Computer gurus call them “cookies,” and your personal computer is the cookie jar.
Concern about how these cookies can invade personal privacy abounds among the growing numbers of people who use the Internet, as well as among people who build World Wide Web sites that use them.
These sweet little nuggets of information can include things like your age, your gender, your income and maybe even your preferences (and size) for pantyhose, or cheesecake, as well as what kind of flowers you sent Mom on Mother’s Day and whether you prefer Republicans to Democrats.
Growing awareness of this invasive feature of today’s Internet is creating profound concern not just among dismayed personal computer users but among many major players in Corporate America.
Corporate leaders are fearful that news of cookies will stifle on-line business. Consumers apparently are just angry.
A new study by the Boston Consulting Group confirmed the fear last week with a finding that unless concerns over cookies are eliminated, Internet commerce will grow only half as fast as it could otherwise.
Cookies are created on your computer in the form of small files containing some tidbits of information about you.
They are written and stored on your hard drive as you move about on-line, doing things like shopping, exploring employment opportunities, planning vacations and even reading news wires.
Internet experts, sometimes called Webmasters, can then read these cookies when users log on to their Web sites.
A consortium of 40 major U.S. companies, led by Internet giant Netscape Communications Corp., last week began to draft major reforms aimed at nipping in the bud the abuses that cookies can cause.
The group vowed to implement cookie reforms within a week to allow users to restrict the amount of information they provide. Participants include computer giants International Business Machines Corp. and Oracle Corp., American Express Co. and other commercial giants, and media companies, including Time Warner Inc. and Knight-Ridder New Media, all with major stakes in the future of on-line commerce.
Christine Varney, a member of the Federal Trade Commission, said the program is a crucial step if a “market-based solution” is to be reached before government regulators step in.
And industry experts agreed that a fix is needed quickly.
“When you are connected to the Internet, you are involved in information exchange, whether you know it or not,” said Marshall Wieland, marketing director for one of Chicago’s largest Internet service providers, American Information Systems Inc.
“Every time you click on something, you could be volunteering very private information about you, your computer and even your home or place of work.”
American Information Systems, which is promoting a cookie-prevention software package called iproxy for sale to other Internet service providers and corporate Web site developers, has posted a site at www.iproxy.com./privacy.shtml that illustrates the problem.
The site provides an instant report telling a visitor where he or she had last been on the Internet and which computer network the visitor is using.
Wieland explained that the site dramatizes how Web users divulge things they probably would rather not share with some stranger sitting in front of a glowing screen in some corporate or private computer bunker.
People who learn about this, Wieland noted, tend to be disinclined to use the Internet and even less inclined to buy things on-line.
The Boston Consulting Group study discovered that growing numbers of Internet users are learning about cookies and that they are not pleased with the news.
This concern, the study found, is a bread-and-butter issue for promoters of Internet commerce, because polling showed that people will stay away from on-line activity in droves if they decide they can’t trust cookie-makers.
The group concluded that consumer commerce on the Internet is likely to hit $6 billion in any case by 2000, but that it could reach $12 billion if consumer privacy is guaranteed.
“It is very clear that cookies can be a very real threat to people who use the Internet. They can be used not only to invade your privacy, but they can be altered to provide false information about you,” noted Michael Banks, author of a newly released book, “Web Psychos, Stalkers and Pranksters: How to Protect Yourself in Cyberspace.”
“Say you log on to the Archdiocese of Chicago Web site and Father Mike is sitting there at the Webmaster’s chair, and your cookie tells him that you’ve just come from the Marilyn Chambers pornographic video site?
“Of course you don’t want that,” said Banks, a specialist in writing computer books. “The fact that some prankster can very easily rewrite your cookie files to tell the next Webmaster something false about you is just the tip of the iceberg in a very troubled ocean.”
As Banks noted, the cookies from a Web shopper or a Web browser are ripe for picking by those who created the Web sites they have visited or will visit.
In a typical cookie-creating incident, a Web surfer arrives at a site, and the software running on the computer where that site is stored records where the visitor had been just before arriving.
It also records the location of the computer that the visitor used for an Internet connection. A cookie-maker can, for example, tell instantly whether somebody came from a corporate Web site, perhaps stealing time away from doing their job, or whether they logged on from a home-oriented service like America Online.
Then, if a visitor volunteers information about personal demographics in response to questions, that data is recorded as well.
Much more can be done if the cookie collector wants. For example, as you visit a site that offers merchandise, a record can be kept of which things you paused to examine and what you quickly moved past.
All this information can be, and often is, written to a file and stored in a directory called “cookies” on a Web user’s computer, under a name chosen by the cookie creator.
The next time that user visits the site, the cookie is read and various things happen.
For example, cookies can consist of a user name and a password, thus sparing a user from having to type both in each time a site is called up. Two exceptionally busy sites, the on-line editions of the New York Times and the Wall Street Journal, let customers set up cookies to automate these log-ins.
But the engineers at the site don’t have to be open about it, and most cookies are created without informing the visitor.
And this must stop, said Netscape’s chief of technology, Marc Andreessen, who’s widely credited with being the creator of the browser-based Web software that makes cookies possible.
The reform, which consists of a national set of software standards to be written into future Web software, will allow individuals to decline to provide any information at all via cookies or to agree to offer selected data to sites the user can trust, Andreessen said in a statement announcing the effort.
“Netscape is taking a leading consumer advocate role on this issue,” he promised.
