Where do you want to go next?here's for you :)about homeopathyassorted rantsVB and subclassingVB, screensavers and security concernsLet the Skriptkiddiots play...VB and pointersVB and the Windows shellVB and multitaskingVisual Basiclibrariessnakeoil and blatant liesZoneAlarmeSafefirewall basicsabout harmful codeIn Commerce' Service - sniffersabout spywarecookie jarabout PGPabout privacymain page

Caution: While a cookie itself can't contain harmful executables, I can think of ways to abuse them and end up with a virus. (Don't mail me, I won't tell you.) This would surely mean a resourceful programmer, but as with safer sex, safer browsing hasn't harmed anybody yet.

Cookies began as a means of customization of surfing. They were very soon abused to gather information and consequently were changed to contain the server placing them. That should have done with abuse, but by now ways were found around that.

Cookies are small ascii-texts that a webserver can place in the cache of your browser. They can't contain executable code, so they're no virus. They do contain the time and date of your visit to the server, the name of the server who placed them, the domain the server belongs to and an expiration-date. A password could be stored in them or any information the server needs of you and you'd have to provide every time you visit the server.

This can be quite useful. A secure transmission with a weak encryption (like the one built into your browser) would use a cookie with a short expiration (like 10 minutes) and thus be able to change the key fast enough to prevent decryption by a sniffer. So don't frown at every cookie :)

If nothing else is specified, every server can read every cookie on your machine. This is not usual any longer, but still there are cookies you'd possibly rather not eat.

If you use Yahoo's "free" webspace and email, you must enable cookies. If you don't, the service is denied. But what cookies do you get? Not only those necessary. One of the cookies you must accept is of doubleclick.net. Have a look at their page and decide for yourself, whether this is in your interest.

Of course, TANSTAFL and every company with such an offer must meet their expenses, this is justifiable and I wouldn't blame any company for it. Yet it's the hidden cookie in your and my jar, that makes me spit. On no providers pages, neither in the contract nor in the informational pages I found a hint of them placing cookies that can be used by other servers too. Get yourself a file on cookies (have a look at www.cookiejar.com) and analyze it for yourself.

I don't know what you'd do, but was I informed of a cuckoos egg in my nest before I sign the contract containing it, I'd rather not accept.

Avoiding cookies

Where your cookies are located depends on your browser. In Netscape you'll find a file named "cookies.txt". Do a search for it, if it's within the netscape-directory you've probably hit the babe. Microsoft's IE places the cookies in the windows directory under /cookies. The file is named index.dat.

Seen them? Allright, here we go.

If a cookie is accepted, it is stored in the browser's cache for the session. Only when closing the browser they're written to your hard-disk.

This allows for a very simple method of accepting and not accepting them at the same time: go to the files where the cookies are located and disable the write-access (Netscape: make the directory write-protected, IE: make index.dat write-protected). If you want to be very sure disable the read-access as well.

I only tried deleting the files in very early versions of IE and Netscape and heard both browsers would cease working if the file was missing in a later version. If you want to try that out, be sure to backup your files beforehand.

There are some programs that allow for a simple hit and run on cookies. Luckman's Anonymous Cookie is one of the most comfortable and best of all it's freeware. Once you install it you can forget about cookies.

Webwasher allows for cookie-filtering, so there's another good reason to use it :)