S&P 500 & Nasdaq Analysis and Trends

[Chris McConnel]

Cookies and PIE


By Matthew D. Sarrel

With all of the attention being paid to spyware these days and all of the publicity about identity theft, it's no wonder that the information stored in cookies worries users. Cookies were originally intended for personalizing the Web-browsing experience. They do this by collecting and storing information about browsing habits. Cookies aren't necessarily a violation of privacy; in fact, many sites adhere to a strict privacy policy for the use of information in cookies. But tracking cookiesthe ones that monitor your browsing across multiple Web sitescan be exploited by unscrupulous sites and spyware to collect information about what you do on the Web. Most of us don't have time to read every privacy policy and investigate every cookie, so what do we do? We trash our cookies regularly.

According to JupiterResearch, 58 percent of Internet users have deleted cookies, and as many as 39 percent may be deleting cookies from their primary computer monthly (jupitermedia.com/corporate/releases/05.03.14-newjupresearch.html). That's a problem for companies that want to know who's visiting their sites and what people do when they're there. To combat the problem, a New York company called United Virtualities has built a cookie replacement service it calls PIE (persistent identification element). PIEs, which cannot be easily removed, can restore deleted cookies and track your online behavior. And these elements can hold a lot more information than a cookie can.

PIEs rely on a feature in Macromedia's Flash MX called local shared objectscookielike files for storing data on client machines. When you visit a PIE-enabled Web site, your browser is tagged with a Flash object that contains a unique identification similar to the text found in a cookie. In this way, the PIE acts as a cookie backup. It can also be used to restore the original cookie when you revisit a site, even if you have deleted the cookie. Macromedia estimates that Flash Player is deployed on 98 percent of Internet-ready computers, so this is something that potentially affects us all.

So what can you do about PIEs? The first thing to do is make sure you're running Flash Player 8. If not, you'll need to download it from www.macromedia.com/go/getFlashPlayer.

You can then use the Flash Player Settings Manager to control the storage of local shared objects. The Settings Manager is a Flash-based tool that runs on the Macromedia Web site and changes local Flash Player settings. Of greatest concern are third-party local shared objects, because they can be used to track your preferences or your Web site usage across different sites.

From the Global Storage Settings Panel (macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html), deselect the check box labeled Al low third-party Flash content to store login information and other data on your computer. This prevents sites from storing the Flash equivalent of a tracking cookie.

For even more control, you can disable storage of shared objects altogether. On the Global Storage Settings Panel, move the slider bar all the way to the left to prohibit Web sites from storing any information on your hard disk. This forces Flash Player to ask you whenever a site wants to write a local shared object. Be aware, however, that some sites require local shared objects in order to function properly.

And do keep all of this in perspective. The threat of spyware is much greater than that of tracking cookies or PIEs. While everyone would like to remain anonymous on the Web, site personalization can be a valuable service. On the other hand, there are no instances when spyware is a valuable service. It not only violates our privacy but also often degrades the performance of our computers. So don't get sidetracked: Make sure to keep your personal firewall, antivirus, and antispyware software up to date.



Matthew D. Sarrel, CISSP, is an information security consultant and a frequent contributor to PC Magazine.


http://www.pcmag.com/article2/0,1895,1879765,00.asp