Not all cookies are bad, read on.
From LangaList 2004-09-23
Win98 is a single-user system its Cookies could be kept in a single location. XP is, at its core, a multi-user system. Even when it's used by one person, it's still set up internally to allow for multiple users or multiple accounts for the same user. That's why each user- each account- has its own private Cookie stash, separate from any others. (See next item, too.)
But it's easy to clean up Cookies. Most browsers have basic Cookie-cleanup routines built in. For example, if you use Internet Explorer, next time you're on the web, click Tools/Internet Options/Delete Cookies.
If you want a more thorough tool for wiping out *all* your stored Cookies, you can also easily set my (free) cleanup batch files to delete any folder, including your Cookie folder if you wish. http://langa.com/cleanup_bat.htm
Or: Use any one of hundreds of available Cookie-cleanup tools: http://www.google.com/search?q=clean+cookie
Note that focused security tools like Ad-Aware are not designed simply to sweep your Cookie cache clean. Rather, tools like Ad-Aware look for Cookies of a type that can be abused by unethical web sites and then lets you delete those Cookies, if you wish.
But note that most cookies- even the so-called "tracking" Cookies- are usually either benign or even actively helpful. The people who make anti-Cookie tools will do all they can to convince you that all Cookies are evil- imminent threats to your security. But they say that because they're trying to get you to use their tools. Yes, *some* Cookies can *sometimes* be misused in *some* limited ways but it's rare. Almost always, Cookies are a very low-risk thing, and simply not worth a lot of worry.
A great general tool for viewing your Cookies, seeing what information is actually stored inside, and then selectively deleting the ones you don't want to keep, is Karen Kenworthy's free "Cookie Viewer:" http://www.karenware.com/powertools/ptcookie.asp
And from 2002-04-18
One of the most common uses of Cookies is to track "returning visitors" to a site: Depending on when you were last on a site, and what pages you visited when you were there, you may be shown custom content that varies visit to visit. For example, in this case, it appears that the site is set up to reward returning visitors with an automatic markdown- a kind of private sale. Delete the Cookie, and you lose access to the automatic markdown.
Other web sites use Cookies to display "getting started" info to new visitors, and omit that info for later visits. Delete the Cookie, and you never get past the "getting started" info.
Likewise, some sites that require a login use a Cooke as a kind of ticket to let you back into the site at a later date. If you delete the Cookie, you have to log in from scratch.
In fact, almost all uses for Cookies are either benign or actively helpful. It's actually very hard to subvert Cookies to evil purposes- although anti-Cookie fanatics make them sound like a gaping security hole. They're not: Most Cookies are utterly harmless.
Ironically, in a misguided attempt to increase security, many users are blocking all Cookies, "web bugs" and the like. Not only do they not materially improve their security, but they do create another very real problem:
I appreciated the review of desktop firewalls, however I feel your criticism of ZAP3's privacy features is off-base.... Other desktop firewalls have this capability, too, e.g. Outpost, and there are many standalone products that folks use to kill banners, pop-ups, etc. I encourage you to address this issue more generally and educate users about why they might want to allow some kinds of advertising to appear in their browsers. As is, many of us ruthlessly and indiscriminately block as much advertising as possible. - Victor Sacco
Victor's on to something: It's the law of unintended consequences. If a site gets its revenue from ads, and site visitors prevent the ads from displaying or being counted (the most common use for web bugs is simply counting how many times and ad was displayed), the site owners don't get paid, and the site will go out of business.
Don't get me wrong: Some forms of advertising are way too intrusive. I will never, ever buy an X10 camera, for example, if only to punish the X10 company for all those ridiculous pop-under ads they spawn. And if a site has too many pop-up/pop-under/pop-over/pop-on top/pop-whatever ads, I simply take my clicks elsewhere.
But wholesale blocking of *all* ad-related traffic is something else: Blocking even nonobtrusive ads/Cookies/Bugs/etc is a sure-fire way to help guarantee that even good ad-supported sites will go out of business.
If you've read this newsletter for any length of time, you know I'm a nut about security. But most of the supposed security issues with Cookies and Bugs simply are a myth- often promulgated by people who want to sell you anti-Cookie/Bug/Ad software or services: These individuals take a small matter, scare you to death by blowing it way out of proportion, and then offer to provide you with the solution to your (artificially-increased) fears.
Worse, in many discussions, anti-Cookie/Bug/Ad stuff is given equal footing with anti-spyware or anti-virus tools. This blurs the distinction between very real, high-risk threats- like spyware, viruses, worms, etc- and very low-risk threats (like Cookies and Web Bugs).
By analogy: It's as if domestic insurance policies were designed to protect your belongings against fire- and meteor strike. Isn't it silly to put low-probability threats on the same footing as higher probability threats?
But I know I'm swimming against the tide on this one. People *feel* more secure blocking all Ads/Cookies/Bugs/Etc, and so they'll do it, even if (1) it really doesn't do much to make them more secure and (2) even if it helps to kill off the free sites they like to visit.
I tried to explain this in http://www.informationweek.com/story/IWK20010621S0030 , which shows you what would have to happen behind the scenes for a Cookie, Bug, Beacon (or what not) actually to be a *real* security threat to you. Once you see what's involved, you'll know why I regard these things as a mostly trivial matter, and not worth worrying about.
But I know that most people's minds are made up: "Cookies/Bugs/Beacons are bad! They're just there to spy on you!" It doesn't matter that this popular sentiment is simply not true. Oh, well.
I'll make this prediction with 100% confidence: As Cookie/Bug/Ad/Beacon blockers become more pervasive, more and more "free" sites and services will go away. Count on it. 8-(
Just my 2ยข worth,
Jeff
