached in some cases, while others have been dismissed. But DoubleClick still tracks traffic on the web.

You Can Control the Cookies Your Computer Accepts

Both Netscape Communicator and Microsoft Internet Explorer are automatically set to accept all cookies, but users have the option of changing this setting. Users can accept cookies, elect to be notified and asked before accepting each cookie or they can choose to reject cookies all together. Some functions on some sites will not work properly if cookies are disabled.

To change your cookies preferences in Netscape, follow the Edit/Preferences/Advanced menu and in Explorer, follow the Tools/Internet Options/Security menu on a PC or Edit/Preferences/Receiving Files/Cookies on a Mac.

Web users can also utilize something like Junkbusters, found online at www.junkbusters.com/ht/en/ijb.html or www.junkbusters.com/guidescope.html to block ads and the information that is gathered about them via the cookies ads place on their computers. These are free software programs, and although Junkbusters will not work on a Macintosh, the site links to programs that will.

The web site SpamCop, found online at http://spamcop.net, prevents information from being gathered as a user travels the web. It can be used to block Spam. The Spam reporting service is free, but for a fee other features such as filtering and the removal of banner ads can be utilized.

Besides setting their cookies preference or utilizing software, web users have other options to protect their privacy online. They can choose an Internet Service Provider (ISP) with a privacy policy against user information disclosure, and/or mask their TCP/IP address, which identifies an individual machine to the Internet, by using an anonymous browsing service such as www.anonymizer.com or www.orangatango.com/home/index.ie.html. These programs vary in price and tout benefits such as eliminating pop-up ads, avoiding online fraud and preventing Spam.

If you'd like to know what information about your system is going out on the Internet, go to http://privacy.net/analyze. This web site provides an eye-opening experience with its analysis of your system. A NOTE OF CAUTION: After visiting this site and other privacy-related sites one member of this presentation group experienced several computer problems. Someone might be watching you more closely than you think.

Additional Resources on Advertising and Cookies

http://www.epic.org/privacy/internet/cookies — This is Electronic Privacy Information Center's page about cookies. It is loaded with information, links, media coverage and more.

http://computer.howstuffworks.com/cookie.htm — This site provides an overview of how cookies work from a mostly unbiased standpoint. The example section has an interactive function that shows how a user's account changes they move around the site.