I have my security setting set so I have to approve every cookie that is set on my computer. Unless it's a forum or a site that I'm buying something off of I reject all of them. What the heck are all of these cookies for anyway? Some sites will try and set ten or more and some refuse to even let you in without one. Even little personal sites want to give me cookies. I know they track this or that but what exactly do they do. I did that deep virus scan that JP reccommended a while back and the only thing it came up with was a bunch of cookies. Should I be worried about them?

Mmmmmmm, I love cookies. Double stuff Oreos are my fav. Are there sites that you can go to that send you Oreos?

HTTP cookie
From Wikipedia, the free encyclopedia
An HTTP cookie is a packet of information sent by a server to a World Wide Web browser and then sent back by the browser each time it accesses that server. HTTP cookies are used for user authentication, user tracking, and maintaining user-specific information such as site preferences and electronic shopping carts.


A file used by the Internet Explorer browser to store a cookie.
Cookies have been of concern for Internet privacy, since they can be used for tracking the browsing of a user. As a result, they have been subject to legislation in various countries such as the United States, as well as the European Union. Cookies have also been criticised because the identification of users they provide is not always accurate and because they can be used for network attacks. Some alternatives to cookies exist, but have their own drawbacks.
On the other hand, cookies have been subject to a number of misconceptions, mostly based on the erroneous notion that they are computer programs. In fact, cookies are simple pieces of data unable to perform any operation by themselves. In particular, they are neither spyware nor viruses, despite the detection of cookies from certain sites by many anti-spyware products.
Most modern browsers allow users to decide whether to accept cookies, but rejection makes some Web sites unusable. For example, shopping baskets implemented using cookies do not work if cookies are rejected.

Cookies aren't security threats.. just set your computer to allow cookies. I think the worst a cookie can do is give someone a $5 comission for a puchase on amazon :) It's really just hype and worthless virus checkers that's put the fear in people about them.

-Jon

Thanks Jimking, I already knew the generic definition of them but I guess I really didn't ask my question very well, I'll use your post to be more specific :)

HTTP cookie
From Wikipedia, the free encyclopedia
An HTTP cookie is a packet of information sent by a server to a World Wide Web browser and then sent back by the browser each time it accesses that server. HTTP cookies are used for user authentication, user tracking, and maintaining user-specific information such as site preferences and electronic shopping carts.

I understand their use by retail sites and forums to keep track of who I am but why does Joe Blow's portfolio want to set one? Does he have to code it in to ask for one and what info is he gathering from me?

In fact, cookies are simple pieces of data unable to perform any operation by themselves.

So again why so many of them if they don't really do anything?

Double stuff oreos are the bomb, esp. with milk.

You can use cookies to control certain aspects on a page, for example, maybe you might want your flash site to play some music (or whatever) in the background and the user wants to turn that off everytime they visit that site (at least until they delete cookies). I am working on my Flash site for myself and this is what I want to do.

But I've never used multiple cookies like that, ten is just ridiculous.

I use sessions and cookies (sometimes) to increase security on webforms. Because the web is stateless, cookies and sessions help retain settings across pages. Maybe instead of blocking cookies, you should look into some decent ad blocking extensions.

Also, can't cookies track stats? Although I don't see the point, web stats panels already do that purpose without cookies.

there are two types of cookies: session cookies which expire when you leave the site and permanent cookies which usually contain a tiny amount of info about your login status. session cookies are used for tracking your settings through multiple pages - people sho design sites sometimes need variables on multiple pages - like what portfolio page you're on and how many slides are left to go, etc. the only other way to do it is through the URL and some designers find that ugly. Permanent cookies usually store your user number (key) for the site, so when you visit, it knows the last account you logged in to. ecommerce and comission tracking sites use the cookies to retain an affiliate id for the retail site you're going to so the referrer can get credit for sending you there or the contents of your shopping cart. Permanent cookies are very small and only hold 1 -5 variables per cookie. Usually they're encrypted or obfuscated so people can't hack into their site. Nothing about you is in there usually.. and it doesn't matter what the content is anyway, because it's stored on your computer.

here's an example of a permanent cookie

Name: %2Ecreative%2Ecom
Content: CartID=0&CartQty=0&LangID=1&SiteID=61&Codepage=1252&CountryID=1
Domain: .creative.com
Path: / (entire site)
Expires: December 20, 2028 10:00:09 PM

see... they're not scary.. they contain a string with some shopping cart info in it. and it's stored on my computer, so they can't read anything unless I'm on their site or they're sitting in front of my computer.

-Jon

Cool, thanks guys this explains a lot. So I should not worry about them at all. I probably wouldn't have worried about them at all except all the virus checkers were always detecting them. I'm super paranoid about this kind of stuff. I've never had any malware/spyware/adware for more than about a day and I've never had a virus, or at least one that any of the various virus scanners could detect and I have used them all.

You just extended the life of your mouse another 5 months and 21 days.

http://www.national.com/webteam/cookies.html

What Is A Cookie?

