Posted 12/Jun 2011 at 18:47
by in Science & Tech read by 96 people

The Monster Called Cookie - And why it won't actually harm you

It must have been over ten years ago that people on the internet were last scared of browser cookies. Knowledge about the internet was rather scarce and people thought that with a coookie websites could install virusses, steak credit card information and what not. Many websites had special pages, informing users what cookies actually were and why they wouldn't damage anything on the visitors computer.

People believed what websites wrote about the cookies, and the scare faded away.

Until about a year ago. The EU was quite pleased about their victories over Microsoft in the Media Player and Internet Explorer cases, the results they had booked in their attempt to globalise the mobile phone market and several other technology related regulations. They must have gotten bored, and started to read up on some discussions from the nineties about cookies. I imagine that somebody mentioned privacy, which led to the cookies getting back on the table.

Some plans arose to force website publishers to explicetly ask for permission to place a cookie on the visitor's computer to protect the users's privacy against advertisers. For a year I've been laughing about it, as surely nobody could be stupid enough to actually go along with those rules. But it's all getting way too serious for me now. Let's take a look at what the worst thing is a cookie can do:

  • Help a website remember when you first visited them
  • Store information you have entered yourself on that particular website

Yup, and that's basically it. Based on that, a website can (among other things):

  • Redirect you to the proper (localized) version of that site - such as CNN and YouTube do
  • Remember some preferences, such as BBC and Google do
  • Remember that you have logged in, and log you back in automatically - such as Ilikealot, Facebook, Twitter and yes - well, every website which has a login does

The thing it doesn't actually have anything to do with is passing on information - such as your age and gender -  you entered on - let's say Facebook - over to an advertiser. Surely, websites can do that, but they don't need cookies to help them with it. Facebook stores the information they have about you in their database, and when they want to display an advert they can send a request to the advertising service which includes your basic profile data which then returns with an ad tailored to you.

Completely without the help of any cookie - well, apart from the cookie Facebook needs to identify you. But that's the cookie you actually want them to store; you wouldn't want to have to enter your password every time you click anything on Facebook now would you?

Now, of course the advertiser can also store the same kind of things in a cookie as Ilikealot, Facebook and Twitter can. And because the website you're actually visiting may have been able to send some profile data over to the advertiser, it can also store that. But it can also do that without a cookie. The advertiser would however also be able to remember you, and with that remember which ad you last got served on one site, and whether you clicked on that. Next time you visit a website which displays adverts from the same network, they can use that information to show you a different ad (so you don't get bored of the same ads) and perhaps show you an ad that matches with the last ad you clicked on.

And because they can do that, they can show you ads which match better with you so they can earn money and the site you're visiting can be free of charge to use.

The funny thing is that they don't actually need cookies to do any of this. The cookies just make it more precise. Advertisers could also store the same information based on your IP address - and there is no way to opt-out of sending your IP address. In most households this would mean that an advertiser won't be able to tell the difference between the mother, father, son and doughter of the house so adverts would be more tailored to a household rather than a person.

Basically the point I'm trying to make is that if EU wants to protect the privacy of EU citizens better, making legislation in regard to cookies won't make the big difference. The real privacy concern sits in the ability for websites to pass on profile information to third parties - with or without the help of cookies. Rules which forbid or limit this practice would be a lot more effective.

Personally, I'm very happy for Facebook to tell advertisers about my basic demographic information. I prefer seeing ads that interest me over something that really holds no value for me.

  • I'm a man; show me pretty girls! 
  • I'm in a committed relationship, so don't bother me with the "dating ukrainian women" ads
  • I'm close to 30 - so I probably don't need any hearing- or mobility aids
  • I don't have kids; so I'm usually not too interested in ads about toys, unless it's christmas time ;)
  • I'm a freelance web developer - so I'd be glad to see good deals on books about programming or interesting hosting deals

But sometimes I don't want any ads so I'd appreciate it if more websites would have the option of turning displaying adverts completly off. Perhaps take payment for it.

Oh, and one last thing - the proposal currently says that websites need to ask the user for permission to store cookies. Fine, but how is a website supposed to store this user preference if the user says no? After all, the choice would have to be saved IN A COOKIE!

You might also want to explore these likealots