Welcome to the new Independent website. We hope you enjoy it and we value your feedback. Please contact us here.


Network: Death to the cookie monster

A glitch in your browser may be laying you open to unwelcome visitors
OVER THE past few months, my in-box has been suspiciously overflowing with an increasing amount of junk e-mail. Most missives rank from bizarre (Spreadsheet Alert, Jehovah Visions or Ohio Flying University Newsletter), to mildly useful, such as Victoria's Secret daily bargains. I understand where this "spam" comes from, and generally avoid any sites that ask me for my e-mail address.

However, I suspected something fishy was going on last week when an innocent- looking e-mail proved to be advertising for the latest pyramid-selling scam in Florida. I get more than 80 e-mails per day, and I have no time for spurious junk e-mail, particularly the type that comes from the US get-rich-quick school of marketing. So I decided to find out how they got hold of my address.

After some digging, I discovered something rather sinister. Some time ago I downloaded Netscape 4.5, and it transpires that my in-box overload is caused by Netscape implementing "cookies" badly on that particular version. Cookies are tiny files that get planted on your PC's hard disk by a website that you visit, and which send details of your surfing behaviour back to the site's owner. These nuggets of information can trigger specific messages to be sent to your in-box or, more often, show you a personalised banner ad next time you are on that site. In principle, cookies are not harmful. If the site owner knows my tastes and can show me information that is relevant, that's a good thing, and I consider those to be Good Cookies.

However, the bug in Netscape's cookie implementation system has given access to my cookies not only to the websites with which I've registered, but also to a whole bunch of sites that I only browsed. The problem is that the bug allows cookies to be shared between unrelated site-owners. So if you give your e-mail address to, say, Amazon.com, the cookie will store it and allow other sites to sniff it out and use it for their junk e-mail. Soon you'll be getting lots of "personalised" alerts about their latest discounts on fake gold earrings in the shape of Ivana Trump's bottom.

Another bug in Netscape affects non-US domains, allowing cookies to be shared among sites with the same domain structure as long as it has two dots (eg a domain composed of three words, such as independent.co.uk, could access cookies set up by guardian.co.uk). The problem not only creates privacy issues for the user, leading to abuse of cookie information among competing sites, but also potentially means a lot of wasted bandwidth. The cookie sends information to the site owner every time you visit that site. If the cookie thinks that every site ending in .co.uk is your cookie- owner, then it will be sending information every time you access any site with co.uk in its domain. Since you as a user are paying for this, then the cookie bug may cost you money, not just hassle.

One solution to the cookie crisis is to set up your browser to reject cookies. However, you will be robbing yourself of the pleasure of shopping bargains, as most e-commerce sites use cookies to implement their online shopping baskets. And if you switch off the cookies, forget about reading the trendy left-wing views and news from Guardian Unlimited, as its sites utilise mandatory cookies. Independent Online, however, will still let you in if you set your browser to refuse cookies.

So how do you kill the bad cookies and keep the good ones? There are a number of options. I have switched to Internet Explorer, as there is a tool for Windows 98 (cookies.vbs) which claims to help you manage your cookies in an intelligent manner. Bad cookies are killed, while good cookies are simply copied to a Save directory. This little "cookie-cutter" cleans up your hard drive and allows you to prevent abuses. You will need Windows Scripting Host (available from www.microsoft.com) and then you will be able to get cookies.vbs from the PC Magazine archives on www.zdnet.com.

Be warned, though, that the task of cleaning up your cookies will be quite time-consuming, as the average surfer or online bargain hunter gathers up to 200 cookies per quarter. I have found more than 180 of the little monsters lurking on my hard drive and it took me almost half of a day to sort out the bad and the good ones.

Another way of dealing with cookies is to install a more intelligent browser. Some browsers have even added more control over the cookie monster and let you make decisions as you go. One example is a German production (download it from www.icab.de/iCab_US.sit); iCab not only has a built- in cookie manager, but it is in fact a pretty good browser, with the plus of being small in size (using around 3Mb of Ram), unlike IE (the latest version is simply gigantic) or the latest version of Netscape.

For more info on cookies, check out www.cookiecentral.com. But remember, cookies are safe if they are well-implemented. It is only cock-ups that lead to problems, and these can be controlled at your end. New legislation banning marketeers from exploiting sloppy practices by the browser community would not go amiss, but there always will be foul-ups on the browser end as they are getting too big and unruly to exercise any degree of control over product quality.

If you experience cookie problems or have a good solution you want to share, then please mail me.