This post was first seen over at gexos.org
Cookies are text files, and they provide many useful features on the Web, but there are two things that cause a reaction around cookies: The first is something that has plagued consumers for decades. Let's say you bought something from a traditional mail-order list. The company has your name, address and phone number from your order and also knows what things or services you have purchased. It may sell your information to others who may want to sell similar products or services to you. This is the fuel that makes telemarketing and junk mail (spam) possible. A website can track not only your purchases but also the pages you've read, the ads you click on, etc. If you then purchase something online and enter your name and address, then the site knows a lot more about you than a traditional mail-order company. This makes targeting a lot more accurate, and it makes many people feel uncomfortable.
Different sites have different policies regarding cookies and the protection of personal data.
There are some providers that can actually create cookies that are visible on various websites. DoubleClick is the most famous example of this. Many companies use DoubleClick to serve banner ads on their websites. DoubleClick can place a small (1x1 pixels) GIF file on the web page that allows it to load cookies on your computer. DoubleClick can then track your movements across multiple websites. It can probably see the search links you type in search engines.
Because it can gather so much information about you from multiple websites, DoubleClick can have very rich features. These are still anonymous, but they are rich. DoubleClick then went a step further. With the acquisition of a company, DoubleClick threatened to link these rich anonymous profiles to the name and address of each consumer-user - and threatened to tailor them to their needs and preferences, and then sell these consumer-user data. This started to look a lot like espionage for most people, and that's what caused the general outcry.
Cookies are not a perfect mechanism, but they certainly do a lot of things that might otherwise be impossible. But here are some of the things that make cookies imperfect.
People often share machines (PCs) - Every machine is used in a public place, and there are many machines used in an office or home environment, shared by many people. Let's say you use a public computer (in a library, for example) to buy something from an online store. The store will leave a cookie on the machine, and someone might later try to buy something from the store using your account. Large stores usually have warnings about this problem due to these frauds.
Cookies can be deleted - If you have a problem with your browser and call technical support, perhaps the first thing technical support will ask you to do is delete all temporary internet files on your computer. When you do this, you will lose all cookies. Now, when you visit a site again, the site will think you are a new user and it will set a new cookie. This tends to distort the visitor's record of each site and can also be difficult for you as a user to retrieve your previously saved preferences. This is why sites may ask you to sign up in some cases - if you sign up with a username and password, you can still log in even if you lose your cookie file, so you can restore your preferences. If the preference values are stored directly on the machine, then recovery is impossible. This is why many websites now store all user information in a central database and store only one ID (password) value in the user's machine.
Multiple computers - People often use more than one computer during the day. For example, you have an office machine, a home machine, and a laptop for the road. Unless the site is specifically designed to solve the problem, you will have three unique cookie files on all three machines. Each site you visit from all three machines will track and perceive you as three separate users. It can be annoying because you have to set your preferences three times.
There are probably not any easy solutions to these problems, except asking users to register and storing everything in a central database.