Financial Daily from THE HINDU group of publications
Wednesday, Sep 25, 2002

Port Info

Group Sites

eWorld - Internet
Info-Tech - Privacy

Get off my back!

Pratap Ravindran

That's a plea in vain. Face the fact. Cookies — not those crisp and crunchy treats but the small pieces of information written to the hard drive of an Internet user — can track you better than 007. Get the latest on stuff that's hot on your heels.

EVEN paranoics are right, at times. Bear that in mind and, the next time you get this strange, creepy feeling that you're being tracked by your computer, don't give away all your money for the rehabilitation of the digitally challenged and then get yourself declared mentally incompetent.

Because, the odds are that your computer is tracking you......

It's done with cookies.

Cookies are very small — typically about 4k of disk space each — pieces of information written to the hard drive of an Internet user when he or she visits Web sites that offer them. Their size notwithstanding, they usually contain a whole lot of critical information including the names of the Websites that issued them, passwords, user names and credit card numbers if the users have entered them in any online forms. The information gathered is linked to unique IDS assigned to cookies so that it is available from one Internet session to another. By definition, they are retrievable only by the Web sites that issued them...but, if you believe that, you might as well put in your bid for the Taj Mahal through an online auction site.

Living, as we do, in jaded times, you might find this difficult to accept but the fact is that cookies were originally as wholesome as they sound and designed to benefit Web users. Perfectly legitimate online organisations used cookies to store user IDs and passwords so that people wouldn't have to commit them to memory and re-enter them each time they `visited' the outfit. And then again, some popular search engines wrote cookies that could "remember'' usage patterns and offer "customised'' services structured on the basis of these patterns.

Cookies, like a lot of other things, turned toxic when the ad crowd got their grubby hands on them. As cookies can be matched to the profile of users' interests and browsing habits, the ad wallahs were quick to exploit this characteristic to fine-tune their pitches to appeal to individual users. Being ad-men, they couldn't possibly tag the tweaking of cookies as a hi-tech snake-oil sales technique and called it the "targeting of advertisements'' instead. Outfits like DoubleClick Inc and MatchLogic were the first off the starting block in the deployment of cookies to enhance "the efficiency'' of the placing of advertisements on Web sites. And there were a lot of takers for their services. 3M, for instance, retained DoubleClick to help `target' Internet banner ads for a pricey multimedia projector so that they would catch the attention of those users who were most likely to purchase it.

A voyeuristic Big Brother is bad enough....but having one who insists on behaving like a carnival barker is worse.

In the late nineties, advocates of Internet privacy grew concerned about cookies (which they crisply defined as something stored in the users' computer without their knowledge or consent). Their opposition to the anonymous placement of cookies in a computer without alerting the user was reflected in the subsequent upgrades in popular browsers such as Microsoft Internet Explorer and Netscape which began to offer alerts when a cookie was being offered. But the alerts were just that — and told browser users little or nothing about the nature of the information stored in cookies.

Inevitably, the reservations regarding cookies shared by all those who are not willing to compromise on Internet privacy issues persist. They point out that cookies can — and often do — access personal data stored on a user's hard drive. Many will recall in this context that cookie programming, at one point in its development, allowed access to the user's e-mail address as specified in the Netscape/MSIE preference file. They will also remember that, not so long ago, the Netscape Communicator contained a bug that facilitated access by a Web site to the information passed between the site and the cookie file, including credit card numbers and passwords.

Privacy worries

But, by far, the biggest cause of worry is that advertisers and webmasters are using cookies to develop a detailed profile of users and their browsing patterns. Thus, if you click on a particular advertisement or type of advertisement, this act is added to your profile. Sooner than later, somebody somewhere is going to come up with the bright idea of selling your profile to others — if this hasn't happened already. Big deal, you might say. So there will be an increase in your e-mail spam or junk paper mail — and you can live with that. But what if you are an activist, carrying on online research of sensitive subjects like political corruption or diversion of aid or terrorism? Just think of the harassment that you can be subjected to if your browsing patterns, your address, your credit card number, your e-mail ID and so on were to be made available to anybody with a little bit of money to spend!

While cyber law relating to cookies has a long way to go before it gets to be even vaguely satisfactory, the European Parliament, to the immense satisfaction of commercial interests, has voted in favour of allowing businesses to continue using cookies in their study of online user behaviour.

However, the legislation has favoured the so-called opt-out policy over the opt-in policy proposed by Internet privacy supporters to regulate the usage of cookies.

The opt-in policy requires that, before a cookie is served to the user for remembering log-in details or personalising a site, a pop-up box would appear, asking the user if he or she would allow the cookie to be stored. This policy was vigorously opposed by businesses on the grounds that it would "impede the browsers' enjoyment of the media.'' According to these businesses, an opt-out policy will not impede the users' enjoyment of the media — but will control how companies use cookies by placing the user in control of any situation requiring the input of potentially sensitive information.

In a post-Enron world, this delightfully liberal policy which rests, ultimately, on self-regulation by businesses with regard to the usage of cookies is ....somewhat less than reassuring.

Send this article to Friends by E-Mail

Stories in this Section
Touching the lows, for now

Rise and shine
Angling for business
Measuring up?
Get off my back!
'I've got the best view'
Error message
Subscription in IE
All about drives
System hitches
`It pays to tie the knot'
Breaking codes of conduct
When technology really delivers

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | Business Line | The Sportstar | Frontline | Home |

Copyright 2002, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line