What Are Cookies?
When the World Wide Web was first created, the only purpose of browsers was to view data on web servers. Once the data started going the other direction (users logging in, customers buying products online, etc.), there needed to be a way to maintain knowledge of a person as they browsed to different pages on a web server. There are a few ways to do this, one of them being the use of cookies. When you visit a web server (example: google.com) that wants to set a cookie on your browser it sends a message to the browser to set a cookie. If you have cookies enabled on your browser, it accepts and stores the cookie. The cookie contains a name, a value, and may contain an expiration date. From this point forward, every time you visit a page on that web server your browser will return all the information stored in cookies that the web server has set. If no expiration date is set, the cookie is destroyed as soon as you close the web browser. By setting an expiration date, the web server enables the cookie to persist between browser sessions. You may notice this persistent behavior on sites like Amazon.com that welcome you back to their site by name. Also, when you log into a site and check a box that says "remember my login information" or something similar, the web server will set an expiration date on cookie it passes to your browser. As you can probably see by now, cookies are very useful.

Cookie Misconceptions
Regardless of the usefulness of cookies, for some reason they have been vilified. The main reason for this is probably something called a third party cookie which I'll talk about in a bit, but first I want to cover some common cookie misconceptions. One misconception is that cookies can contain viruses. A cookie is not a program, it is just a set of plain text values your browser stores. Your browser stores the name of the web server that gave it the cookie, the name of the cookie, the value, and potentially an expiration date. There is no way for a cookie to contain code that is executed on your computer, so there is no way for a cookie to contain a virus, spyware, or any other sort of malicious software. Another misconception is that someone can look at your cookies and see your passwords, logins, and credit card numbers. Normally, no personal information is stored in cookies. There is nothing preventing a misguided web programmer from storing information you provide to the web server in a cookie in your browser, but this is not a common practice. What most web servers will do is store a randomly generated number in your cookie. When it generates this random number it sets it as the value of a cookie in your browser and then also sets it as a value in a database. Then, when you visit the web site again it takes your randomly generated value and checks to see if it has a match in the database. If there's a match it uses this information to remember that you like a black background, and that your name is John Smith and welcomes you back to the web site. One other misconception is that any web server can access any of your cookies. As a matter of fact, your browser will only send cookies that originated from the web server you are visiting. For example, yahoo.com has no way to see what cookies google.com has set on your browser. This is good because even though yahoo.com would probably only get some random value, if they took that value and set it as their own cookie and visited google.com, they could then pretend to be you. So, even though cookies have received a bit of a bad rap you can see that they are actually pretty benign.

3rd Party Cookies
There is one type of cookie that could be considered evil, and that is the 3rd party, or tracking, cookie. In order to understand 3rd party cookies you have to know how most advertising works on websites. Advertisers will normally pay a website for ads in two ways: the number of people the ad is displayed to, and the number of people who click on an advertisement. In order to keep track of these numbers the advertiser will setup a web server for hosting their advertisements. The website being paid to display the advertisement then creates a link on his page to the advertiser's web server. In this way the advertiser can change the ad as needed and keep track of clicks and views. When you visit a website like cnet.com to read reviews, you have a first party relationship with cnet. However, you also have a third party relationship with all their advertisers. Your web browser is told by cnet.com to visit their advertiser's web page to download advertisements to display on the page. When your browser makes the request for the images, the advertiser's web server can take this opportunity to set a cookie in your browser. This is called a 3rd party cookie because it didn't come from the website you meant to visit, in this case cnet.com. This may seem benign on the surface, but what happens when you then go to amazon.com and it turns out that amazon.com is using the same advertising company as cnet.com? If this happens, then when your browser goes to get an advertisement from the advertiser's server your browser provides the cookie data back to the advertiser. If the advertiser is keeping a database, they now know that you go to cnet.com and amazon.com and they use this information to determine what advertisements to show you. If you expand this out you can see how a big advertising company like DoubleClick, Google, or Microsoft can start tracking your browsing habits. Historically, DoubleClick has been one of the worst offenders of this behavior. Now, if you don't mind getting advertisements tailored to your browsing habits, and you aren't bothered by an advertising company knowing what sites you visit, this isn't really a big deal. However, many people, myself included, would rather not be tracked by advertisers.

Blocking 3rd Party Cookies
So, how do you avoid or minimize this tracking? You disable third party cookies in your web browser. If you're using Internet Explorer, you can disable third part cookies through the built-in user interface. Just go to Tools on the menu bar, and select Internet Options. On the Internet options dialog, select the Privacy tab, and click on the button labeled "Advanced." Check the box that is labeled "Override automatic cookie handling" and then underneath this option select the radio button next to "Block" under the Third-party Cookies header. Also, check the box that says "Always allow session cookies." Starting with Firefox version 2, Mozilla removed the ability to block 3rd party cookies from the default configuration menu. They stated that they did this because there were ways to get around the setting. The problem is that a little security is better than none. I would equate it to using a theft deterrent device on your car, it's not going to stop a determined thief, but if they see that device they may move on to the next car that has no such device. Anyway, you can still turn off 3rd party cookies in Firefox, you just have to know how (and I'm going to tell you). In the location bar of Firefox, type about:config. This will open a hidden interface in the browser. Scroll down to the entry labeled "network.cookie.cookieBehavior", or you can type this into the Filter field to reduce the options below. Once you see the entry, double-click on it and change the number from a 0 to a 1 and then click "OK." That's it, you will now block 3rd party cookies in Firefox. If you use another browser, you can do a Google search for the name of your browser and "3rd party cookies," and you should find instructions for blocking them.

Well, that's all I have on cookies. I hope I cleared any confusion you may have had regarding this funnily named web browser feature. If you are still wary of cookies, just turn them off. You may, however, find that the web doesn't work near as well without them. As always, you can find a full transcript of this show at www.techbyteshow.com. If you want to hear more talk about technology, you should subscribe to our sister show Tech Talk with 5 to 9 Computer Services which you can find at http://www.techtalkshow.com. To request a topic to be covered in a future Tech Bytes show, send an e-mail to requests@techbyteshow.com. I'm Kevin, and I'll be back next week with another serving of Tech Bytes.