P1: c-146Everett-Church
Everett-Chruch-1 WL040/Bidgoli-Vol III-Ch-08 July 11, 2003 11:46 Char Count= 0
CONSUMERINTERNETPRIVACY 103sometimes possible to receive all the text of a Web page,
but not the images; if the Web browser breaks the connec-
tion, or the distant server is too busy, it will not be able
to open the additional connections needed to receive the
additional data.
The benefit of a stateless connection is simple: It en-
ables one machine to serve a much higher volume of data.
The downside to a stateless connection is that on occasion
it might be helpful for a server to remember who you are.
For example, when someone logs onto his or her stock
portfolio, privacy and security dictate that the server not
reveal account information to anyone else; however, effi-
ciency demands that every time the user loads a page, he
or she should not have to reenter the user ID and password
for every new connection the browser makes to the remote
computer. So how do users make a server remember who
they are? They do so by creating a constant state in an
otherwise stateless series of connections. The method for
doing this is the cookie.
Cookies contain a piece of data that allows the remote
Web server to recognize a unique connection as having a
relationship to another unique connection. In short, the
cookie makes sure that the server can remember a visitor
through many steps in a visit or even when time has passed
between visits. As a basic security measure, it should be
noted that cookies are designed to be read only by a server
within the same domain that created it. So, for example,
only a server in the yahoo.com domain can read cookies
set by a server in the yahoo.com domain.
Cookies enable myriad helpful features, such as the
ability to personalize a Web site with the user’s choice of
colors, or language, or stock symbols on a stock ticker.
It also enables features such as shopping carts on
e-commerce Web sites, permitting the user to select mul-
tiple items over the course of a long visit and have them
queued for purchase at the end of a visit.
Not all cookies are used for collecting or retaining in-
formation over a long period of time, such as those used
by advertisers. For example, many Web sites contain a
great deal of frequently changing content and generate
their Web pages from large databases of text. In some of
these cases, the Web servers require cookies to help deter-
mine, for example, what page it should serve up to a user
based on the search terms that he or she entered into a
search engine.
A special type of cookie, called a session cookie, is set to
be automatically deleted after a relatively short period of
time, usually within about 10 minutes after a user leaves a
site. This type of cookie is typically used for remembering
information over a short duration, such as what you may
have stored in a shopping cart. Because session cookies
are so short-lived, they do not have quite the same privacy
implications as their longer-lived cousin, the persistent
cookie. Persistent cookies often have expiration dates set
many years in the future.
Most Web browsers have settings that allow a user to
accept or reject certain cookies. For example, an alterna-
tive brand of Web browser called Opera, favored among
the privacy community, allows users to accept or reject
cookies based on whether it is a first-party cookie being
set by the site the user is actively visiting or whether it is a
third-party cookie, which is being set by some other entitysuch as an advertising service via an ad banner appearing
on the site.Web Bugs
Another popular technology for tracking users’ activities
online is the Web bug, also called “Web beacons,” “1-by-1
pixels,” or “clear GIFs.” (GIF, which stands for graphics
interchange format, is a particular type of file format for
images.)
Web bugs are special links imbedded in Web pages,
or other HTML-coded documents such as some types of
e-mail, that allow the link’s creator to track every instance
in which the document is viewed (Smith, 2001). As dis-
cussed earlier, every time a Web page is loaded, images
on the page are loaded in a separate transaction with the
Web server. When a Web bug is programmed into a Web
page, its code looks similar to the code for just about any
graphic image appearing on that page. In reality, though,
it has three differences:- The Web bug graphic can be called from any site, most
often from a third-party site, allowing that site to record
details about the user’s visit. - The Web address used to call in the Web bug graphic
is often encoded with specific data relating to the page
being visited, or, in the case of HTML e-mail, it may
be encoded with information about the user’s e-mail
address. - The graphic image associated with the Web bug is de-
liberately made to be so tiny that it is invisible to the
naked eye.
Most Web bugs are the size of a single screen pixel.
What is a pixel? Every image on a computer screen is
composed of very tiny dots. The smallest unit of dot on a
computer screen is the pixel. Even a single pixel can still
be visible, however, so Web bug images are often made
of a graphic image called a clear GIF, or a transparent
GIF, which allows the background color or image to show
through it, rendering it effectively invisible.
Because Web bugs can be embedded in any Web page
or HTML document, they can also be included in e-mail,
allowing sites to track details about when a message is
read and to whom the message might be sent. This ver-
satility is why Web bugs have become so widely used. It
is also why an industry group called the Network Adver-
tising Initiative, which represents a growing category of
online advertising firm called ad networks, responded to
pressure from privacy advocates and legislators by agree-
ing to a set of guidelines for notice and choice when Web
bugs are in use.Ad Networks
Some sites rent out space on their Web pages to third par-
ties, often for placement of advertisements. Along with
those ad banners, many third-party advertising compa-
nies also try to set their own cookie on users’ browsers.
These cookies can be used for things such as manag-
ing ad frequency (the number of times an advertisement
is shown to a particular individual) and to track users’