|
|
The Risks of Cookies
Page 2 —
Cookie Abuse
There are several ways Web sites misuse cookies (sometimes inadvertently). For example, a Web site may choose to store a "membership" password unencrypted within a cookie. This isn't a good idea, since anyone who sees that cookie can easily read the password, and gain access to that site under the user's name. Passwords stored in cookies should always be encrypted.
There's also the question of how Web sites use specific demographic information. Let's say you run a site that happens to contain information on how to make pipe bombs or grow marijuana. Does the government have the right to subpoena your records to find out who's reading that information? The answer varies from country to country, but for some people, this makes accepting a cookie the equivalent of being under surveillance.
What you can do
Depending on how they're used, cookies may or may not be a threat to your privacy. Here's a quick list of things you can do if you're not comfortable with cookies:
- Many newer browsers, including Firefox and Microsoft Internet Explorer 9.0, contain an option for warning users any time a server tries to set an HTTP cookie. Users can then usually look over a cookie's contents before accepting or denying it. Most cookies don't contain anything more than a tracking number, or a username and encrypted password.
If you use this option, you may choose to set only those cookies you find valuable or that come from a site whose reputation you respect. Of course, there are so many Web servers using cookies today that it can quickly become too annoying to accept or deny each and every one - especially when surfing a site that attempts to set several cookies per page.
- You can force most browsers to refuse all cookies with a simple trick - make the file where your browser stores its cookies nonreadable. Windows95, Mac, and Unix systems all have file-locking methods that you can use to accomplish this (check your platform's user manual). Once you do this, browsers like Netscape or Internet Explorer will "skip over" any attempt to set a cookie, and erase their cache of session cookies the next time you quit and restart the browser.
Eventually, I think most Web browsers (particularly those in the public domain) will come with an option to refuse all cookies. The trade-off will be that you may lose some of the added functionality
cookies provide. You probably won't be able to use shopping carts, and you may have trouble logging into many password-authenticated Web sites.
- Another option on some sites is to use an anonymous account when you log into a password-protected area. If you dig around, you'll find some sites have these accounts already in place for users who are sensitive about revealing their identities.
A few years ago, a group of technically savvy privacy advocates called the Cypherpunks predicted membership would become a trend on the Web and quickly set about creating anonymous password accounts
on a number of the early membership-touting Web sites. Many of these accounts still exist, usually using "cypherpunk" or "cypherpunks" as both the name and password.
Anonymous accounts frequently come under attack because they give users the ability to post abusive anonymous rants to community areas (which rely on consistent identity to hold members accountable for their words and actions). Still, the idea persists, and is often espoused as a solution for those who are sensitive about their privacy.
|
|
|
