The web is just not a safe place any more. People take all sorts or measures to protect themselves from online threats — firewalls, antivirus and anti-spyware software, phishing filters, popup blockers, anonymizers, and anything "anti" that I may have forgotten; you name it, people have installed it. But even after all these fortifications something that you willingly allow on your computer may ultimately compromise your personal information — cookies.
What is a cookie?
A cookie is a small text file that a web site can put on your computer for storing information for specified amount of time, and sometimes even indefinitely (or at least until you get rid of it manually).
Web sites use cookies because, unlike desktop applications, they can’t "remember" information across pages. One web page can write information to a cookie, and another can read it before loading to give you an impression that the site indeed remembers your information.
Cookies can store innocuous information such as your color and font preferences, or highly personal information such as your credit card number. Therefore, browsers only allow web sites to access that they issued. A web site can’t access cookies issued by another web site.
Types of Cookies
Cookies come in several kinds:
Session Cookies
These cookies are sent back and forth between your browser and the web server on which the site you are currently viewing sits. These cookies are useful in storing information across web pages. For example, when you log in to a web site, your user ID may be stored in a session cookie so that you don’t have to identify yourself to the web server on every page. Or they may be used to store the items you have already added to your shopping cart until you decide to check out. Session cookies are generally harmless, and as you can see, even desirable.
Session cookies are alive only while you are connected to the web server that issued them. When the connection to the web server is broken, session cookies are lost. But remember that when you surf away from a web site, your session may not necessarily be over. You will have to close your browser to end the session.
Persistent Cookies
These cookies can be stored on your computer for extended periods of time. Persistent cookies have a timeout setting, which web site developers can set. A cookie can be made to stay on your computer for a period of time specified by that setting.
Persistent cookies are useful in many ways. Let’s say you visit an online store and add a few items to your shopping cart, but hesitate before checking out. By storing your items in persistent cookies, the site can allow you to quickly check out later, without having to add the items to the cart all over again. Another common example is the "Remember me" option for logging in to web sites. When you check the little box, your login credentials are stored in a cookie. The next time you go back to the log in page, your credentials are fetched from the cookie so that you don’t have to log in again. Web sites that use persistent cookies will generally specify how long they will store your information — the time out period – in their privacy policy.
First-party Cookies
First-party cookies are cookies that are sent to your computer by the web site you visit directly. If you point your browser at Amazon.com, and the site sends you a cookie, it is a first-party cookie.
Third-party Cookies
Third-party cookies are sent to your computer by a site you did not visit directly. Say you visit Amazon.com. Amazon may have sold advertising space on its site to a third party. The advertisements are pulled in dynamically when the page is loaded. In other words, the advertisement doesn’t come to your browser from Amazon.com; it comes from the advertiser’s site. The advertiser also may send a cookie to your computer, which becomes a third-party cookie.
Typically, only the web site that issues a cookie has access to it. This scheme of things makes sure that information you provide to one web site can’t be accessed by another. But if an advertiser advertises on several sites, its cookie can track your movements on all those sites. Well-meaning third-party cookie issuers will not use the information they store for insidious purposes behind your back, but the fact that it can be done at all, is the reason that makes third-party cookies dangerous.
Unsatisfactory Cookies
When something can be done from a technical point of view, it is only a matter of time before someone will do it even if it is ethically wrong. Naturally, you can expect at least some of the third-party cookies to breach your trust. Such cookies allow access to your private information behind your back.
Girl Scout Cookies
Girl Scout cookies are issued by little girls in brown vests….
Just kidding! Girl Scout cookies have nothing to do with your browser. They may clog your arteries, but they don’t compromise your personal information. Unsatisfactory and third-party cookies are the ones you have to be weary of, if you want to guard your personal information. You can do so by choosing the cookie settings in Internet Explorer wisely.
Setting Cookie Preferences in Internet Explorer 7 (IE)
Cookie preferences in IE are set on the privacy tab of Internet Options. To access them, pull down the Tools menu, choose Internet Options, and in the window that pops up, click on the Privacy Tab. A vertical slider control lets you set cookie preferences. As you slide the control down, the settings change from Block All Cookies at the top to Allow All Cookies at the bottom, and everything in-between. Now that you are compliant with all cookie buzzwords, you can read the description alongside the slider to make your selection.
You can further customize your settings by clicking on the Sites button just below the slider. In the windows that pops up, you can specify sites that you trust unconditionally by always allowing cookies from them and sites that you want to avoid like a plague by always blocking cookies from them.
When you choose settings by sliding the slider control, you accept the combination of cookie settings that each level specifies. If you are too picky, you may not like this automatic handling of cookies by IE. In that case, you can click on the adjacent Advanced button to choose the precise combination of various kinds of cookies to allow or disallow.
If after fiddling around with the settings, you find that you have landed yourself in a big mess, you can click the Default button to restore the settings to whatever they were when IE was installed on your computer.
Which Cookie Setting is Optimum?
There is no such thing as optimum cookie settings. If you block all cookies, you will probably have to limit your surfing to the original physics reports at CERN that the web was invented to share; almost all modern sites use cookies of some sort. If you accept all cookies, you may soon have imposters claiming to be you all around the world. Like many other aspects of the Internet, you have to strike a balance between safety and usability.
The Medium-high setting on the slider usually strikes a good balance. But you may need to adjust the settings depending on your specific needs.
It is a good idea to clear cookies periodically from the General tab of Internet Options by clicking on the Delete… button and then clicking on Delete Cookies… button in the window that pops up.
No cookie setting can protect you from all threats all by itself, but it is an important component of a defense-in-depth protection strategy that includes a firewall and all the "anti"s that I referred to at the beginning.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
