Detox-Comic

What are internet Cookies and what do they do?

Since my PC was infected with a trojan webdialer I stepped up my security measures and I have gone out of my way to learn more about the security aspects involved when you surf the internet today. One of the measures I perform after surfing is to clean out my cache and make sure that all Cookie files are deleted. If I don't, Ad-aware will find them anyway. But what are Cookie files and should we be weary of them?

So why do we have these Cookie files?

The majority of internet sites are run by commercial bodies. Even those that are not commercial stay online by being paid to show banner adverts. The companies that pay for these adverts want to ensure as much exposure as possible. So when you access a web site, the site owner wants to know if you are a first time visitor or if this is your second, third or n'th visit. Why? So you don't view the same adverts every time. If it's your second visit today, they want you to look at another advert and another and so on.

So you connect to the website and it asks for a cookie on your PC to be sent to it.

Cookies are stored in the form:

yourname@thesiteyouvisited.txt

So if you have one on your PC named Dave@books4sale.txt then books4sale is the only server that can request that cookie.

If your PC says, "I don't have one that matches your domain name" then you are interpreted as a first time visitor and a new cookie is sent to your PC to store. Every time you return to this site your Cookie is read and updated so the site knows if you are a regular visitor.

So what is in a Cookie file?

Cookie files are really just text files that consist of name-value pairs. These are read into the web site database and assigned to a table whose key is your unique user ID. So usually the first name-value pair is 'user 123456' where the user id can be an incremented integer or character string generated by the web server. If you delete your Cookie file you get another unique id next time you access that particular site, and so on (note: This can cause problems if you access the net from different PCs which is why some sites prefer you to login first).

Generally Cookie files contain the following information but other sites such as those that employ shopping baskets may store additional data.

  • User ID
  • Service Provider
  • Operating System
  • Browser Type
  • Screen resolution and colours
  • CPU Type
  • Service Providers Proxy Server
  • Your IP Address
  • Which site you last visited (referrer)

If you delete your Cookie these sites just ask you to log on and send you another copy with your same unique user ID.

After each name-value pair the web sites domain name is usually found. For example:

User 123456 yahoo.com/

So is my data safe?

First things first is not to confuse cookies with spyware. Cookies in themselves are written to your hard drive by the sites you visit and only contain the data those sites write in them. They can then only be read by those sites. Another site cannot request the data. However there is an option you must select which is something like 'only allow cookies to be sent to originating server'.

Cookies allow web sites to customise the way they look to you based on what data is stored in your cookie. You may have already seen certain adverts so you get different ones this time. You may have opted for a different customised look so your layout options may be in the cookie and so on.

Data about who you are, where you live and your credit card details ARE NOT stored in cookies. These are stored in the database of the web site, which is hopefully secure.

So cookies are no risk to me?

Not in the sense that they can be read by anybody on the net. However, if you use a public PC others can access them. And if it's a work PC they can be used to find out exactly where you have been surfing. So keep that subscription to Playboy.com on your home PC!

Article update:

Tracking cookie: A tracking cookie is a cookie that is shared among unrelated web sites for the purpose of gathering data on a persons surfing habits. Participating web sites can access the cookie to learn about your surfing habits.

Worth knowing

Ok so you buy stuff over the net and you do not want to configure your PC to reject cookies or to delete them all before you shut down each day. What can you do?

First off I recommend installing Lavasofts Ad-aware free software. You can configure this to recognise cookies that you wish to keep (amazon, msn, play, for example) so they are not deleted. Then when you run Ad-aware it will only list any new cookies on your PC. You can add new ones to the ignore list and delete the rest.

If you are receiving cookies that you do not want to be written to your hard drive but keep returning after you delete them you can open up the cookie in a text editor, delete the contents and type utter garbage in it. Save it and set its permissions to 'read only', 'hidden' and 'system' so it cannot be read or written to by the web server.

Summary

Cookies:

  • Allow sites to see how well they are doing by being able to maintain more accurate hit counts
  • Allow sites to monitor user surfing habits while at their site
  • Give their users the ability to customise the way the site is presented to them
  • Can store shopping basket data
  • Saves you from having to log in every time.
  • Are stored on your PC but can only be accessed from the site that created them
  • DO NOT contain personal data about you
  • CAN be used by spyware (tracking cookies)

If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at dave@detoxcomic.com.

Article updated: 21-May-2006