Web Privacy: How the Cookie Crumbles
Our increasing dependence on the Internet decreases our chances of maintaining privacy. But with a little care, you can still use the Web without revealing your e-mail address or personal identity--right? Alas, the most recent discovery by independent security analyst Richard M. Smith challenges that assumption.
Today, many Web sites place cookies on your hard disk to profile your interests and deliver customized information. In theory, cookies identify only the PC, not the person using it.
However, as Smith discovered, a loophole in both Internet Explorer and Netscape Navigator makes it surprisingly easy to match e-mail addresses and cookies, thereby linking a unique identifier to a nameless profile. When you view an e-mail message sent in HTML format, your e-mail software uses a browser to display it. Any graphic in the HTML message must be loaded from the originating server, and any cookie previously deposited by that server will be transmitted back to the site when the graphic is fetched. That fetch request can also transmit your e-mail address. By sending out junk e-mail with graphics, advertisers can match e-mail addresses with previously issued cookies.
So far, no one appears to have tried this trick. And if privacy advocates have their way, no one will: Smith has joined with eight privacy and consumer groups in asking the Federal Trade Commission to require that software makers close the loophole.
Microsoft and Netscape told us they were investigating the issue, but neither
had announced a patch. In an e-mail to
For the time being, the surest way to protect your anonymity is to instruct
your browser not to accept cookies and delete existing cookies from your hard
drive. But if you reject cookies, you may not be able to access your favorite
Web sites. For more on tossing your cookies, see
If you use Windows 95 or 98 to access an NT network, a snoop with physical
access to your PC can snag your password. The old Windows for Workgroups stored
users' network passwords in system memory after each log-in. Part of this
habit was carried over to Windows 95 and 98 (but not Win 98 Second Edition).
By issuing certain commands, an intruder can learn your password. You can
Internet Explorer 5.01 resolves scores of IE 5 stability and
security problems, including memory leaks and numerous security holes covered
Corel may have the answer to your gripes about stability and
compatibility glitches in WordPerfect Office 2000. Corel's Service Pack 2
features more than 100 updates to WordPerfect 9, Quattro Pro 9, Paradox 9,
and the other applications. Highlights of the Service Pack include better
Word 97 compatibility, solutions to speller and thesaurus snafus, and better
import and export capabilities. You can download the free upgrade from
Found a hardware or software problem? Tell us about it at