August 20, 2011
Good Cookie, Bad Cookie!
Merchants want your dollars and they have devised ways of extracting as much information as possible about you as a target customer. With this information they bombard you with targeted advertisements. Or they sell your information to the highest bidders. Hard to tell what they will do for a buck.
Netscape, who invented cookies, built in some safety features for your protection. Cookies can only be read by the website that places them. Suppose you visit two websites: florist.com
cannot read barber.com
cookies and barber.com
cannot read florist.com
cookies. So you think you are safe. Think again!
A web page is made up of multiple resources or files that can be served from a variety of servers. You could have a server, images.com
, that only serves images and the images can be made accessible to multiple websites. Where you see a picture, the florist.com
website could have commanded your browser to get that picture from images.com
. And the barber.com
website could have commanded your browser to get a different picture from images.com
. In this case, images.com
is the link between florist.com
and they can share your cookie information if they wish to do so.
Ever wonder why everyone wants to give you free email? When you access your online email account, they see your cookies AND READ YOUR EMAIL. Anything you thought was private in that email is now public if your email host wishes to share it for fun or profit. But that's a story for another day.
Browsers allow you to limit the placement of cookies. Safari gives you three choices:
- Only from sites I visit (Block cookies from third parties and advertisers)
I always check the third choice. One needs to allow cookies to get logged in to places but the fewer the better. BTW Google, the super snoop, places gazillions of cookies.
A Cookie Horror Story
Funny thing, she didn't ask me to clear the cookies. Instead she wanted to talk me through the procedure menu item by menu item. But she was not familiar with Safari which does not have a "Tools" menu like Internet Exploder. So we did the chicken pecking in the sand routine until somehow we found the cookies.
That did the trick, but at a cost. I lost all the other "Remind me" log-in cookies. For every website I visit I had to remember or look up my username and password, or tell the website that I forgot my password which happens now and then. I got it done but, frankly, A PITA!
Ameritrade placed 21 cookies in my browser when I logged in. Why so many? I have no idea. The last log-in script I've worked on uses a session cookie and up to three data cookies. But that is not the problem...
Good Script, Bad Script
The Ameritrade script is not "user friendly." If the server realizes that a user cannot log-in on account of some cookie problem, instead of showing an error message, it should have cleared out Ameritrade's cookies without forcing me to remove the cookies of all my other favorite websites.