It used to be that a cookie was something that was eaten with milk; however, within the INTERNET the word “cookie” takes on a very different meaning. So, what is a “cookie”? A “cookie” is a small piece of information that is sent by a web server to be stored on a web browser, so that it can later be read back from that browser the next time this unique visitor returns to that web server. This becomes useful for having the browser remember specific information about this visitor like location of their last visit, time spent, or user preferences (like style sheets). The cookie is a text file that is saved in the browser’s directory and is stored in RAM while the browser is running. Also, the cookie may be stored on the computer’s hard drive once you log off from that web site or web server.

What Are Cookies Used For?

One use of cookies is for storing passwords and user ID’s for specific web sites. Also, they are used to store preferences of start pages. On sites with personalized viewing, your web browser will be requested to utilize a small amount of space on your computer’s hard drive to store these preferences. That way, each time you log on to that web site, your browser will check to see if you have any pre-defined preferences (a cookie) for that unique server. If you do, the browser will send the cookie to the server along with your request for a web page. Microsoft and Netscape use cookies to create personal start pages on their web sites. Common uses for which companies utilize cookies include: on-line ordering systems, site personalization, and web site tracking.

Site personalization is one of the most beneficial uses for cookies. For example, a person comes to the CNN site, but does not want to see any business news. The site allows the person to select this choice as an option. From then on (or until the cookie expires), the person would not see business news when they access the CNN web pages.

Some visitors feel it is an invasion of privacy for a web site to track their progress on a site. We, at National Semiconductor, use this knowledge strictly for the purpose of making your visits to our site as short and productive as possible. We want to get you the information or services you seek as quickly as possible and allow you to get back to work without delay. Site navigation statistics are critical to the continuing redesign of our site. We need to know if 100 different people visited our site or if one person (or robot) continuously hit the reload button 100 times.

How Do These Cookies Work?

A command line in the HTML code of a document tells the browser to set a cookie of a certain name or value. The following is a general example of a script used to set a cookie.

Set-Cookie: name = VALUE;
expires = DATE;
path = PATH;
domain = DOMAIN_NAME;

What about security? To National's knowledge, an HTTP Cookie cannot be used to retrieve personal data from your hard drive, install a virus, get your email address, or steal sensitive information about who you are; however, an HTTP Cookie may be used to track where you travel over a particular site. Site tracking cannot easily be done without the use of cookies.

As with everything else about the Internet, you are only as anonymous as you wish to be. No web site knows who you are until you reveal to it who you are. In the meantime, a cookie is simply a means of tracking site statistics in order to better understand usage patterns and to improve visitor productivity. A cookie is our way of remembering that information. The extent of that knowledge will not go beyond our site. Therefore, your identity will not become public to the entire Internet because you visited our site. While you may perceive that your privacy is being violated, if you visit our site and do not register, we will not know who you are. If you do not reveal private information to the Internet, it will not be known to the Internet.

If a web site designer desires to make web pages become more interactive with visitors, or if the designer plans on letting visitors customize the appearance of the site, then they will need cookies. Also, if you want your site visits to change appearances under certain circumstances, cookies provide a quick and easy way to let your HTML pages change as required. Servers use cookies to help with database interactivity, which can improve the overall interactivity of the web site.

National Semiconductor implements the use of cookies on the web site to analyze traffic flow, in order to continuously improve the site and further serve customer needs. Also, cookies assist in troubleshooting problems reported by users. Without the use of cookies, proxy server accesses make it impossible to distinguish between individual users in the access log without requiring user log-ins for site access. Therefore, the use of cookies is for the overall benefit of the site user, and to implement future web site content changes based upon user preferences.

http://www.cyberartisans.com/newsletter/nletter_v2n5.htm

Cookies

Cookies may be one of the most misunderstood technologies on the Internet. Mention cookies in a group of computer users and you will find at least one who believes that cookies are a danger to their computer or a threat to their privacy.

What is a cookie?

A cookie is a piece of data -- in the form of a very small text file -- placed on your computer by a website. It can only be read by the website that places it there and the only information the website can get from the cookie is the contents of the cookie. It cannot use the cookie to obtain any additional information about you.

The cookie can be set to expire at a specific time. When it expires, your system erases it and it cannot be read by any website. Contrary to some articles we've seen in well-respected publications, cookies are not programs, so they cannot run on your computer and they cannot carry a virus to your computer.

Generally a cookie contains an arbitrary but unique number. It can also contain any additional information the website designers choose to put into it. Of course, they can't put in information they don't have, and this is the critical issue with a cookie. If you fill out a form on a website giving your name, email address, and phone number, then the website has that information and can place it in a cookie. If you don't fill out the form, the website knows virtually nothing about you. By using a cookie it can determine that you visited the website previously, but that's about it.

Why are cookies used?

One of the more common use of cookies is for password-protected areas of a website.

The web, in computer jargon, is "stateless." This means that when you traverse a website, the page you are currently looking at has no way of knowing what page or pages you looked at previously. So if you logged into a protected area of a website on one page, the next protected page would have no way of knowing that and would require you to fill out your login information all over again. This would occur on every protected page.

