by Glenn Caleval
No not the kind of crock that contains cookies. The kind that tells you you’re being fed a crock… The intensive campaigning against computer cookies is, for the most part, hype and fear-mongering.
What are cookies?
Cookies are small text files that reside on your own computer. They contain basic information that makes web sites function more effectively and many sites become unusable without them.
For example, if you log in to a web site and you have cookies completely disabled, even if the site does not officially require cookies to grant you use, every time you load a different page or try to display different content, you will be forced to log in all over again.
The role that cookies play in such situations is that they record your log in information to your own hard drive and then use that information in the cookie to grant you access to the whole web site. There is nothing sneaky about this, because the site you are logging into already has your log in information. Duh. How else can they have registered users? So the two places that have your log in information through this exercise — your computer and the web site you have registered with — both already have that information.
Cookies are the mechanism the site ensures that only registered or paid users are able to access the site — they have to process your log in information. Again, if your login information is not stored in a cookie, then the web site will have no way of knowing it is the same user trying to load page 2 who just logged in to see page 1. You would have to go through the login process every time you viewed a different page on the same site. This should be obvious to even the loudest critics of cookies.
Is it possible for hackers to steal information stored in your cookies? Of course. Just as it is possible for them to steal your passwords to banking sites by taking control of your browser. Is it common or easy? No. Cookies have never been a significant source of compromised security.
So there’s no problems with cookies?
That’s not the case either. There are some very real privacy concerns about how certain corporations use cookies and those concerns are becoming more serious with every new service deployed that seeks to know more things about you.
First, understand that cookies are an absolutely essential part of internet commerce. The Secure Surfing Organization web site, for example, relies on cookies to generate contributions from sponsors. The ads you see populating the site such as this one:
Unlike advertising networks like Google, SSO does not receive any contribution by a user simply clicking on an ad. We only receive a contribution when someone not only clicks on an ad but actually buys the sponsor’s product. We chose this method rather than the Google method precisely because of our privacy concerns with Google.
The way a sponsor knows whether or not one of our readers has purchased one of their products is through cookies. If our users have cookies disabled, we receive no contribution even when they do buy a sponsor’s product.
That is also the method used for many straight commercial transactions across the web. When you are shopping on a site, adding things to your “shopping cart” is really adding items to a cookie. When you “check out” that cookie is read and processed by the shopping site.
So if SSO uses them and shopping sites use them, what’s the problem?
The problem is that for some companies or sites, cookies are not simply about making things easier for users or conducting normal transactions. For some, cookies are used for tracking, profiling and user targeting. For a long time now Google has been heavily criticized by privacy advocates for its compiling and indefinite storing of user search results. They also compile and store results of users who click on those little Google word ads you find almost everywhere.
Privacy International (a great source of additional information) ranked the major internet providers and identified Google as alone in the worst category, those engaged in “Comprehensive consumer surveillance & entrenched hostility to privacy.” In part their report said:
“We are aware that the decision to place Google at the bottom of the ranking is likely to be controversial, but throughout our research we have found numerous deficiencies and hostilities in Google’s approach to privacy that go well beyond those of other organizations. While a number of companies share some of these negative elements, none comes close to achieving status as an endemic threat to privacy.”
Google goes to the extent of scanning the actual content of users personal e-mail to identify possible advertising targeting information. Of course it only commits this invasion of privacy against users of its own “free” mail service, GMail.
In response to the blistering exposure of Google’s tactics, the internet mammoth announced new measures to improve its respect for privacy. It has promised that after 18 to 24 months it will anonymize your search history. Basically they are saying they will take the personally identifiable information they are collecting about you and after they’ve used it for up to two years, then they will strip out the details that identify you with your searches.
Note what Google did not announce. They did not announce that they would stop collecting information about you from ad links you click nor have they announced they will even anonymize that information after two years. Nor have they promised to quick scanning the private content of GMail users’ e-mail messages.
So what’s all this got to do with cookies?
The primary method Google uses to track you is through its particular use of cookies. In the cookies it records all the information it thinks it can make use of and that includes your IP address. It then uses that IP address to build a database about all the searches you conduct. But it gets worse. If you are foolish enough to install a Google Toolbar, it then tracks every web site you visit whether that web site is willingly participating in Google’s cookie tracking scheme or not.
