Monday, May 12, 2008

Everything about - cookie -

Cookie FAQ
This FAQ is to enlighten you to the truth about Cookies. They are not as dangerous as the myths the media likes to popularize but then again, when has the media ever worried about the FAQ's? (Pun intended)

This FAQ is compiled with bits of info grabbed from all over the place but for the most part it's based on mechanical (programming) fact and my experiences with Cookies.

When I first became exposed to the Internet and Web Surfing, I hated Cookies as I was afraid of what they might do or learn about me. The facts set me free of that fear and now I embrace them when I'm surfing as I know the person who uses it has made a decision to serve me better!


What is a Cookie?
How Cookies work.
Are Cookies dangerous?
What information does a Cookie collect from you?
What information can a Cookie get from my computer?
Can a Cookie give my computer a virus?
Can a Cookie delete my hard drive?
Can I refuse to accept a Cookie?
What happens if I refuse to accept a Cookie?
Who can see my Cookies?
Can anything bad happen from Cookies?
Back To FAQ List


--------------------------------------------------------------------------------

What is a Cookie?
A cookie is a text file. That's all. Website designers will use cookies for a variety of reasons. If you go to a website that allows you to customize a page so that it looks the same everytime you visit it, the designer will store these pieces of design information in a Cookie.
If you become a member or some site that wants to make you navigation easy, they will store your membership info in a Cookie so that you are instantly recognized when you visit the site.

Controlled access can be achieved via a Cookie so that you can't view pages unless you have signed in with a UserID and Password. Usually these cookies expire after you leave the site.

There are many ways a cookie can be used, from simply seeing what pages you visit to allowing you to use an on-line shopping cart! Many people balk at the thought of someone seeing what pages of their website you visit. The consideration most people don't stop for here is that it is the Designers website, why shouldn't he be able to tell what you visit? That way he can improve content on popular pages and remove or enhance un-popular pages.
Top


How Cookies work.
A Cookie is a text file. That's it. It can be created via a Perl script, Javascript, Active Server Pages etc. A Cookie is text information that is transferred from the server to your Browser via the HTTP protocol and then stored on your hard drive. It is not an executable file, it is not some nefarious info sniffer from Techno-World, it is only a text file.
If a site uses a Cookie then everytime you visit that site, if the browser has a Cookie stored on it, it transfers that Cookie to that site. The program on the site using the Cookie then access the information and acts upon it.

It is important to understand here that a Cookie will only be transfered to the site that created it. Part of the Cookie is the domain name of the site that created it as well as the path to the program that access it. Unless the domain and path match exactly as they were set, the Cookie IS NOT TRANSFERED! There is no way for someone from one site to see the contents of the Cookie from another site. It's just mechanically not possible.
Top


Are Cookies dangerous?
NO! As I said, it is a text file and that is all. It is not an executable and can't do anything to your computer!
Consider the following:


I can write a Perl program that will broadcast your name and e-mail address to thousands of mailing lists.
I can write a Perl program that will display any personal information you give it to tens of thousands of people by simply accessing a mailing list program.
I can write Javascript that will launch a program on your computer.
I can write Javascript that will close your browser.
I can write Javascript that will launch thousands of copies of your browser program, thereby crashing your computer.
I can write a Java program that will ERASE YOUR HARDDRIVE!!!

Think of all the things I can do to you with Perl, Java and Javascript. Think of how many site you visit that interact with a Perl CGI application. Think of how many thousands of pages out there have Javascript embeded in them. Think of how many Java applets you download and run! You download and run all those pages on your browser without giving a single thought to what the underlying Javascript can do to your computer.
Cookies are text files as I've said, they can do nothing except sit on your computers hard drive until called or they expire.
Top


What information does a Cookie collect from you?
NOTHING!!! A Cookie collects no information whatsoever. The only information in a Cookie is information from the website designer or information that you have entered into a CGI/Javascript form. Information that you enter can be placed in a Cookie, the Cookie doesn't get the information on it's own. It is mechanically impossible for a Cookie to get ANY information from your computer. That's like saying the notebook on your nighttable is collecting information about you while you are asleep.
Top

What information can a Cookie get from my computer?
NOTHING!!! As I said, a Cookie is a text file, plain and simple. It is not an executable program that can be run therefore it can not gather information. The page your looking at right now could, however, aready have searched your hard drive for your banking records via the use of a Java applet.........never thought of that did you?
Just so you know, it hasn't. I don't go in for that under handed dealing. Just look at the source code for this page and you'll see there is no Java applet in it.
Top


Can a Cookie give my computer a virus?
NO!!! Cookies are not executable's. For something to pass on a virus, you must first execute a program or applet. You can not get a virus from a text file. Just like you can't get a cold from watching a winter scene on television!
With Java, I could have written code into the page that when you try to visit the next page or close the browser, your hard drive gets erased.
Top


Can a Cookie delete my hard drive?
NO!!! Cookies can not delete your hard drive. Cookies are text files only and are not executable, therefore they can not do anything to your computer! See the topic above.
Top

Can I refuse to accept a Cookie?
Yes. Older brwosers accepted Cookies automatically. MSIE3.0 and Netscape3.0 both allow you to accept or reject Cookies. V4.0 of these browsers allow you to always accept Cookies, choose to accept or reject Cookies or never accept Cookies. Here are the instructions for these V4.0 browsers:

Explorer => Toolbar: View=>Internet Options=>Advanced then scroll down to "Cookies"

Navigator => Toolbar: Options=>Network Preferences=>Protocols and follow the instructions.

Top

What happens if I refuse to accept a Cookie?
The site designer calls the F.B.I. who call the S.W.A.T. team.....
Just kidding! Nothing happens if you refuse to accept a Cookie. Refusing to accept a Cookie will only, at worst, make your surfing less personalized.

If you refuse a Cookie from a site which you registered as a member of, refusing a Cookie may mean that you can't access the site.
Top


Who can see my Cookies?
When a Cookie is transferred to your browser, part of it's content is the domain name of the server that placed it there. Another part of the Cookie data is the path to the program that placed the Cookie.
When you visit a site that checks for Cookies, the browser looks at the request and determines the name of the server and the path to the program. If a Cookie exists that has the same domain name and the same path then obviously that program is allowed to access that Cookie because it placed it there in the first place!

If the domain name and path do not match exactly, then the browser WILL NOT TRANSMIT THE COOKIE!!!. This means that, mechanically and logically, the Cookie will only be made available to an authorized program on the host server.

No one except an authorized person can see the Cookie therefore no one can look at or take information from another websites Cookie!
Top


Can anything bad happen from Cookies?
From Cookies themselves? No!
As we have amply covered in this FAQ, a Cookie can not do anything bad to you or your computer. How the information is used, however, is something different. If there is any personal data stored in a Cookie, the only way it got there is because YOU provided it. If you fill out a form on a website and provide sensitive information such as your name, address, email, credit card number....then that data MIGHT be stored in a Cookie. Not always but sometimes. The concern that most Cookie detractors have is if a website stores information on an individual, for example, info on a person who navigates through a sex site. This information (and the only way then have it is becuase you gave it to them in the first place) could concievably be subpoenaed by a law enforcement agency or sold to a mailing list or a religious activist group. This, however, has nothing to do with Cookies. It's about individuals and the law.

Remember, I can track you and get info on you with ASP, Java, Javascript, Python, Perl, PHP and C/C++ and you never even have to accept or reject a single Cookie!

No comments: