Privacy. Few words seem more ubiquitous in this day and age.
When we started the joyride the world was a different beast; nowadays the TV is tracking you, the refrigerator knows when you’re home and websites follow you like Dick Tracy.
While the angry mob points its finger at the ever so delicious cookie, how did it came to be?
There are several explanations. Lou Montulli, an engineer at Netscape in ’94, said to come up with the concept after a brief meeting about producing a site with a shopping cart. No available technology existed to store user session.
Montulli’s blog (archive.org): I had heard the term “magic cookie” from an operating systems course from college. The term has a somewhat similar meaning to the way Web Cookies worked and I liked the term “cookies” for aesthetic reasons. Cookies was the first thing I came up with and the name stuck.
Wikipedia refers to the man-page of fseek from ’79 which states:
ftell returns the current value of the offset relative to the beginning of the file associated with the named stream. It is measured in bytes on UNIX; on some other systems it is a magic cookie, and the only foolproof way to obtain an offset for fseek.
Being that it precedes Netscape where did it originally came from? There are some wild guesses. One of them points us to a cartoon strip from Odd Bodkins which ran from ’63 to ’70 where the term magic cookie was an euphemism for LSD.
There are still others who refer to the resemblance between the cookie storing information and the paper inside a fortune cookie or even those who see the resemblance between a cookie jar and the browser implementation of cookies.
Are cookies per-se a privacy violation? No! While you’re surfing a particular website it’s expectable that the providing party tracks and stores information about what you’re doing. It’s their site. Their server. It’s how your email stores who you are. How your bank identifies you. Any single site that has the possibility of login needs to keep tabs on who you are.
Why the fuss then? Corporations jumped the wagon and started tracking you across a myriad of sites. That Facebook “like button” you see on blog posts? It can ping-back to Facebook and report what site you’re visiting; even if you don’t click it. Anything that’s served from a third party can aggregate information about your visits to the sites where they are currently present.
You’ll probably want to white-list a few advertisers. As the time of writing I’ve got 42 domains unlocked (yes, even adwords). Not all publicity is bad and websites depend on it.
If you’re feeling particularly inclined to deal with specific elements you can instead install uMatrix (from the same developer) where you can fine-tune your specific preferences.
The following sample config file for uMatrix is pretty self-descriptive and may help you start tunning your own rules.
# uMatrix config file example1.com * css block example2.com 1st-party cookie css block example3.com fonts.googleapis.com script block