by June 2, 2003 0 comments



In a geek’s world of protocols, routers and markup languages, cookies are not biscuits, but computer files that clog his disk. A cookie is a very small text file, of about 4 KB, that websites use to record a user’s activities at the website, usually without his knowledge. A Web server places a cookie on the user’s hard drive, so that it can be later used to understand the user’s profile. A Web server can access only the cookie that it has created, not a cookie created by any other server.
A website may use cookies for many reasons: to personalize information, to help with on-line sales/services, or to simply collect demographic information. For example, the website can recognize you from your cookie ID, instead of your username, and provide you personalized content. From the user’s perspective, using cookies does away with the hassles of having to log in each time. But, the cookie protocol, originally designed with the good intent of customizing content for the user, has now come to compromise user privacy.

When you type in
www.google.com,
the browser checks for a Google cookie on your hard disk. If it finds one, it will send data to the Google server

How it Works
This is how the data transfer takes place.

  • When you types in a url, say www.google.com, the browser sends a request for the homepage to the google server.
  • At the same time, the browser checks if there are any cookies associated with google on your hard drive. If it finds a Google cookie, it sends all the data in the cookie to the Google server along with the url. If it finds no cookies, it sends no data.
  • Google’s server receives the request for the page along with the cookie data. If it receives no cookie data, it treats you as a new user. It creates an ID for you in Google’s database and sends the cookie data to your machine in the header of the required page. The browser stores the data on your hard disk.
  • The server can then retrieve and modify the cookie data whenever you access the website later.

Compromising Privacy
How can a small file jeopardise your privacy? Whenever you visit a site, the details relating to the time and date of your visit are recorded in the server’s database. The server also stores all your activity at the site: all the links and ads you accessed, the various search queries you made, and even your online purchases. All this is personal information.

Consider what a Web administrator can do with this data! He can use it to fine-tune his service or to sell it to other agencies at a premium. These agencies, in turn, can use this information to pinpoint users of their interest and target them for their campaigns. This is the root of almost all spam mail. 

There are companies that specialize in this sort of spywork, DoubleClick being a well-known example. DoubleClick is a ‘targeted marketing’ company that can place small GIF files on websites. Many companies use DoubleClick to serve ad banners on their sites. 

DoubleClick is a well-known example of a
company that specialize spying on your online activity for targetted marketing

What’s DoubleClick
If you open your cookies’ folder, you’ll surely find a cookie from ad.doubleclick.net, even though you may have never visited http://ad.doubleclick.net. How does such a cookie find a place on your hard disk? The answer stems from an ingenious solution formulated by DoubleClick, which is as follows. Most sites on the Internet do not keep their ads locally. Rather, they subscribe to a media service that places those ads for them. This is accomplished via a simple HTML call to the media service. When a page is requested, it is assembled through many HTTP requests by the browser. First, there is a request for the HTML itself. Then, everything that the HTML needs is requested, including images, sounds and plug-ins. The call to the media service is an HTTP request for an image. Once the request is made to the media service, it can return more than just an ad. It can also return a cookie. Or, if it is has given you a cookie previously, it can read that first, and check to see what ad to send. The result is that you get a cookie from the media service without ever having visited it.

DoubleClick can spy on you, tracking wherever you go, what subjects you are interested in and which products you buy from an e-store. Once, they accumulate the data, they sell it to marketing agencies and distributors.

But, all is not bleak. IETF (Internet Engineering Task Force), a non-profit organisation is considering a proposal to fix some problems with cookies. If implemented, it could limit the use of cookies and give the user greater control over the management of cookies. The most controversial issue of the proposal is the ability to limit or stop cookie requests from third-party servers.

This would throw the future of targeted marking firms like DoubleClick, Globaltrack and ADSmart into jeopardy.

Pradeep James M

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<