The U.S. Government is always warning its citizens about the dangers of tobacco, cholesterol, alcohol or sexually transmitted diseases. One branch of the Department of Energy also alerts us to the dangers of computer viruses and other computer security problems. However, the same agency has stated that we should not worry about "cookies."
Cookies are short pieces of data used by web servers to help identify web users. The "cookies" actually are stored in a text file on your own hard drive, but remote Web sites can write data to your cookies file and then retrieve that data on a later visit. Normally, cookies are used as "placeholders" so that you can return to the same page on a Web site. The cookies also could contain user IDs, passwords, or personal information that you previously entered, such as name, age, sex, mailing address, or almost anything else that a Web site wishes to store on your hard drive for later use.
Messages have floated around the online world for years now, proclaiming the "dangers of cookies." Some of these messages were almost panic-stricken in their descriptions of all the "dangers." The online world seems to be a bit paranoid about cookies. In fact, you can even obtain programs that either disable cookies or hide them in such a manner that they are invisible to Web sites.
Now the U.S. Government says, "The popular concepts and rumors about what a cookie can do has reached almost mystical proportions, frightening users and worrying their managers." The highly-respected U.S. Department of Energy Computer Incident Advisory Capability office says that such concerns are hogwash. The programs that hide or delete your cookies are not worth the money you pay for them.
The agency provides the following explanation:
The vulnerability of systems to damage or snooping by using web browser cookies is essentially nonexistent. Cookies can only tell a web server if you have been there before and can pass short bits of information (such as a user number) from the web server back to itself the next time you visit. Most cookies last only until you quit your browser and then are destroyed. A second type of cookie known as a persistent cookie has an expiration date and is stored on your disk until that date. A persistent cookie can be used to track a user's browsing habits by identifying him whenever he returns to a site. Information about where you come from and what web pages you visit already exists in a web server's log files and could also be used to track users' browsing habits, cookies just make it easier.
The agency adds this assurance:
The popular rumors about web cookies describe them as programs that can scan your hard drive and gather information about you including: passwords, credit card numbers, and a list of the software on your computer. None of this is close to the truth.
My guess is that these wild rumors will continue to float around for a long time, regardless of what the U.S. Government or anyone else says. Human nature seems to force us to look for sinister motives in everything we do not understand. If you receive a message warning you about the "dangers" of cookies, ask yourself one question: "Really?"
The full text of the government announcement is long and very detailed. It provides an in-depth explanation of the operation of cookies. To read the full story, look at: http://ciac.llnl.gov/ciac/bulletins/i-034.shtml