Questioning Technology: Cookie Cutter

Philip Zimmermann, the cyber hero who incurred government wrath when he gave away his Pretty Good Privacy encryption software, is at it again. This time he's helping Internet users control the release of personal information they unknowingly give away while surfing the World Wide Web.Zimmermann's new company, Pretty Good Privacy, Inc., is about to release PGPcookie.cutter, a plug-in for Netscape's web browser that lets the user selectively block web "cookies."Cookies -- even Zimmermann doesn't know where the name came from -- are tiny data files created by web servers and stored on the users computer to record the trail of Web sites visited, online purchases, electronic transactions, and other private information."Cookies allow a Web site to track where you have been on the Web. People are revealing personal behavior without realizing it," said Zimmermann, who is chairman and chief technology officer of Pretty Good Privacy. "We want to give people surfing the Web control over when, where and to whom they reveal aspects of themselves."The information that Web surfers reveal to each Web site they visit can be used by system administrators to build extensive personal profiles on visitors. By automatically placing a cookie on visitors' Web browsers, Web servers register data on the cookie. This allows administrators to view the history of sites users have visited, the advertisements they have viewed and the online transactions they have conducted. While cookies can be useful in some situations (i.e. in saving the user's password to a particular site), they can also constitute an invasion of privacy.New services are emerging, Zimmermann said, that allow Web site administrators to select individuals for direct marketing purposes. Administrators can cross-reference the information gleaned from visitors' cookies with existing databases of personal information, such as addresses and phone numbers, to build a profile of what visitors do, where they have been and even who they are.PGPcookie.cutter, to be available in January, 1997 at $19.95, provides a simple interface that allows Web surfers to block or allow only specific cookies to be set on their Netscape browser. They can also block cookies from unknown or untrusted sites, providing enhanced security and privacy while browsing the Web.There's also a menu item on the browser interface that denotes the number of cookies that Web sites have attempted to set and provides access to preferences, which allows users to indicate which cookies -- identified by domain name -- they wish to allow or block. Additional features include a cookie warning that alerts users when a web server is setting a cookie on the browser and a cookie ID, which displays all sites that have placed cookies on the browser.Zapping cookies is not the total answer to Internet privacy -- far from it. Zimmermann said in addition to the cookie that Net users face two other key exposures."First the traffic itself is exposed," he said. "Meaning some observer on the Internet that can intercept packets (of data) and see what you're looking at. They can see what requests you are making and see the pages themselves. The second exposure is your IP address is provided to the host site. This means the host site can send messages back to you and they can find your identity."The first of these, traffic exposure, can be solved with encryption, Zimmermann said. "I would like to encrypt the traffic. That's a natural fit for what we do."As for changing or disguising the IP address, Zimmermann said it would require an "anonymizer" service where users would browse the Web by going through an intermediary site that would alter the original IP address."The problem is you are going to have a slowdown because of the packets having to go through an extra site," he said. "It's not clear whether users would be willing to accept that performance penalty."The cookie zapper is the first of several new Web privacy products coming from Zimmermann's company. Also due in January are new commercial versions of PGP encryption software for integration with popular email packages. Also on slate is an application to filter out Web advertisements.For those who think PGPcookie.cutter is an assault on web advertising, Zimmermann rejects the claim and says the impact will be minimal for advertisers who respect personal privacy. "There are other ways for advertisers to find out what a user's preferences are," he said. "Perhaps the user could just tell the advertiser what his preferences are."(Pretty Good Privacy is located at 2121 El Camino Real, San Mateo, CA 94403. Tel: (888) 747-3011. Web: The freeware version of PGP is available under the product section of the PGP home page.)

Enjoy this piece?

… then let us make a small request. AlterNet’s journalists work tirelessly to counter the traditional corporate media narrative. We’re here seven days a week, 365 days a year. And we’re proud to say that we’ve been bringing you the real, unfiltered news for 20 years—longer than any other progressive news site on the Internet.

It’s through the generosity of our supporters that we’re able to share with you all the underreported news you need to know. Independent journalism is increasingly imperiled; ads alone can’t pay our bills. AlterNet counts on readers like you to support our coverage. Did you enjoy content from David Cay Johnston, Common Dreams, Raw Story and Robert Reich? Opinion from Salon and Jim Hightower? Analysis by The Conversation? Then join the hundreds of readers who have supported AlterNet this year.

Every reader contribution, whatever the amount, makes a tremendous difference. Help ensure AlterNet remains independent long into the future. Support progressive journalism with a one-time contribution to AlterNet, or click here to become a subscriber. Thank you. Click here to donate by check.