Cookies: Information about how we use cookies.

 

How We Use Cookies

Cookies are generally used to keep track of users as they navigate around a web site. Some sort of tracking is necessary because of the "stateless" nature of the World Wide Web, which means that web servers effectively treat each request for a page as a separate, isolated event. Many web sites, on the other hand, require the ability to support transactions that involve multiple page requests. A site allowing a user to choose several products and place orders for them is one example of this kind of site.

When a user enters such a web site, a cookie is generated and placed on the user's PC. From then on, the browser sends back this cookie with each page it requests, so the web site will know which requests are coming from which users. These cookies may expire, i.e., be deleted, when the user exits the browser session.

For some sites we use cookies to remember users from one visit to the next. Sites like these support user accounts, in which some persistent information about the user is kept in the web server's database.

Usually we accomplish this task without permanent cookies; a username and password is required each time the user visits the site, and a temporary cookie is used to track the user for the remainder of the site visit. In some cases, however, the information in a user's account may not require strong security, so we create a cookie that points to the user's information in the server's database. In essence, the user is logged in automatically each time he or she visits the site.

In still other situations, the site may need to remember only a small amount of non-confidential information about each user (for example, preferred screen layout, nickname, etc.). These sites may store the user's information directly inside a cookie for each user.

How we deploy cookies depends on your specific needs. We can avoid using them entirely, or use them in tandem with any level of security you require. We'll make a recommendation, but the choice is up to you.

Top of Page  

Why We Don't Think Cookies Are a Security Risk

There has been a lot of press about privacy and security on the Internet, and the use of cookies has been mentioned quite a lot. Security and privacy are both vital concerns, but we think cookies have been getting a bum rap. Here's why:
 

  • Cookies cannot be used maliciously. No one can guarantee that cookies will never be used for malicious purposes, but currently we know of no feasible way for them to be used to read or damage the contents of a user's hard disk, or to introduce a virus onto a user's PC.
  • Cookies cannot be used to gather information that is not volunteered by the user. Web sites gather information in three ways: by reading the header information sent by all browsers with each page request, by recording information users enter on a web page form, and by recording banner ad clicks. There may be security issues related to the first two sources, but they really do not have anything to do with cookies. Moreover, sites cannot read cookies stored by other sites, only the cookies they themselves store.
  • Capturing information about banner ad clicks does raise some privacy issues, but does not endanger your PC or your data. For more on this issue, read the relevant section in our cookie FAQ.
  • Cookies can be easily detected, removed, or blocked. We can include with your site as much information as you desire about how cookies are used in general and on your site in particular, and how they can be managed. We can also provide links to additional information on the web, as well as links to techniques and utilities for managing cookie activity. If necessary, we can design sites without using cookies, although, in some situations, at the cost of some efficiency or functionality.

Top of Page 

How We Practice Cookie Etiquette

  • When we use cookies, we make them understandable to users. In other words, we use recognizable cookie names and values, so users will not feel that something is going on behind their back. When it is necessary to use cryptic cookie names or values, we will provide information on the site about what they mean.
  • We are up front about how our sites use cookies. Somewhere on the site, we will explain how cookies are used, and how users can find them on their PC
  • We minimize the use of cookies. Some users prefer to be notified before they accept cookies, although this notification becomes quite annoying when a lot of cookies are used on a site. We try to limit cookie activity to one per page.

Top of Page 

Cookie FAQ

What is a cookie?

A cookie is a species of the ubiquitous Internet creature, the name-value pair. That is, a cookie is a bit of information, consisting of the name of the information, and its value. They are created by Web servers and stored in a file (or files) on your computer.
 
What is it doing to my computer?

Nothing. Except occupying a tiny but of hard disk space.
 
What are cookies used for?

In general, web servers use them to store information on your PC. They can retrieve this information later, the next time you access the site. In practice, this allows web sites to keep with users from page to page and visit to visit. Used properly, they can greatly enhance the functionality and convenience of a site.

Top of Page

How do I look at the cookies stored on my machine?

If you have Navigator or Communicator, look for the file cookies.txt on your computer. It's probably in your browser’s directory. You will have one for each version of your browser. Netscape's latest browser, Communicator, stores a file for each defined user. If you have Internet Explorer, there is a separate Cookies subdirectory under your Windows directory. It contains a file for each cookie.

Some cookies are pretty easy to figure out. Others look like gibberish, and are only readable to the site that stored them.

Can cookies do my PC any harm?

No. All they can do is occupy hard disk space on your machine. And not too much of that: only 300 total cookies are allowed, and only 40 can be from the same domain. If your browser receives more, it will begin deleting older cookies to make room.

Cookies are generally stored as text, but it is possible to store what amounts to an executable file inside a cookie, albeit a small executable. If you have a particular browser (IE 3.0) containing a bug that allows a web server to execute a program, then it is conceivable that an executable cookie could be run, introducing a virus onto your machine. However, this is in practice an extremely difficult thing to pull off, so we don't consider it a serious threat.

Top of Page

Then why all the fuss about cookies?

Much of the fuss about cookies is overblown, in our opinion. But cookies can be used in ways that many people find intrusive. For example, several companies (for example, Focalink) that provide advertising banners for web sites use cookies to make sure you don't see the same ad over and over again, and in some cases to gather demographic information about you.

Here's how it works. Sites that use Focalink ads will check your PC for a Focalink cookie whenever you visit. If a Focalink cookie exists (because you have visited a "Focalinked" site before), then the site will know what ads you have looked at, and possibly which ads you have clicked on. This information is then used to tailor the specific ad that you see on the web site. If you don't already have a Focalink cookie, one will be added.

It is possible that, over time, these cookies will contain enough information to paint a picture of your preferences, given the ads you click on. Because this is all done without the user's knowledge or consent, many consider it an offensive technique.

Top of Page

Can a Web site read cookies that were stored by other sites?

No. We have never heard of it being done, or even being possible. Note that some sites do places cookies on your machine on behalf of other domains (usually marketing companies). See the preceding question for more information about this technique.

Can I detect when cookies are being used?

You cannot tell when cookies are retrieved from your computer (or more precisely, you can't stop your browser from sending them), but you can tell when they are stored or updated. To set this in Navigator 3, choose Options, Network Preferences from the menu, then choose the Protocols tab. In Microsoft Explorer, choose View, Options from the menu, then click on the Advanced tab.

Note that when you do this, you will get an alert every time a cookie is set. You will have the opportunity to refuse each cookie. Some sites set a lot of cookies, so the alert can get to be annoying.
 

Top of Page

I don't want Web sites setting cookies on my machine. How do I stop them?

Turn on your cookie alert as described above. Whenever a site asks about storing a cookie, just say no. Most sites that use cookies are set up to work with browsers that don't accept them, so things will still work fine, but some sites (such as shopping sites) may not work correctly, or may not remember you the next time you visit.

In Netscape Communicator, choose Edit Preferences from the menu, then choose the Advanced section. Communicator also allows you to refuse all cookies, no questions asked.

If you want still more control over the cookies you allow, there are several techniques you can use to prevent certain sites from adding cookies, or to remove cookies you later decide you don't want. Visit www.cookiecentral.com for more information on these techniques (and much more about cookies in general).

Why did they they name these things "cookies," anyway?

No particular reason, some say. But the name was probably inspired by a UNIX construct called a "magic cookie."

Top of Page
Client Login

Home | About Us | Portfolio | Services | Contact Info | Site Builder | Links
© 2007 Copley Internet Systems Inc.