CHICAGO, April 20 (UPI) -- Would anyone willingly download a file from the Internet that can track his or her movements online and provide that private information to advertisers?
Willing or not, experts told UPI's The Web chances are most Internet users already harbor many "cookies," or small data files, on their computer hard drives, giving marketers a glimpse of what they buy online, where they buy it and how much they spend.
"Cookies are a hot issue right now," said Ann Westerheim, president of Ekaru, an IT security consulting firm in the Boston area. "People have heard of cookies, but they are probably not aware of the fact that the files are being written to their hard disk."
Cookies developed innocuously enough back in 1995, when Netscape debuted its Web browser. The small text files -- similar in many respects to a Microsoft Word document -- enabled customers to visit Internet sites without having to log in repeatedly.
"It can serve like an ID card for a Web site," said Brian Grayek, chief technology officer at Preventsys, an Internet security firm in Carlsbad, Calif. "The idea behind the cookie is incredible."
Without cookies, computer users would have to remember hundreds of passwords for many different sites they visit on a regular basis -- from Opinionjournal.com to to Amazon.com -- which could be quite a hassle.
"A lot of cookies are quite beneficial," said Jon Kuhn, a specialist in spyware and cookies in Sunnyvale, Calif. "If you leave the cookie on at Amazon.com, they can remember you and tell you what books you've purchased, like mystery books, and recommend new mystery books to you."
The problem is, like other technologies online that have beneficial uses -- e-mail being the primary example -- cookies can be abused by hackers and computer criminals.
"Cookies are now part of the whole issue of Internet security and privacy," Westerheim said.
Some Web sites are retaliating against users who block cookies with their browser or remove them from their hard drive, Grayek said. Developers have created software to determine if a cookie is missing from a computer user's hard drive, and then return it to the user's system. A company called United Virtualities offers software for this purpose, but others have developed custom applications that accomplish the same thing.
"These are security loopholes -- they (represent) are a certain level of risk whenever you go out on the Web," Westerheim said. "If you go to safe sites online, there will probably be no problem, but if you are downloading music or games, or worse, things like (reinstalling a deleted cookie) can happen."
Moreover, hackers can write cookies that can list and report all of the files are on a user's hard drive. That information can be exploited to locate passwords or tap into money-management software, if it is not secure.
"Being a text file, cookies are open to abuse," said Grayek. "Hackers are glomming on to that."
To prevent hackers from infiltrating computers, experts advise taking a couple of precautionary steps.
Kuhn, the cookie expert, said he has installed a program on his computer that encrypts part of the hard drive, where he stores all of his passwords for the programs he uses on the Web.
"That helps," Kuhn said.
Another tactic is not to use the same password for a number of different sites. If a hacker figures out one of them, that makes it easy to figure out others -- maybe accessing a credit card to make online purchases under the user's name and password.
"You need to have good cookie etiquette," said Kuhn. "Don't save the same passwords in critical applications."
Another tactic is to purchase spyware-blocking software that stops cookies sitting on a hard drive from disclosing other personal information. "You can block the outbound communication," Kuhn explained.
The primary tactic to adopt is for users to block most new cookies with their Web browser settings, Grayek said.
In the Microsoft Internet Explorer browser, go to the "tools" menu and select Internet options. Choose the privacy tab, and then press the advanced button, and then select "override automatic cookie handling."
To stop all cookies, select "block," Grayek said. The Firefox browser offers the same option, experts said.
"Most browsers have a 'preferences' area where you can turn cookies off," said Professor Ron Vullo, who teaches information technology at the Rochester Institute of Technology in New York.
Users must constantly upgrade their browsers and operating systems to make sure they can block the latest cookies.
"You have to keep up to date," said Westerheim, who holds a doctorate in engineering from the Massachusetts Institute of Technology.
David K. Mason, host of the radio show "ComputerTalk," said, "when a computer is configured properly for security and privacy, cookies are almost moot."
Experts said about 90 percent of Web sites use cookies but that number is starting to decline. Computer programmers are developing ways of delivering information on the Web to users without cookies.
"It takes a lot more work on the part of the Web master, though," Grayek said. "Banks and others like them are moving away from cookies."
--
Gene J. Koprowski is a 2004 Winner of a Lilly Endowment Award for his columns for United Press International. He covers telecommunications for UPI Science News. E-mail: [email protected]
