Cookies: The Good, the Bad, and the Ugly

One of the most frequently asked questions that computer technicians hear is, "What, exactly, is a cookie?"

The simple answer is that a cookie is a small file that a Web server places on your browser when you visit a Web site. The file contains certain information that is passed back to the server when it is requested. Some cookies, known as session cookies, persist on your browser only for a single browsing session. Other cookies, known as persistent cookies, stay on your browser until they expire. They may be set to expire after only a few hours, or to persist for many years.

That's the simple answer. But the whole subject of cookies is a controversial one, with extremists on both sides of the issue fanning the flames -- and often causing bewilderment and anxiety for average Internet users who happen to stumble across their rants. This is unfortunate. The fact of the matter is that whatever your feelings may be with regard to cookies (or the broader issue of Internet privacy in general), you, as a computer user, have absolute control over how your computer will handle cookies.

Before we get to that, though, let's look at the subject of cookies in general.

The Good

Cookies have a lot of good things going for them. By choosing to allow your browser to accept cookies, you can make your Internet experience a whole lot easier.

For example, some cookies allow your browser to pass technical information about your computer, your Internet connection, your Web browser, and other non-personal information to a Web server, thus enabling the server to provide you with versions of the Web page that are optimized for your particular configuration. Cookies can also be used to gather anonymous information about the relative popularity of various pages of a Web site, how long people tend to stay on a given page, and other statistical information that webmasters can use to make the site more appealing and useful.

Some cookies can actually enhance privacy and security by enabling secure data transactions between your browser and a secure server.

Cookies can also be used to store login information for sites that require user logins, if you choose to do so. This prevents you from having to log in every time you want to view the site. You may not want to use this feature for sites where sensitive information (such as bank statements) might be accessible; but it certainly comes in handy for sites such as the New York Times online edition, which requires a user login simply to read the news.

Cookies can also be used to store information about your preferences, such as which weather reports and local news you would like to have automatically appear when you open your Web browser. Usually this is done by storing your ZIP code (or some number derived from your it) in a cookie.

And finally, cookies facilitate advertising. Some would question why we include this as a good thing, but the fact is that the free Internet is dependent on advertising. Most (but not all) advertising cookies simply enable an advertising server to keep track of how many clicks and/or sales originated from ads on various Web sites and the amounts of those sales. At the end of each month, the aggregate clicks and sales for each site are totaled up, and commissions paid accordingly. These commissions are the life blood of the free Internet.

The Bad

Some advertising cookies, commonly called tracking cookies, persist on a browser and continue to collect information for weeks, months, or even years after a site visitor has visited a site.

Frankly, most tracking cookies are relatively harmless. Tracking cookies keep track of what types of sites a computer visits and enable ad servers to send targeted advertising to that computer. But in most cases, no personal information (such as a user's name, address, and so forth) is collected.

Nor will the user necessarily see more banner ads because of a cookie on their browser. The difference is that if you choose to refuse or delete the tracking cookie, you will still see randomly-selected, generic ads rather than targeted ads.

Nonetheless, many Internet users resent their browsing habits being tracked at all. That's why most Internet advertising companies provide some way of "opting out" of their campaigns. The Center for Democracy & Technology maintains an excellent site that explains how to do this.

Ironically, opting out of advertising cookies usually requires the use of cookies. Opt-out cookies, however, are generic in nature and contain no machine-specific information. They simply instruct the ad server not to track your computer.

Another problem with very persistent cookies is that they tend to clog up your browser. Eventually, accumulated cookies can also slow down your Internet connection, cause pages to render improperly, and cause other performance issues. When this happens, the simple solution is to simply delete all of the cookies. (But before doing so, make sure you know all of your logins and passwords because sites that once recognized you and logged you on automatically probably will not after you delete all of your cookies.)

The Ugly

It is possible to use cookies in conjunction with malicious programs that can gather and disseminate personal information about a user. This generally requires that the user download and install a program (usually a so-called "free" program) that installs spyware onto the user's computer, in addition to the cookie itself.

In a best-case scenario, all that will happen as a consequence of this will be that the user will receive more spam (and perhaps postal junk mail and telemarketing calls, as well). The user may also suffer some slowdown of his or her computer and Internet connection, as the spyware programs utilize system resources. Over time, accumulated adware and spyware can cause major problems -- even including system crashes and data loss -- to a computer system.

A worse scenario is that personal information will be wind up in the hands of people who will attempt to directly contact the individual for fraudulent or otherwise nefarious purposes.

Next: Managing Cookies