Cookies are a Sometimes Security Threat

Scott Hardie | December 30, 2005
It's 2005 for Christ's sake. When are people going to stop being paranoid about cookies? (link) Apparently the NSA is in hot water because their site created persistent cookies, and this goes against White House instructions on the matter. Well, so? Breaking the policy is bad, sure, but cookies aren't. Why the uproar over them? Because they let the company know that you started on page A and then clicked to page B and then clicked to page C? Who the hell cares? Guess what, privacy advocates, there are such things as server access logs and web analytics software that can often tell the company exactly what pages you accessed in exactly what order; all cookies do on top of that is let the site itself behave accordingly. I guess it's progress that cookies are no longer considered harmful (they're fucking text files), but it's time for us to move past the other silly belief that all cookies pose some sort of threat to our privacy. There are a handful that do; most cookies are of great benefit to our web experience.

John E Gunter | December 30, 2005
Ha, ha, ha, yeah, the access logs are so much more important for watching traffic. What's even better is that you can put tags on the pages that use special web trafficking servers to get even more information on what you are doing than what default web server logs can give you. I understand the need for privacy and think that some of what these groups are doing is great, but you can go way too far.

In fact, you can’t even use the Valpak.com site if you don’t accept cookies, so people who fear cookies aren’t getting coupons from us!

John

Scott Hardie | March 13, 2011
Five years after I wrote the above rant, people are still up in arms over cookies. The latest trend in online privacy is "do not track," in which either browsers block tracking cookies or the FTC steps in. The latter article quotes a Congressman as saying, "My draft legislation requires covered entities to provide consumers in clear and easy to understand language what information is being collected and how the information is being used." Maybe there would be less paranoia about cookies if people understood that nothing dangerous is being tracked in them?

Outside of identity theft by criminals who steal the data, what are people afraid of marketers finding out about them? Marketers already have your contact information. For them to learn how much money you make, or what kinds of products you're interested in buying, or what niche demographics you belong to -- what exactly is the harm? Much of modern advertising is a nuisance, and anything that increases its presence or power makes it more of a nuisance, but that's not the same thing as making it harmful or dangerous. Are people afraid that more effective advertising is going to trick them into buying things that they do not need? They already do enough of that on their own.

The problem with blocking online tracking by advertisers, as it is with using AdBlock or similar browser plugins, is that advertising is what keeps many websites afloat. In the future, we will come to a day when paying for a useful website is the norm instead of enjoying it for free, but many sites will not survive the interim without advertising to fund them. I'm surprised to see a Republican behind this anti-business legislation, but I guess people so want the tracking bogeyman to be slain that the cause has gained traction. I hope people know what they're asking for.