|
There are many pros and cons to using cookies. Some sites use them for security, to make sure that a user is who they say they are. Some sites have also been accused of using cookies to track users on the web, in a way which may invade a user's privacy.
Many e-commerce sites use cookies in order to customize the way their site looks when a user goes to it. Amazon.com, for instance, uses cookies to track a user in order to give them recommendations, to keep track of a shopper's cart, and also to enable their "1-Click" shopping.(8) Amazon.com's system keeps a record of a user's credit card information, associated with the identification number on their cookie. This means that when the user returns to buy something, there is no need to send their credit card information over the Internet, potentially preventing the risk of having that information fall into the wrong hands (9). Many other sites use a similar system to display ads or news that are specifically tailored for the individual visitor.
Some sites have introductory pages, which are displayed for first time users, so that the user understands what the site is about. However, it would be frustrating if every time a visitor goes to a site they have to click through all the introductions. Cookies provide a way around this. After a user has been through the introductory pages, a site can send a cookie to the computer that says that the user has been there. The next time the user arrives at the page, the site knows that they have been through the introduction, and so it can just pass them on to the site directly. This displays how cookies can be useful for website developers and users alike (10).
Cookies also help provide security for information exchanges. For instance, some websites will use cookies to prevent an attack such as Session Hijacking, when an attacker gets in between a user and a site, and assumes the identity of the user. Cookies provide a site with a way to make sure that the computer that it's talking to is the same computer it was talking to a minute ago. Overall, however, one of the most persistent ways cookies are used are to provide login information for a user.
For instance, Yahoo! uses and optional cookie so that when a user who goes to the site often visits the site, it "remembers" who they are, and gets the cookie information to log them in and display their own customized page. This saves the user a little bit of time and effort, and makes the site a more pleasant experience (11).
Advertisers are also some of the largest users of cookies. Companies like Doubleclick use cookies to find out what users are interested in. For instance, if one goes to a lot of sites that involve travel to London, after a while, Doubleclick can customize the ads he or she sees, and may present one for a site that sells airline tickets, or discount luggage. The real-world equivalent of this is shopping catalogues, which often sell information about people who order things from them. If a consumer buys a lot of clothing from mail order catalogues, chances are after a while he or she will start receiving more and more catalogues to look at, because he or she have been put on a list of people who are interested in clothing catalogues.
There are, however, many security concerns associated with cookies. One of the shortfalls of cookies is that they are dependent on the computer on which they are placed. Just because that computer is visiting a site again, doesn't mean it is the same user. This means that, in theory, if one uses a computer to visit a site which uses a cookie to identify him or her, and then he or she walks away from that computer and someone else visits the same site, they could get information that is actually meant for the original user (12)
Another problem is one of privacy. Many users like the internet for its anonymity. The idea that an individual or organization could actually be tracking where they are going and what sites they are visiting really bothers some users. The fact that some of this tracking information could be used for the purpose of making money, by targeting advertising for instance, also concerns some users. There have also been incidents where government websites are found to be using cookies. Although these cookies may not be used to track visitors, the fact that the government could use this method to track users, concerns many privacy activists (13).
Another concern is the fact that, not only are the web-servers keeping track of which sites are visited, but so is the computer that the cookies are placed on. On a computer with a cookie-enabled web browser, the browser creates a text file that keeps track of cookies. This means that if one wanted to see what sites someone had been to on his computer he could theoretically take a look at this file and get an idea. This is similar to the information that is kept by the browser's history list, but in the case of cookies, the file also may contain information like usernames, passwords, identification numbers, and even credit card information (although it is considered extremely bad form for internet designers to use cookies for credit cards) (14).
Cookie security is a large problem. The concern is that many security holes have been found in different with browsers. Some of these holes were so serious that they allowed malicious webmasters to gain access to users' email, different passwords, and credit card information. The worry is that, even though past holes have been patched, there could be more holes out there (15).
Some also have concerns about the whole system of cookies in the first place. The general though is that cookies could become accessible to a website which did not issue them. This would mean, in theory, that a malicious web site designer would be able to collect not only the information which is in the cookie he gives the user, but also the information in all of the cookies on the user's computer. While this may only be theory, it is still very worrisome to many privacy advocates.
Many users don't even know that cookies exist because they aren't something that the user really sees. The fact that the general public is not aware of this "threat" to their privacy is also a large concern for people in privacy groups. Because cookies are passed back and forth without ever asking the user for permission, the user is never really made aware of their existence. It is also important to note that it is possible to refuse cookies, but the default settings for almost all web browsers allows them with no questions asked. There are also some e-commerce sites that will not allow a user to buy something without first turning cookies "on." (16)
Another privacy concern is the fact that some companies have figured out ways to connect the anonymous clicks of a user to actual personal information which they have collected. The legality of this kind of action is still being debated, which will be discussed later. In the case of Doubleclick, the Electronic Privacy Information Center has filed a complaint against them alleging that they are infringing on a user's right to privacy because of their plans to match up identification numbers found in cookies with names and personal information of the user (17).
It is not just advertisers that worry privacy activists, but also researchers. The information in and gathered from cookies may be used to do research on controversial issues such as abortion and gun control. Information could be used to gather information which will be used by special interest groups without the knowledge of the user (18).
Although there are more pros and cons involved with this issue, these above mentioned issues are at the heart of the matter. Many web site designers use cookies in ways that benefit the user, perhaps saving the user some time or frustration. But there are also real dangers involved in the use of cookies which make them a concern among privacy and internet activists.
|
