5. Cookies and Clickstreams: Madison Ave. is Watching You|
When you browse the Web, your browser communicates with web sites through
the HyperText Transfer Protocol (HTTP) to get the web pages you request.
One of the distinguishing features of HTTP (as opposed to File
Transfer Protocol and Telnet)
is its instantaneous nature. There is no real connection between
a web server and browser during an HTTP session. The browser makes
a request, the server fills it and moves on to its next request.
When your browser makes another request, it does so as if it had never
made the first. This is a good thing because it reduces server load
(the server does not need to keep a connection open with your computer
while you browse a page) but it is a bad thing because your browser must
make a new connection for every request and the server treats every request
as unrelated to any other. So-called "stateless" protocols are a
problem for features like shopping carts or password saving because such
features require some memory of what happened in previous requests from
the same browser. Tracking a user by transactional information, cookies
and the proposed Open Profiling Standard (OPS) are ways in which web servers
are attempting to introduce "state" into HTTP.
Tracking Transactional Information
To download this file, your browser sent a request to the Berkman Center
server asking for the text of the page along with its accompanying images
and scripts. The page requested, and the IP address to send it to,
must have been sent to our server. Depending on which browser you
use, however, other information, such as the name and version of the browser
and the page that referred you to this one, might also be supplied.
Our webserver stores all the information your browser provides and, with
that information, a good web sleuth could determine much more about you,
such as how long you stayed at the site, what links you followed and ignored
on our site, where you are, what company you work for (or which Internet
Service Provider you use) and what type of computer you are using.
We collect that information to help us in tailoring our web pages for
our users and to allow you to continue checking discussion groups without
having to re-enter your username and password. However, as the Center
for Democracy and Technology warns:
When [transactional information is] correlated with other sources
of personal information, including marketing databases, phone books, voter
registration lists, etc, a detailed profile of your online activities can
be created without your knowledge or consent. (CDT
Privacy Demonstration Page, Center for Democracy and Technology, visited
March 18, 1998)
According to Netscape,
the first to implement cookie technology:
Cookies are a general mechanism which server side connections (such
as CGI scripts) can use to both store and retrieve information on the client
side of the connection. The addition of a simple, persistent, client-side
state significantly extends the capabilities of Web-based client/server
CLIENT STATE HTTP COOKIES, Netscape, visited March 18, 1998)
In English, c|net explains,
Cookies are small data files written to your hard drive by some
Web sites when you view them in your browser. These data files contain
information the site can use to track such things as passwords, lists of
pages you've visited, and the date when you last looked at a certain page.
Glossary: Cookie, C|NET, visited March 18, 1998)
browsers support cookie technology which allows any web server to write
directly to a cookie file on your hard drive and read the cookies they
set. Though cookies were first used for site personalization, shopping
baskets, and saving userids and passwords, they are now also used for targeted
marketing and tracking across sites (see Cookie
Central and Cookies
Revisited by HotWired's Marc Slayton for more information).
advertising company, sets cookies for targeted advertising and tracking
across sites through its banner ads on a wide variety of sites. Chances
are better than even that you have a DoubleClick
cookie in your cookie file. The company's $400
market value is another indication that they are successful.
See also: The
Cookie Central Unofficial Cookie FAQ and Junkbusters.