D
David Sherman
http://ptech.wsj.com/ptech.html
Personal Technology
July 14, 2005
Despite Others' Claims, Tracking Cookies Fit My Spyware Definition
By WALTER S. MOSSBERG
Suppose you bought a TV set that included a component to track what
you watched, and then reported that data back to a company that used
or sold it for advertising purposes. Only nobody told you the tracking
technology was there or asked your permission to use it.
You would likely be outraged at this violation of privacy. Yet that
kind of Big Brother intrusion goes on every day on the Internet,
affecting millions of people. Many Web sites, even from respectable
companies, place a secret computer file called a "tracking cookie" on
your hard disk. This file records where you go on the Web on behalf of
Internet advertising companies that later use the information for
their own business purposes. In almost all cases, the user isn't
notified of the download of the tracking cookie, let alone asked for
permission to install it.
Luckily, the leading Windows antispyware programs can detect and
remove these tracking cookies. It is the best defense a user has
against this tactic.
Now, though, some of the companies that place these files on your hard
disk are complaining about that defense. Some are urging the
antispyware software companies to stop detecting and removing tracking
cookies. They assert that the secret placement of these tracking
mechanisms is a legitimate business practice, and that tracking
cookies aren't really spyware or aren't harmful.
Unfortunately for consumers, this twisted reasoning is having some
impact. In the most notable case, Microsoft disabled the detection and
removal of tracking cookies when it purchased an antispyware program
from a small company called Giant and turned it into Microsoft Windows
AntiSpyware. That is a big reason why I can't recommend the Microsoft
product, which still is in the test phase but is available for anyone
to download.
Microsoft says it still is evaluating how to treat tracking cookies in
the program's final release. I believe it is important for consumers
to know who is on their side right from the start and who may be being
swayed by companies that do things to your computer without telling
you.
The antispyware program I currently use and recommend, Spy Sweeper
from Webroot Software, still detects and removes tracking cookies. So
does another antispyware program derived from some of the same
computer code as the Microsoft product -- CounterSpy, by Sunbelt
Software. I haven't tested the latter program, but it has received
good reviews elsewhere. There are other antispyware programs as well
that still treat tracking cookies as spyware.
To understand the tracking-cookie issue, you have to know something
about cookies overall, and you have to know what spyware actually is.
Cookies are small text files that Web-site operators -- and
third-party companies that insert ads into Web sites -- place on a
user's computer. Many types of cookies are harmless or even helpful.
For instance, a cookie might help a Web site remember your preferences
for what news topics you chose to see. With your permission, it might
store your login information, so you don't have to type it in each
time you visit a particular site. Antispyware programs aren't designed
to detect or remove these helpful cookies.
Tracking cookies shouldn't be confused with these other cookies. They
have no user benefit except the vague promise that the ads you get as
a result may be better tailored to your interests.
What is spyware? There are many definitions, but here is mine, in two
sentences. Spyware -- and a related category called adware -- is
computer code placed on a user's computer without his or her
permission and without notification, or with notification so obscure
it hardly merits the term. Once installed, spyware and adware alter
the PC's behavior to suit the interests of outside parties rather than
those of the owner or user.
Examples of spyware and adware include programs called "browser
hijackers," which reset the home page or search engine used by your
browser so the user is diverted to the sites of the spyware and adware
companies or their clients. Others record your activities and report
them to outside parties. Still others push ads in your face, even when
you aren't using the Web.
Some tracking-cookie purveyors say their cookies aren't really spyware
because they aren't full-fledged programs and they aren't as
outrageous as spyware programs like "key loggers," which record and
report every keystroke you enter. Others argue that the companies
don't collect personally identifiable data, only aggregate data from
many users. To me, tracking cookies clearly meet the obvious
definition of spyware.
Rather than trying to legitimize tracking cookies with pressure and
marketing campaigns, I suggest that, if they really believe tracking
cookies are legitimate, the companies that use them simply go
straight. They should ask a user's permission to install the cookies,
pointing out whatever user benefits they believe the cookies provide.
They might even offer users compensation for allowing tracking cookies
on their machines.
Until that happens, here is my advice: If you don't like the idea of
tracking cookies, run an antispyware program that detects and removes
them, along with all the other indefensible computer code some
companies think they have the right to install. After all, it is your
computer.
Write to Walter S. Mossberg at (e-mail address removed)
--------------------------------------------------------------------------------
Copyright © 2005 Dow Jones & Company, Inc. All Rights Reserved.
Printing, distribution, and use of this material is governed by your
Subscription Agreement and copyright laws.
