One of my clients asked me about the new EU law on cookies of which 3 member states have taken on board (one of those being the UK, where I live).
What is a cookie?
A cookie is a small amount of data that a website asks your browser to store on your computer that the website (and only that website) can recover at a later date. If you use more than one browser, that information is not retrievable from one to the other. The actual cookie (small block of data) is stored on your hard drive by the browser so that it can read it when requested by that website later.
So for example if you visit the BBC website using Internet Explorer, it will drop cookies into your browser to make your visit more personal; then if you pop onto the same BBC website using Firefox, that information just stored will not exist, so you will be starting afresh. Take the BBC weather page in which you can tell it your hometown so that the weather is always by default shown to you for your favourite location. Without this, it will be ‘forgotten’ and if you use another browser, you will have to tell the site once again what your preference is.
Are cookies useful?
Most of the time cookies are of benefit to you because your experience when visiting web sites is managed using cookies. In the example above, your hometown is stored in a cookie for when you check the weather next time to give you quickly what you want to know.
Any information which the website already knows can be stored in a cookie for later retrieval. It can’t read stuff off your computer, or put stuff onto your computer (other than in the cookie), so that information is very limited. What it does know is your current ip-address (so roughly where you are located), what type of browser you are using and also whether you specifically came to the site from a search and what that search term was.
Now one might argue that they are detrimental to you too because they are ‘dropped’ into your browser without your knowledge to track your visit which is perhaps over and above what you are wanting. This information might be used to build a picture of what you are interested in to again give you a better browsing experience, conversely it may be used to decide what advertisements to display to you and other marketing techniques.
How cookies are used behind your back
A website can allow another website to drop a cookie in your browser and again without your knowledge.
This is done on almost any website of significance for the purpose of tracking and statistical analysis. One of the most heavily utilized services such as this is provided by Google Analytics and where a website asks Google to drop a cookie in your browser so that Google can tell get some idea of your navigation around that website so that the website owner can tell how well he is doing with marketing his website.
Another heavily utilized service here is in sales banners and links provided by companies such as Google Advertising systems and Amazon where websites ask these companies to drop a cookie in your browser so that they can display advertisements to you tat are ‘right for you’. You may recently have noticed how adverts are shown to you on websites about stuff you searched on Google half an hour ago – clever eh?
One thing to mention again is that only a website that drops a cookie can read it back. This is part of the security system inside your browser and it is very strict about matching the domain name of the cookie owner. So if the BBC uses Google Analytics to track your activity, only Google can read back the cookie that it dropped when you visit the BBC website.
Are cookies bad?
As explained above, you often don’t know when cookies are being dropped (although you can stop this happening with the settings in your browsers). In the real world when you are going about your business, you often know when you are being tracked because for example you use store royalty cards by choice. However every time you use your credit card, the company knows where you shopped (I believe this has been used to target you for advertising) and they know your movements and habits!
I think it would be difficult for cookies to be used maliciously (by tracking your visits) as the only companies that have access to what you do in a big way tend to be big corporations because only they have the cooperation of multiple website owners to dump and read cookies to your browser (as I mentioned only the cookie owner can read it).
Don’t forget this information is available to the website owner when you visit their site. All the cookie does is allow the website to store that information (and any other info it desires that might be useful) so that it can be retrieved when you visit next time.
Technically, it is possible that a wordpress plugin writer for example could dupe website owners into using a plugin that drops a cookie from the plugin owner’s domain into the browser of everyone that visits those websites. The plugin owner could then track everyone that visits those websites (just like what Google Analytics does) but you don’t really need a cookie to achieve that and then what would they do with the information?
Why this law is stupid
Below is a great video about the new EU law – from http://silktide.com
{ 1 comment… read it below or add one }
Thanks Tony. That’s very helpful. Not sure what we’re all going to do but at least we know what’s going on!