Should you toss your cookies?

In a recent column, I gave an address for downloading an interesting bit of free beta software. Although many people downloaded and used the beta, I got enough mail of the following sort to make me wonder:

"NO Cookies! Cookies not worth it. My Privacy is not for sale."

"I WILL NOT ACCEPT A COOKIE EVEN FROM GOD! I WON'T ACCEPT SCUMBAG COOKIES."

Yikes! To tell you the truth, I hadn’t even noticed that the beta site used cookies: I have my browser set up not to complain when a site wants to set a cookie.

"Cookies" are text files that can be created by JavaScript or HTML embedded in web sites you visit. They’re commonly used to track which pages you’ve visited, which ad banners you’ve seen, whether you’ve registered or not, and so forth.

You can see what cookies have been set on your system by looking in the cookie folder. MSIE uses /windows/cookies; Netscape uses the Netscape/Users/YourName folder. You can open and read your cookie files with Notepad.

To me, cookies seem pretty harmless. Despite commonly-voiced concerns among the anti-cookie faction, cookies (or the JavaScripts that create them) won’t let website owners surreptitiously figure out who you are, for example, or reveal credit card info, or covertly index all the software on your hard drive to list the serial numbers (or lack of serial numbers) of all your software.

If you voluntarily enter personal information into a web page questionnaire or order form, then that information could be stored in a cookie, but it could only store what you’d entered.

A clever JavaScript can sniff out what kind of browser you’re using, what OS you run, what your screen resolution is, and some other similar pieces of information. That all could, in theory, be stored in a cookie--- although I don’t know why it would be since that all can be determined on the fly.

And even if all that were baked into a cookie---so what?

There are ways malicious webmasters can try to obtain specific kinds of personal information from your system, but this kind of bad behavior involves holes in browser security, and has nothing to do with cookies per se. In fact, it would be stupid for a malicious website operator to place illicitly-obtained information in a cookie, where you could see it.

Every day when you venture forth in the real world, you’re tracked on security cameras, through one-way mirrors, through credit card and ATM transactions, phone records, and so on. Against all that, cookies seems positively benign.