Firstly, lets talk about what cookies are. A cookie is a very small text file that a web site puts on your computer to help the web site along. You can use your web browser to look at your cookies since they really are nothing more than text. Most importantly, they are not programs and can't "do" anything to your computer. They can't carry computer viruses or install malware. Cookies are used to "remember" something. Say for example, you visit a shopping site just to see the special sale items on the home page. The site may leave a cookie containing the time you last visited so that it only shows you new sale items since your last visit or remind you of what you clicked on previously. Now that's a nice feature since you don't need to look at the same stuff over and over again and if you go back to the site you can find that product that interested you.

Another reason for cookies is to determine how many visitors there are on a site. Most of us connect to the Internet via an Internet Service Provider (ISP). Each ISP may have hundreds of thousands of customers but to the outside world it only has a relatively few IP addresses. How can a web site differentiate your unique computer from say someone across town who also is a customer of the same ISP? One piece of information in the cookie a site leaves on your computer is an ID of some sort. The ID itself has no meaning other than the fact that it is unique. Each new visitor to a site gets a new unique ID.

From a security point of view only the web site that put the cookie can retrieve it. This is really very harmless because the web site knew the information when it put the cookie on your computer so it can't hurt to let the web site have it back.

You may now be wondering why governments are making laws about cookies. They're (almost) harmless, aren't they? The problem comes when web sites join together and share the information either by selling or trading it, or by combining the way web sites are sent to the browser. We've all seen advertising on web sites, those annoying, flashy, distractions that make you want to punch the screen - oops, maybe not everyone is like me and not all advertising is that intrusive, but you get the idea. Well the advertising doesn't come from the web site you are looking at. The advertising comes from another web site that is run by a marketing company but it was sent in response to an advertiser's ID that belongs to the web site you are viewing. The web site owner signs up to a marketing program and is assigned an ID. Advertisers sign up to the marketing company to show their ads. When the web page is composed, code is loaded from the marketing company's web site using the ID. The marketing company gets to build profiles on people's online habits, the web site owner gets a cut of the revenue for the click on the advertising, and the advertiser might get a sale (but it doesn't matter at this point because he's spent his advertising budget anyway). In this arrangement the marketing company has access to all the information except who you are. It knows the type of company and web site that has signed up to display the advertising. It knows the advertiser that signed up. And it knows which ads generated clicks from which sites. Even though it is anonymous, there's a rich field of data there.

Note that it is only the large marketing companies that can put ads on many sites that have access to this information. It isn't something a single site can do. Nor is it something that the advertisers can do. What happens over time is that a long-term record of an individual's browsing habits is able to be compiled.

More detailed information is available in this article.

• Prev
• Next