Cookies provide a way of circumventing this problem. By using cookies you only have to log in once and then have access to all the password-protected pages in that area.

Cookies can also let a website recognize you if you want it to. When I go to Amazon.com, the welcome line on the page says "Hello Jonathan Spencer...," but this is only possible because at some point in the past I gave them my name. If I delete the Amazon.com cookie, the website will treat me as an unknown visitor.

Are cookies a danger to your computer?

Cookies are not a danger to your computer. Cookies are data, not programs, and therefore cannot transmit a virus, cannot erase anything on your hard disk, and cannot damage or disable a program on your computer.

Are cookies a threat to your privacy?

The answer to this question depends on your definition of privacy. Most people would consider it an invasion of their privacy if a website could discover their:

* Name
* Address
* Phone number
* Email address
* Credit card number
* Social Security number

The good news is that a cookie (or website) cannot find out any of these things unless you explicitly provide them.

But what if it were possible for a website to record which pages of that website you visit? The website still wouldn't know any of those items listed above but it would know which pages of the website the person who uses your computer visits. Is that an invasion of privacy? Most people would say this doesn't qualify -- after all, they are just watching which pages of their site you are visiting. It's a little intrusive but most people would shrug it off.

Now let's take it one step further: Suppose it were possible for a company to compile a list of websites -- and the pages on each website -- you have visited? Is THAT an invasion of privacy? At this point we're getting close to many people's limits, although many others would still not find it a problem.

These last two methods are being done today and they use cookies. Whether they are a privacy threat or not is really your decision.

What can I do about it?

Fortunately, the very fact that these methods use cookies gives you several options. They include:

* Disable cookies -- This works but you pay a pretty high price. Many websites use cookies for very useful (and non-invasive) purposes. Disabling cookies means you won't be able to use any of these features.

* Have your system ask you about every cookie -- This also works, but it's a pain. If you go to a protected section of a website you will be asked about a cookie at least once per page. On some websites there are multiple cookies per page. Are you willing to put up with this level of annoyance?

* Opt out of the services that collect this data -- This take a little time but is fairly easy to do. Go to this page http://webveil.com/optout.html for a list of the vendors that provide these services and their opt-out pages (not all have them but most do). When you opt out the vendor puts a cookie on your system that tells their website not to collect data. So, perversely, you have to have cookies enabled to opt out of these services.

* Set up the privacy policies of your browser -- This only works in IE6.0, but if you're not using this browser you should download it soon. One of its better features is its privacy policy settings. You can set this by going to Tools | Internet Options and clicking on the Privacy tab. One word of caution: At the higher settings, it blocks cookies from websites that do not have a "compact privacy policy." This is a new bit of technology that most websites do not have yet (for example, we don't although we are currently researching it). So you may find you have to lower the privacy level to make some websites work.

I use cookies on my personal site because it's "skinned" -- meaning, I can load up multiple designs/styles and let the user decide which one they prefer. Once you choose your favorite, the next time you come back my site 'knows' which design to feed up.

Of course there's only one design available at the moment so *cough* sort of a wasted effort I guess. But harmless nonetheless.

one thing I learned this week from a computer tech is that the newest trend is to plant viruses and spyware IN virus protection/spyware/adware software. Gotta make certain that if you use something like this, it's not on any malicious software list.

Are the Macs still pretty immune to the viruses?

I don't think macs have been immuned, I just think that those who create computer viruses go for the most damage or the most common type of computer. I did hear about one virus effecting a mac but forgot the details.

Kool, if you're still concerned about cookies at all, you might want to give Firefox a try (assuming that you're not using it already). Firefox offers excellent control over which cookies are kept or deleted, and you can tell it to delete all cookies except for ones you specify when the browser is quit. Just a thought.

Kool, if you're still concerned about cookies at all, you might want to give Firefox a try (assuming that you're not using it already). Firefox offers excellent control over which cookies are kept or deleted, and you can tell it to delete all cookies except for ones you specify when the browser is quit. Just a thought.

yep, I use it and love it. The only time I ever use IE is when some site refuses to work in Firefox. :)

Cookies aren't malicious in themselves, but they can be used to trace surfing habits. What happens is a site hires an ad serving agency, and they stick a cookie on your site (these are 3rd party cookies, which you can block, I do). The next time you visit a site, ANY site, which employs this same agency, it retrieves the cookie data from all it's other sites you've visited. The info is compiled and used to calculate surfing habits and ways to target better advertisements. They look for trends and associations. People who visited site A also visited sites b, c and D. That kind of thing

They're no threat to your PC, per se, but I block em all anyway. I don't need their txt files taking up space on my HD, albeit a tiny amount of space. By the way, IE already provides all the cookie handling I have ever needed. I have 1st party cookies set to prompt, 3rd party blocked entirely.

Well.. the cookies don't track anything per se.. they are the beacon. the advertiser's server maintains a list of your footprints on their sites. you really don't need cookies to track movements on a site, just for multiple sites from one ad server.

-Jon

wow...lots of good information on this thread!!