Some cookies leave a bad taste; be careful if you nibble on the Net

Mom warned you about taking cookies from strangers; although she wasn’t
talking about the Internet at the time, her advice is still relevant. Behind their
innocuous name, cookies are essentially requests for information about you.

If you accept a request to send your computer a cookie, the sending Web site can
retrieve its cookie later along with whatever information it gleaned.

Some cookies do nothing more than store your name for faster, easier access to e-mail
or customized sites. Some helpfully store your preferences so that a Web site knows, for
example, which regional weather report you need. Some remember your shopping list until
you place an online order.

Cookies are just text files and seldom contain sensitive information—unless you
consider everything about your life sensitive, as many people do.

But cookies do have a sinister side. For example, a cookie might be constructed to
track all sites you visit and upload this information the next time you visit the
originating Web site. A cookie can even be retrieved by a site other than the one that
originally sent the request.

A GCN reader recently wrote me asking if there were some easy way to accept cookies but
automatically insert false information. I applauded the reader’s attitude toward
privacy protection but wasn’t able to locate software to do exactly that.

The problem is that there are so many cookies and they do such different things that
the reader’s scheme is impractical, although cookie-management utilities do come

If you particularly dislike a few individual cookies, you could edit their text files
manually. An automatic program that changes only cookies you dislike would have to be
handled carefully, however.

You could instruct your browser to reject all cookies, but that eliminates the
cookies’ active help and makes it more difficult for you to surf the Web. To see just
how pervasive cookies’ help is, try turning them off.

In Netscape Navigator, pull down the Edit menu, click Preferences, Advanced and check
“Warn before accepting a cookie.” In Microsoft Internet Explorer, click on View,
Internet Options, Advanced and select “Prompt before accepting.”

You will be amazed at how many cookies have been flooding your system. On some Web
sites, you will have to start entering user names you’ve probably forgotten. Other
sites will request permission to send you a cookie every few seconds until it becomes
impossible to load the page.

This creates havoc for most users, so I suggest you choose one of the other options. I
always surf with Navigator set to accept only cookies that go back to the originating
server. That provides pretty good security without making my online life more difficult.

Internet Explorer is less friendly in this area. Although it has lots of ways to adjust
and enhance security, it leaves out one simple cookie control feature that Navigator does
offer: the ability to restrict cookie use to the originating Web site.

Neither Explorer’s nor Navigator’s help index even refers to cookies. Shame
on developers for omitting user information about this security concern.

You can look in c:\Windows\Temporary for files whose names start out Cookie: to see
which Web sites sent them. For more information, visit for a
frequently asked questions list, access to the Energy Department’s Computer Incident
Advisory Capability report on cookies and much more. The links here will either feed your
paranoia or reassure you.

The CIAC report says cookies can’t harm your computer, because users have good
control over them, either by changing the cookies themselves or by installing
cookie-management software.

I consider this position naive. Only a tiny percentage of users seem to know about
cookies, let alone finding and altering them on their hard drives.

To explore your Windows 95 computer running Navigator, look in c:\Program
Files\Netscape\Users and select your sign-on name file. You should see a cookies
document—a generated list of cookies, not the cookies themselves.

Now look in c:\Windows\Cookies\ to decide for yourself whether cookies are easy to
manage. Here’s a sample cookie from my system:
“session-id-time*892022400**0*1410 … ”

Is that something I don’t want my favorite bookstore to know? No, it’s just a
record that makes my online time more productive. But could you tell just by reading the
number strings?

Personally, I don’t object to cookies. I do so much Net research that any
information gleaned about my activities is bound to be inaccurate and confusing. I often
enter random preferences to test Web sites’ flexibility and to serve a second
purpose: swamping data gatherers with random, useless information.

You can either feed the snoops nonsense at every opportunity, or you can try to keep
every aspect of your life secret—and a difficult and frustrating life it will be.

If you’re concerned about cookies or want to join the privacy fight, take a look
at Cookie Cruncher, a free utility downloadable from Cookie Cruncher lets you view, edit and delete

Another useful piece of freeware is Anonymous Cookie from It has
a similar set of tools to keep your browsing activities and preferences confidential.

Both programs work with several versions of Internet Explorer and Navigator. Either
will block cookies selectively. Be careful if you want to send out smoke-screen data or
delete only certain cookies.

I’d like to reassure you that it’s impossible to gather overtly harmful
information through cookies, but even paranoids have enemies.  

John McCormick, a free-lance writer and computer consultant, has been working with
computers since the early 1960s. E-mail him at [email protected].


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected