Questioning Technology: Cookie Cutter

Philip Zimmermann, the cyber hero who incurred government wrath when he gave away his Pretty Good Privacy encryption software, is at it again. This time he's helping Internet users control the release of personal information they unknowingly give away while surfing the World Wide Web.Zimmermann's new company, Pretty Good Privacy, Inc., is about to release PGPcookie.cutter, a plug-in for Netscape's web browser that lets the user selectively block web "cookies."Cookies -- even Zimmermann doesn't know where the name came from -- are tiny data files created by web servers and stored on the users computer to record the trail of Web sites visited, online purchases, electronic transactions, and other private information."Cookies allow a Web site to track where you have been on the Web. People are revealing personal behavior without realizing it," said Zimmermann, who is chairman and chief technology officer of Pretty Good Privacy. "We want to give people surfing the Web control over when, where and to whom they reveal aspects of themselves."The information that Web surfers reveal to each Web site they visit can be used by system administrators to build extensive personal profiles on visitors. By automatically placing a cookie on visitors' Web browsers, Web servers register data on the cookie. This allows administrators to view the history of sites users have visited, the advertisements they have viewed and the online transactions they have conducted. While cookies can be useful in some situations (i.e. in saving the user's password to a particular site), they can also constitute an invasion of privacy.New services are emerging, Zimmermann said, that allow Web site administrators to select individuals for direct marketing purposes. Administrators can cross-reference the information gleaned from visitors' cookies with existing databases of personal information, such as addresses and phone numbers, to build a profile of what visitors do, where they have been and even who they are.PGPcookie.cutter, to be available in January, 1997 at $19.95, provides a simple interface that allows Web surfers to block or allow only specific cookies to be set on their Netscape browser. They can also block cookies from unknown or untrusted sites, providing enhanced security and privacy while browsing the Web.There's also a menu item on the browser interface that denotes the number of cookies that Web sites have attempted to set and provides access to preferences, which allows users to indicate which cookies -- identified by domain name -- they wish to allow or block. Additional features include a cookie warning that alerts users when a web server is setting a cookie on the browser and a cookie ID, which displays all sites that have placed cookies on the browser.Zapping cookies is not the total answer to Internet privacy -- far from it. Zimmermann said in addition to the cookie that Net users face two other key exposures."First the traffic itself is exposed," he said. "Meaning some observer on the Internet that can intercept packets (of data) and see what you're looking at. They can see what requests you are making and see the pages themselves. The second exposure is your IP address is provided to the host site. This means the host site can send messages back to you and they can find your identity."The first of these, traffic exposure, can be solved with encryption, Zimmermann said. "I would like to encrypt the traffic. That's a natural fit for what we do."As for changing or disguising the IP address, Zimmermann said it would require an "anonymizer" service where users would browse the Web by going through an intermediary site that would alter the original IP address."The problem is you are going to have a slowdown because of the packets having to go through an extra site," he said. "It's not clear whether users would be willing to accept that performance penalty."The cookie zapper is the first of several new Web privacy products coming from Zimmermann's company. Also due in January are new commercial versions of PGP encryption software for integration with popular email packages. Also on slate is an application to filter out Web advertisements.For those who think PGPcookie.cutter is an assault on web advertising, Zimmermann rejects the claim and says the impact will be minimal for advertisers who respect personal privacy. "There are other ways for advertisers to find out what a user's preferences are," he said. "Perhaps the user could just tell the advertiser what his preferences are."(Pretty Good Privacy is located at 2121 El Camino Real, San Mateo, CA 94403. Tel: (888) 747-3011. Web: The freeware version of PGP is available under the product section of the PGP home page.)


Understand the importance of honest news ?

So do we.

The past year has been the most arduous of our lives. The Covid-19 pandemic continues to be catastrophic not only to our health - mental and physical - but also to the stability of millions of people. For all of us independent news organizations, it’s no exception.

We’ve covered everything thrown at us this past year and will continue to do so with your support. We’ve always understood the importance of calling out corruption, regardless of political affiliation.

We need your support in this difficult time. Every reader contribution, no matter the amount, makes a difference in allowing our newsroom to bring you the stories that matter, at a time when being informed is more important than ever. Invest with us.

Make a one-time contribution to Alternet All Access, or click here to become a subscriber. Thank you.

Click to donate by check.

DonateDonate by credit card
Donate by Paypal
{{ }}