A few words About Cookies (security and the lies)

use your Back Arrow to return to the previous page or go to the site Home page
About COOKIES
Cookies are small information / identification files that many Web sites attempt to place onto your computer. Unlike the ranting of the popular? press and the scare mongering of a few sites on the Web, probably 99.9%+ of cookies used on the Internet are harmless, identifying your computer by placing information, not obtaining it. This allows for the tracking of your visit and perhaps identifying return visits etc. Cookies can be placed / read either by complex java scripts included in the html code, or via commands sent by server side programs. Examples • A shopping cart system needs to keep track of your movements, as apposed to someone else using the same web pages at the same time. When you go to order the items selected from different pages you will see those items listed and priced, selections identified by a travelling? user ID (imbedded in the cookie). • A search engine may want to keep track of the search criteria (words) you used on the first search, enabling it to re-display those words after the initial search is complete. • My html / dtp forum uses cookies to report to you of new additions since your last visit. Imbedded Cookies Similar steps can be implemented by imbedding cookie style information in dynamically created pages (via server scripts) instead of sending them to your computer. However, if the visitor leaves the area and returns (breaks the line of sequential pages) the identification is lost. This is when sent cookies are most useful in the tracking of current sessions. (see if you can find imbedded cookie information in my Free-Links-Page source code) Also, to avoid the need for repetitive input by visitors returning at a later date, cookies with a longer life span may be implemented, so that previously input information can be displayed automatically. This method is not used where sensitive information is concerned, and no one would want to. Sensitive information requires the protection of secure password blocks. At more risk every day If you supply your drivers licence, personal details and bank account numbers etc electronically in any way, any where, then it is a risk you take, and such information can be unethically and illegally supplied to others (even via your local shops). It is up to the user to decide if he/she trusts a web site requesting such information, and the sites reputation. One should be more concerned with the capability of sending personal information from ones computer, without ones knowledge, via clever Java applets and the many live utility programs one can install onto the Desktop GUI. Cookies can't obtain information, programs can! Browser software etc of the major software companies is scrutinised by software scientists and students, and its actions known; not so the plethora of utility programs. Any computer program can be written to scan your computer while it is running, in the background, and store information. If the program is later running while you are on the Web, it is also an easy task for that program to send information with out you knowing. Yet we do not seem to worry about it. So why the fuss about cookies? Information is received all the time Your version of system software (Windows, Mac, Amiga etc) is passed between servers all the time, as is your ISP server address and the name of the page that you are viewing. This information assists the open design of the Web and cross platform interaction etc. (also, realise that without this harmless information, Hosting companies could not respond to complaints, trace, and then ban mass Spam e-mailers and similar low lifes from their servers) Cookies are 'text only' files. Information (mostly identifiers and dates) contained in them cannot hold sensitive details UNLESS those details are already obtained by other means like you filling out a personal details form. Conforming to the protocol, server generated IDs etc are encrypted, stopping other scripts from understanding the information. If at all concerned, delete cookies from your cookies folder regularly. Cookies can be deleted at startup Windows users can try adding the following two lines to their Autoexec.bat startup file. The '\windows\command\' folder path should be replaced with '\dos\' when using Windows 3.+. If the cookies folder is elsewhere then change the 'C:\windows\cookies\' path also. C:\windows\command\attrib -r -s -h C:\windows\cookies\.txt del C:\windows\cookies\.txt For browsers that place cookies into one file (ie Netscape), replace the paths and file name(s) in the above two lines with the appropriate details. The wildcard " * " character means "all files", but in this case, with the .txt extension. The first line ensures that file attributes are set for deletion. The second line then deletes those files. Double check your spelling so that only the required files are deleted. If there aren't any files to delete on startup, you will see a harmless 'File Not Found' error message. Your browser can alert you before accepting cookies. Netscape Navigator 3.0 + 1. Go to the 'Options' Menu 2. Select the 'Network Preferences' Menu Item 3. In the window that appears select the 'Protocols' tab 4. Locate the Section'Show an Alert Before' 5. Select 'Before accepting a Cookie' Internet Explorer 1. Go to the 'View' Menu 2. Select the 'Options' Menu Item 3. Click the 'Advanced' tag 4. Select 'Warn before accepting a cookie' From this point on you will get an Alert Box whenever a server is trying to send a cookie to your browser. You will be shown the cookie data, and perhaps its life span before your browser deletes it. Some sites get carried away and send multiple cookies - so be prepared for lots of clicking. The cookies.txt files can be found in the Windows 'Cookies' folder, or in the Macintosh MagicCookie folder. If your browser does not use these folders, look for cookie files in the Browser Program folders (ie Windows Netscape). Internet Explorer saves each cookie as an easily selected separate file, whereas Netscape includes them all in one. Remember, it is impossible for a cookie to get information. Samples 1. Here is a sample cookie from the netscape.com site. It includes a readable email address and ID ! (altered by me) .netscape.com TRUE / FALSE 1609372800 NS_REG SHA1=C%09%249%FC%3Fv%C5%F8T %24%7E%E6%EC%8E%13%FE%E4%94%90[-] UR%5FREG%5FID=151231%3AIBDv4%2E0 [-]UR%5FEMAIL=woolley%40an-isp%2Enet%2Eau 2. This cookie was sent by my HTML / DTP Forum Page. It contains references to (does not store) secured data only. This way I could greet return visitors with their name and submission boxes already filled in, and number new entries since their last visit. www.dtp-aus.com FALSE /cgi-bin/ FALSE 946598400 DTP/HTML+Forum name%3A%3A%26email%3A%3A%26 listtype%3A%3A%26listtime%3A%3A%26 lastmessage%3A%3A%26lastvisit%3A%3A Wednesday%252C%2B4%2BFebruary%2B1998%252C%2 Bat%2B9:19%2Bp.m.%26thismessage%3A%3A3%26 thisvisit%3A%3AThursday%252C%2B5%2B February%2B1998%252C%2Bat%2B6:40%2Bp.m.%26 timestamp%3A%3A886666209%26wantnotice%3A%3A The "%" sign and following two characters are just ASCII escape codes (non alpa-numeric characters) in hexadecimal representation.
Use the dtp-aus.com FORUM if you have any views to express on this or any other subjects.


Over 120 pages: All major topics divided into Classrooms
Free Backgrounds & Buttons!	DTP and HTML			"My First Page" HTML lessons
Tutorial Text Search		Perl CGI Scripts	Typography & Layout
4 pages of Links		Visitors Book	Perl Scripts Forum n/a
Free Links page		Feedback Form	Q/A contact Forum

	pages Designed & Published - Ron F Woolley
e-mail	�1997 '98. Last Revised: Friday, 31 October 2003 22:04

About COOKIES