Businessweek Archives

Internet cookies leave a bad taste


? Giving iPods to the sales force |

Main

| All the uses for podcasts ?

June 02, 2005

Internet cookies leave a bad taste

Stephen Baker

Internet cookies, a vital tracking tool for the advertising industry, are widely distrusted. A new study by BURST! Media shows that nearly half of adult Web surfers erase cookies from their computers. And 38% of them do it monthly. This release Download file , which I couldn't find on the Web, has loads of good stats.

11:27 AM

advertising

TrackBack URL for this entry:

http://blogs.businessweek.com/mt/mt-tb.cgi/

If somebody would just come up with a decent description and more professional name for "cookies", we might be able to finally make some progress with the issues related to cookies.

The primary issue here is that cookies relate to your personal "identity", and privacy is a big deal to a lot of people. By skirting around and evading a direct discussion of privacy, disclosure, business relationships, legitimate needs for commercial use of personal data, etc., we have essentially opened up a lot of wounds, refused to treat them properly, and stand idly by while they continue to fester.

There is *some* renewed interest in addressing identity issues, but the treatment to date has been far too primitive to be even remotely effective.

And, I would note, there is a serious deficit of spending on the kind of basic computer science research needed to more fully characterize identity issues and approaches to interactions. Anybody who thinks that all of the problems can be readily addressed with off-the-shelf technology or by simply writing a little more "code" is seriously and dangerously deluding themselves as well as those who must make public policy about computer-related issues.

-- Jack Krupansky

Posted by: Jack Krupansky at June 2, 2005 12:42 PM

One thing that few people realize is that while there may be issues with cookies, the alternatives are all worse. I was active in the IETF discussions when the "State Management" or "Cookie" standard was being written and one of my primary motivations for working hard on this technology was to ensure that people's privacy was better protected than it would be with the alternatives!

Many sites, particularly commerce sites, *must* have some ability to store "state" in order to work properly. When you move from one page to another, there are only two choices that the site has in order to remember what page you were on last. 1) It can give you a cookie or 2) It can embed the cookie-like information in the URL you navigate to. Cookies are the MOST PRIVATE way to do this since no site other than the site that creates a cookie can see the cookie data. If sites modify the URL instead of using cookies, then other sites can see the private "state information" when you surf to them. This is because web browsers will report the "referer" (the page you were last on) whenever you navigate to a new page. Thus, if a site uses your user name, SSN, etc as an identifier, if they embed that data in the URL, then other sites will be able to see it in referer attributes. If the site uses cookies, that data can not leak between sites and your privacy is maintained.

Much of the reporting on "problems" with cookies simply exhibits either the ignorance of the writer or their desire to ignore reality and stir up excitement. The reality is that cookies are the most private of the state-management mechanisms that are possible with HTTP. Cookies may not be perfect, but they are the "most perfect" of the possible solutions to the state management problem.

bob wyman

Posted by: Bob Wyman at June 2, 2005 04:50 PM

What would be nice is an easy way to automatically differentiate useful cookies (e.g., content sites that reqire subscription, e-commerce sites, etc.) from the rest. I would like to delete my cookies on a regular basis but don't want to delete them all due to the fact that I have tens of useful cookies hidden among the hundreds of useless ones. I also don't want to take the time to try to decipher which ones are useful and selectively delete the rest. Perhaps there is an easy solution out there (e.g., along the lines of the pop-up blocker toolbars) and I'm just not aware of it.

Posted by: Gerald at June 3, 2005 02:54 PM

what percent of that 38% know that they are deleting important registration, identity, password, and personalization data when they do that?

what percent are just hitting the "delete all" button in some spyware removal application?

something way more granular and informative to the consumer is needed in this area.

Posted by: fred at June 3, 2005 08:58 PM


Tim Cook's Reboot
LIMITED-TIME OFFER SUBSCRIBE NOW
 
blog comments powered by Disqus