Why do you require cookies?

Why do you require cookies? ANONYMOUS

We get a few such e-mails, so we’ll start by giving a bit of background about cookies, as they are often greatly misunderstood.

Cookies are harmless bits of text stored by your browser in your browser’s temp/cache directory. Our server asks your browser to remember some bit of text (a cookie), and your browser then sends that same bit of text (cookie) to us when you visit our site again. The cookies are generally used to provide personalization of web pages. A cookie can be used to store such things as the last 5 searches you did (so you can redo them) or your encrypted user id (so we know you are logged in, and who you are).

While cookies are themselves harmless, in the past they have been abused by some prevalent internet advertising companies, who (because of having their advertising banners on large numbers of sites) have been able to connect your visit to one site with your visit to another site (where they have advertising) and in this way develop a “profile” of you. This privacy issue is quite reasonably a concern. Fortunately, the web browsers released for the last several years provide protection for this type of third-party cookie abuse, as well as giving you control over which sites you allow to use cookies. It is therefore appropriate to now require the use of cookies to access the members areas of our site.

On a technical level, cookies are a practical necessity for web page personalization (which includes login/authorization management). Web browsers do not by design send web servers anything uniquely identifiable that allows us to accurately/effortlessly remember from one request to another who a user is. One mechanism for doing this before and since cookies has been to create a server-side “session id”, which is then passed around through every single link and every single form post. This accomplishes the same end as cookies, but it is a chain very easily broken, since every single link/form needs to be dynamically generated to include this session id. This is an approach which requires more programming resources to implement and maintain, and which is less reliable than cookies. We cannot rewrite every application (including third-party applications) that we use on our site to keep this chain in tact. And any attempt to guess the session based on the browser headers to reconnect the chain if broken is risky (both because it may not work and also because it may accidentally think one person is another person), because of request aggregation through big proxies like AOL, Earthlink, MSN, etc. and because of the privacy software often used by those who block cookies.

We have looked into this matter long and hard and have resisted requiring cookies as long as possible. We now feel, though, that the use of cookies no longer represents the same risk to privacy it once did, because of the large number of users who have current browsers which reduce the threat, because of the existant ability to allow/disallow cookies by site, and because of the wide usage of privacy software programs.

We track the number of users who have cookie settings which need to be modified to access our site, it is roughly 0.1% of our users. We ask for their understanding.

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay

Comments are closed.