RSS
Follow us on:
  • Recommend:
  • 0 Comments

Web Privacy: How the Cookie Crumbles

Our increasing dependence on the Internet decreases our chances of maintaining privacy. But with a little care, you can still use the Web without revealing your e-mail address or personal identity--right? Alas, the most recent discovery by independent security analyst Richard M. Smith challenges that assumption.

Today, many Web sites place cookies on your hard disk to profile your interests and deliver customized information. In theory, cookies identify only the PC, not the person using it.

However, as Smith discovered, a loophole in both Internet Explorer and Netscape Navigator makes it surprisingly easy to match e-mail addresses and cookies, thereby linking a unique identifier to a nameless profile. When you view an e-mail message sent in HTML format, your e-mail software uses a browser to display it. Any graphic in the HTML message must be loaded from the originating server, and any cookie previously deposited by that server will be transmitted back to the site when the graphic is fetched. That fetch request can also transmit your e-mail address. By sending out junk e-mail with graphics, advertisers can match e-mail addresses with previously issued cookies.

So far, no one appears to have tried this trick. And if privacy advocates have their way, no one will: Smith has joined with eight privacy and consumer groups in asking the Federal Trade Commission to require that software makers close the loophole.

Microsoft and Netscape told us they were investigating the issue, but neither had announced a patch. In an e-mail to PC World, a Microsoft spokesperson said the company had confirmed Smith's theory, but "it does not appear this is a problem that technology alone can solve. The solution may lie in appropriate regulation [of Web companies]."

For the time being, the surest way to protect your anonymity is to instruct your browser not to accept cookies and delete existing cookies from your hard drive. But if you reject cookies, you may not be able to access your favorite Web sites. For more on tossing your cookies, see "Guard Your Online Privacy: Web Privacy."

Would you recommend this story? YES NO

Subscribe to the Windows News & Tips Newsletter - weekly

See All Newsletters »
Lenovo Laptop Deals
Bugs and Fixes
All PCWorld Blogs

Subscribe to the Windows News & Tips Newsletter - weekly

See All Newsletters »
Today's Special Offers