For information about subscribing, go to http://online.wsj.com
Personal Technology
July 14, 2005
Despite Others' Claims, Tracking Cookies Fit My Spyware Definition
By WALTER S. MOSSBERG
Suppose you bought a TV set that included a component to track what
you watched, and then reported that data back to a company that used
or sold it for advertising purposes. Only nobody told you the tracking
technology was there or asked your permission to use it.
You would likely be outraged at this violation of privacy. Yet that
kind of Big Brother intrusion goes on every day on the Internet,
affecting millions of people. Many Web sites, even from respectable
companies, place a secret computer file called a "tracking cookie" on
your hard disk. This file records where you go on the Web on behalf of
Internet advertising companies that later use the information for
their own business purposes. In almost all cases, the user isn't
notified of the download of the tracking cookie, let alone asked for
permission to install it.
Luckily, the leading Windows antispyware programs can detect and
remove these tracking cookies. It is the best defense a user has
against this tactic.
Now, though, some of the companies that place these files on your hard
disk are complaining about that defense. Some are urging the
antispyware software companies to stop detecting and removing tracking
cookies. They assert that the secret placement of these tracking
mechanisms is a legitimate business practice, and that tracking
cookies aren't really spyware or aren't harmful.
Unfortunately for consumers, this twisted reasoning is having some
impact. In the most notable case, Microsoft disabled the detection and
removal of tracking cookies when it purchased an antispyware program
from a small company called Giant and turned it into Microsoft Windows
AntiSpyware. That is a big reason why I can't recommend the Microsoft
product, which still is in the test phase but is available for anyone
to download.
Microsoft says it still is evaluating how to treat tracking cookies in
the program's final release. I believe it is important for consumers
to know who is on their side right from the start and who may be being
swayed by companies that do things to your computer without telling
you.
The antispyware program I currently use and recommend, Spy Sweeper
from Webroot Software, still detects and removes tracking cookies. So
does another antispyware program derived from some of the same
computer code as the Microsoft product -- CounterSpy, by Sunbelt
Software. I haven't tested the latter program, but it has received
good reviews elsewhere. There are other antispyware programs as well
that still treat tracking cookies as spyware.
To understand the tracking-cookie issue, you have to know something
about cookies overall, and you have to know what spyware actually is.
Cookies are small text files that Web-site operators -- and
third-party companies that insert ads into Web sites -- place on a
user's computer. Many types of cookies are harmless or even helpful.
For instance, a cookie might help a Web site remember your preferences
for what news topics you chose to see. With your permission, it might
store your login information, so you don't have to type it in each
time you visit a particular site. Antispyware programs aren't designed
to detect or remove these helpful cookies.
Tracking cookies shouldn't be confused with these other cookies. They
have no user benefit except the vague promise that the ads you get as
a result may be better tailored to your interests.
What is spyware? There are many definitions, but here is mine, in two
sentences. Spyware -- and a related category called adware -- is
computer code placed on a user's computer without his or her
permission and without notification, or with notification so obscure
it hardly merits the term. Once installed, spyware and adware alter
the PC's behavior to suit the interests of outside parties rather than
those of the owner or user.
Examples of spyware and adware include programs called "browser
hijackers," which reset the home page or search engine used by your
browser so the user is diverted to the sites of the spyware and adware
companies or their clients. Others record your activities and report
them to outside parties. Still others push ads in your face, even when
you aren't using the Web.
Some tracking-cookie purveyors say their cookies aren't really spyware
because they aren't full-fledged programs and they aren't as
outrageous as spyware programs like "key loggers," which record and
report every keystroke you enter. Others argue that the companies
don't collect personally identifiable data, only aggregate data from
many users. To me, tracking cookies clearly meet the obvious
definition of spyware.
Rather than trying to legitimize tracking cookies with pressure and
marketing campaigns, I suggest that, if they really believe tracking
cookies are legitimate, the companies that use them simply go
straight. They should ask a user's permission to install the cookies,
pointing out whatever user benefits they believe the cookies provide.
They might even offer users compensation for allowing tracking cookies
on their machines.
Until that happens, here is my advice: If you don't like the idea of
tracking cookies, run an antispyware program that detects and removes
them, along with all the other indefensible computer code some
companies think they have the right to install. After all, it is your
computer.
Write to Walter S. Mossberg at (e-mail address removed)
--------------------------------------------------------------------------------
Copyright © 2005 Dow Jones & Company, Inc. All Rights Reserved.
Printing, distribution, and use of this material is governed by your
Subscription Agreement and copyright laws.
For information about subscribing, go to http://online.wsj.com