What is a Cookie?

Cookies were introduced to Internet browsing by the pioneering firm Netscape.The name "cookie" was a term already in use in computer science for describing a piece of data held by an intermediary.

Internet cookies are small pieces of information in text format that are downloaded to your computer when you visit many Web sites. The cookie may come from the Web site itself or from the providers of the advertising banners or other graphics that make up a Web page. Thus visiting a single Web site can actually result in the downloading of multiple cookies, each from a different source. You may never actually visit a page of one of the major advertising agencies like Doubleclick.com but you will still get cookies from them. Cookies typically contain some kind of ID number, a domain that the cookie is valid for, and an expiration date. They may also contain other tracking information such as login names and pages visited. Since they are in text format, they can be read with a regular text editor such as Notepad although the contents may not necessarily seem to make a lot of sense.

There are a number of cookie viewers available, which will also give some information about the meaning of the content. A good freeware program is Karen’s Cookie Viewer by the well-known programmer, Karen Kenworthy. Other software is listed in the sidebar. These programs can also be used to delete selected cookies.

Where are Cookies Kept?

Each type of Internet browser designates a particular place for storing cookies.

• Internet Explorer (IE) has a folder Cookies\ where cookies are kept as small individual text files, one for each cookie. In Windows 98/Me, the IE cookie folder is a sub-folder of the Windows folder. Windows XP has different folders, one for each user, \Documents and Settings\[User name]\Cookies\. As part of a complex caching scheme, pointers to IE cookies are also kept in the folder Temporary Internet Files\.
• Since AOL uses Internet Explorer underneath its proprietary interface, it employs the same method as IE and cookies are in the same place.
• Netscape and Mozilla related browsers use a single text file, cookies.txt, with each cookie occupying one or more lines within this one file. The location of the file depends on your version and type of browser.

The easiest way to find where cookies are kept is to do a Find or Search either on the folder name "Cookies" or the file name "cookies.txt", depending on your browser.

What are Cookies for?

They are necessary to provide the function of “persistence”. Browsing the Internet involves what is known as a “stateless” process. In other words, a Web site ordinarily has no memory of who comes and goes. (Actually, logs of traffic are kept but these are not involved here.) As soon as the information that your browser requests from a site is downloaded to your computer, the connection is dropped. If you return to the site a minute later (or whenever), the site has no knowledge that you were just there. If a site has several pages and you go from one to the other the site does not remember which pages you have been to. That is, it won’t unless a cookie is on your machine to remind the site and provide continuity. The Unofficial Cookie FAQ gives the following

There are many reasons a given site would wish to use cookies. These range from the ability to personalize information (like on My Yahoo or Excite), or to help with on-line sales/services (like on Amazon Books or eBay), or simply for the purposes of collecting demographic information (like DoubleClick). Cookies also provide programmers with a quick and convenient means of keeping site content fresh and relevant to the user's interests. The newest servers use cookies to help with back-end interaction as well, which can improve the utility of a site by being able to securely store any personal data that the user has shared with a site (to help with quick logins on your favorite sites, for example).

More details of how cookies work and what they do are given in the references in the sidebar.

Cookies and Privacy

Although some cookies provide a useful function, many others may not be desirable. As the Internet has evolved from its beginnings in academia and government to a commercial enterprise, cookies have inevitably been turned into a tracking mechanism used by advertisers. In principle, cookies are only accessible to the site that originated them but large advertising agencies with many clients can easily circumvent this restriction by collecting information for all their clients under one domain. A fairly harmless (and perhaps even useful) advertising application of cookies is to rotate banner ads as you go from page to page to make sure that you do not see the same ads over and over. However, there are more invasive tracking methods that might involve cookies and therein arise privacy issues. The privacy problem is beyond the scope of this article but some references are given in the sidebar.

It should be emphasized that cookies are plain text files and, as such, are not executable programs and cannot do anything to your computer.

Managing Cookies

Many PC users do nothing to manage cookies and simply accept whatever comes their way. This policy of neglect had more to recommend it back when cookie management was fairly arduous and time-consuming. Today, however, the obstacles to cookie management are low enough that at least some form of basic management should be a standard practice.

There are several reasons why a PC user might consider exerting a little effort in this area. First, the volume of cookies sent out these days is so large that a computer will rapidly acquire hundreds of cookies. It isn't unusual for me to pick up 30 or 40 in a single hour of browsing. Some of these cookies are useful but most are tracking cookies from advertisers. Simply from disk housekeeping considerations, you might want to keep the number down. A more serious consideration for many is the possible privacy issues that arise from the tracking cookies. Controlling cookies isn't that difficult and here are some methods.

• In theory you can simply refuse all cookies. All standard browsers allow for this option. However, this is not a very practical solution. Too many sites use cookies for useful or benign purposes. Also many sites require cookies to be enabled before they let you view them.
• A better alternative is to selectively block and/or remove undesirable cookies while keeping good ones. There are a number of approaches.
  • One way is by do-it-yourself methods involving such things as editing the actual contents of the IE cookie folder. This is tedious and there are better ways.
  • The major browsers have added ways of selectively configuring for cookies. For example, Internet Explorer 6 has Privacy settings with a number of cookie options. Among the options is the ability to list specific sites whose cookies are to be rejected. This gives a PC user the option of refusing cookies from certain advertising agencies such as DoubleClick that use aggressive tracking methods. Details for IE are in this tutorial. The Firefox browser has even more cookie control in its setting Tools-Options-Privacy (more details on this page.)
  • There is a whole assortment of Internet security software, some free, some commercial, that include cookie management. Two free programs are this script and Karen Kenworthy’s Cookie Viewer. The major commercial players like Symantec and McAfee now include cookie management in their Internet security suites as do firewall applications like ZoneAlarm Pro. Tracking cookies are specifically targeted by many spyware removal programs. There are also programs such as Cookie Crusher designed to deal specifically with cookies. See the sidebar for references for various programs.
• More details of cookie management for Internet Explorer 6 are given on the next page.
• Cookie management in Firefox is discussed on this page.