And Google’s not done yet. They have recently taken over one of the largest cookie-tracking networks in the world, Doubleclick. Combining Doubleclicks reach and ability to track a massive amount of internet cookies with Google’s massive presence and technology, cookies set by either of these two outfits does in fact pose a real risk to your privacy.
With the announcement of “location aware services” Google is now even able to track where you are physically located while you are browsing the web, whether in a bar or your own bedroom.
What are you saying?? Should I disable cookies or not!?
The solution is not to disable all cookies. Doing so will make your use of the web much more difficult and much less pleasant. There is one relative easy solution that allows you to keep all the good functionality of cookies without being subject to the privacy invasions that are multiplying across the net.
That easy solution is to join the Anonymizer service. As you can see on our Identity Protection page, that service protects you from much more than cookie privacy invasions and we consider it a basic part of any Secure Surfing Toolkit.
How it protects you from cookie tracking is by completely hiding your IP address. Google and anyone else can track the IP address all they like but the records created will be essentially useless for any targeting, profiling, tracking or other snooping. Because all your browsing and cookie information will originate from Anonymizer’s IP Address, not your own. All the other members of Anonymizer will have their cookie and browsing information mixed in with yours so not only can the cookie issuer not tie to any one person or computer, it is basically impossible to build even an abstract profile. Location identification will point to the location of one of the Anonymizer servers not wherever you happen to be.
Doesn’t this hurt your ability to receive contributions from sponsors?
Frankly yes. It hurts financially a lot. The reason is that most of our sponsors will make a contribution even if an SSO reader does not buy on the first visit from our site, but comes back many days later and does buy. Because the user has a cookie stored on their computer (in the longest cases it’s there for a maximum of 120 days, but usually a week or two), the sponsor is able to see that you discovered them through this site. If you use techniques that strip the ability of the cookie to deliver that information or if you erase cookies before you buy the product, then the sponsor does not know that they should make a contribution to us.
However, this is not about SSO getting contributions. It is about taking the necessary steps to protect your privacy and your identity. That’s not worth trading off for a few nickels here and there. We strongly recommend that you do join the Anonymizer service. If you are genuinely concerned about ensuring that SSO gets its contribution from a sponsor, the easy way to ensure that is to only go to their site by coming here first and then purchasing the product or service that interests you. But honest, we really aren’t concerned about it.
For searches, instead of using Google, Yahoo or Bing, use Scroogle or IxQuick, neither of which uses tracking cookies nor keeps records of your IP address.
Cookie Crock
No not the kind of crock that contains cookies. The kind that tells you you’re being fed a crock… The intensive campaigning against computer cookies is, for the most part, hype and fear-mongering.
What are cookies?
Cookies are small text files that reside on your own computer. They contain basic information that makes web sites function more effectively and many sites become unusable without them.
For example, if you log in to a web site and you have cookies completely disabled, even if the site does not officially require cookies to grant you use, every time you load a different page or try to display different content, you will be forced to log in all over again. There is the way the site ensures that only registered or paid users are able to access the site — they have to process your log in information. This should be obvious to even the loudest critics of cookies.
The role that cookies play in such situations is that they record your log in information to your own hard drive. There is nothing sneaky about this, because the site you are logging into already has your log in information. Duh. How else can they have registered users? So the two places that have your log in information through this exercise — your computer and the web site you have registered with — both already have that information.
Is it possible for hacks to steal information stored in your cookies? Of course. Just as it is possible for them to steal your passwords to banking sites by taking control of your browser. Is it common or easy? No. Cookies have never been a significant source of compromised security.
So there’s no problems with cookies?
That’s not the case either. There are some very real privacy concerns about how certain corporations use cookies.
First, understand that cookies are an absolutely essential part of internet commerce. The Secure Surfing Organization web site, for example, relies on cookies to generate contributions from sponsors. The ads you see populating the site such as this one:
Unlike advertising networks like Google, SSO does not receive any contribution by a user simply clicking on the ad. We only receive a contribution when someone not only clicks on the ad but actually buys the sponsor’s product. We chose this method rather than the Google method precisely because of our privacy concerns with Google.
The way a sponsor knows whether or not one of our readers has purchased one of their products is through cookies. If our users have cookies disabled, we receive no contribution even when they do buy a sponsor’s product.
