Are persistent cookies the coolest thing since Pepperidge Farm or a tool of the devil? The debate rages on.
COOKIES ARE "A GENERAL MECHANISM which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection." In English, this means that a cookie is a variable and value that your browser can store and repeat back to a website. This has many practical applications. A favorite one is shopping carts. You can select items you want to buy from, say, Amazon.com, and the site uses cookies to keep track of your choices. Even if you leave the site -- and come back several weeks later -- the site can retrieve its cookies and offer you the opportunity to buy the books you've chosen after you've had time to think about it.
Another application is sites that require registration, such as pay-for-use. Few of us want yet another password to remember, and having to bookmark a special URL can be troublesome, especially if your bookmark file gets trashed when you upgrade to the latest browser version. Cookies allow such a site to leave the information attached to your browser so you can quickly get back in.
So if cookies can be so cool, why do so many people hate them so much? The arguments range from concerns about the use of valuable disk space to paranoia about government oppression.
Disk space is a minor concern. The number of cookies a browser can store is limited. The cookie specification calls for a browser to hold a minimum of 300 cookies. Each cookies can be no larger than 4 kb and no more than 20 cookies can come from any one domain. That's a possible total of 1.2 MB. In this day and age of multi-gig disks, that seems a small price to pay for the convenience.
We're all told to forget our concerns about information security. A particular server can only access cookies it wrote to your browser. It can also only get information out of you that you give to it. Cookies can't magically discover your email address; they can store it if you type it into a form on the server. The short of it is -- having a cookie store information is no more dangerous than the act you took to give it the information to store. Caveat emptor is the rule: Only use your credit card number on sites you trust, if you trust any. Think about to whom you want to give your email address or any other personal contact information.
If you're still not convinced, technology at least provides a way to control cookies. The easiest step you can take is tell your browser to notify you before it accepts any cookies. For each cookie, you will get a notification of what value it is trying to store and how long it will store it for. You can choose to accept or reject the cookie. You can also lock your cookie file, which will force cookies to stay in memory. They'll be usable during your current session, but not written to disk.
One advantage to cookies that privacy freaks often overlook is that they offer a checking balance to a lot of the data collection that is done on the net. Many sites are using cookies as a way to keep information about users to allow personalization of their sites, while not paying the cost in memory and server usage of having a centralized database. Since we, the users, have the data on our clients, we can review and eliminate any cookies we find to be undesirable. As anyone who has ever had to have their credit report pulled knows, it sure would be nice to have this sort of power in other aspects of our lives.
Cookies in and of themselves are not a threat. It's only improper use of cookies -- combined with willingness on the part of the Internet surfer to give out freely information that should be kept private -- that could make them dangerous. Used wisely, cookies make our browsing experience more enjoyable, personalized, and tasty. Anyone got a glass a milk?