That is also the method used for many straight commercial transactions across the web. When you are shopping on a site adding things to your “shopping cart” what you are really doing is adding items to a cookie. When you “check out” that cookie is read and processed by the shopping site.
So if SSO uses them and shopping sites use them, what’s the problem?
The problem is that for some companies or sites, cookies are not simply about making things easier for users or conducting normal transactions. For some cookies are used for tracking, profiling and user targeting. For a long time now Google has been heavily criticized by privacy advocates for its compiling and indefinite storing of user search results. They also compile and store results of users who click on those little Google word ads you find almost everywhere.
Privacy International (a great source of additional information) ranked the major internet providers and identified Google as alone in the worst category, those engaged in “Comprehensive consumer surveillance & entrenched hostility to privacy”. In part their report said:
-
“We are aware that the decision to place Google at the bottom of the ranking is likely to be controversial, but throughout our research we have found numerous deficiencies and hostilities in Google’s approach to privacy that go well beyond those of other organizations. While a number of companies share some of these negative elements, none comes close to achieving status as an endemic threat to privacy.”
Google goes to the extent of scanning the actual content of users personal e-mail to identify possible advertising targeting information. Of course it only commits this invasion of privacy against users of its own “free” mail service, GMail.
In response to the blistering exposure of Google’s tactics, the internet mammoth announced new measures to improve its respect for privacy. It has promised that after 18 to 24 months it will anonymize your search history. Basically they are saying they will take the personally identifiable information they are collecting about you and after they’ve used it for up to two years, then they will strip out the details that identify you with your searches.
Note what Google did not announce. They did not announce that they would stop collecting information about you from ad links you click nor have they announced they will even anonymize that information after two years. Nor have they promised to quick scanning the private content of GMail users’ e-mail messages.
So what’s all this got to do with cookies?
The primary method Google uses to track you is through its particular use of cookies. In the cookies it records all the information it thinks it can make use of and that includes your IP address. It then uses that IP address to build a database about all the searches you conduct. But it gets worse. If you are foolish enough to install a Google Toolbar, it then tracks every web site you visit whether that web site is willingly participating in Google’s cookie tracking scheme or not.
And Google’s not done yet. They have recently taken over one of the largest cookie-tracking networks in the world, Doubleclick. Combining Doubleclicks reach and ability to track a massive amount of internet cookies with Google’s massive presence and technology, cookies set by either of these two outfits does in fact pose a real risk to your privacy.
What are you saying? Should I disable cookies or not!?
The solution is not to disable all cookies. Doing so will make your use of the web much more difficult and much less pleasant. There is one relative easy solution that allows you to keep all the good functionality of cookies without being subject to the privacy invasions that are multiplying across the net.
That easy solution is to join the Anonymizer service. As you can see on our Identity Protection page, that service protects you from much more than cookie privacy invasions and we consider it a basic part of any Secure Surfing Toolkit.
How it protects you from cookie tracking is by completely hiding your IP address. Google and anyone else can track the IP address all they like but the records created will be essentially useless for any targeting, profiling, tracking or other snooping. Because all your browsing and cookie information will originate from Anonymizer’s IP Address, not your own. All the other members of Anonymizer will have their cookie and browsing information mixed in with yours so not only can the cookie issuer not tie to any one person or computer, it is basically impossible to build even an abstract profile.
Doesn’t this hurt your ability to receive contributions from sponsors?
Frankly yes. It hurts financially a lot. The reason is that most of our sponsors will make a contribution even if an SSO reader does not buy on the first visit from our site, but comes back many days later and does buy. Because the user has a cookie stored on their computer (it’s there for a maximum of 120 days), the sponsor is able to see that you discovered them through this site. If you use techniques that strip the ability of the cookie to deliver that information or if you erase cookies before you buy the product, then the sponsor does not know that they should make a contribution to us.
However, this is not about SSO getting contributions. It is about taking the necessary steps to protect your privacy and your identity. That’s not worth trading off for a few nickels here and there. We strongly recommend that you do join the Anonymizer service. If you are genuinely concerned about ensuring that SSO gets its contribution from a sponsor, the easy way to ensure that is to only go to their site by coming here first and then purchasing the product or service that interests you. But honest, we really aren’t concerned about it.
