Five versions of Netscape’s browser were studied (table 6.1, column 1). Although the study focused on Netscape’s browser on a Macintosh platform or operating system, few significant variations or options were observed in other platforms (Netscape for Windows and Microsoft’s competing Internet Explorer browser),[9] though an examination of Microsoft’s bundling and use of Netscape with a Microsoft Windows 98 operating system would require a full chapter. Netscape has released forty-one browser versions (not including beta versions), but the study focused on only versions that made substantive changes (defined as either information or control/alert options) to cookie preferences.
|
Netscape Version (for Macintosh) |
Preferences Location |
Privacy Control Options |
Cookie Files Location |
Information on Cookies |
|---|---|---|---|---|
|
1.12 (August 1995) |
None |
None |
System folder, Preferences folder, Netscape folder, Magic cookie file |
None |
|
2.02 (May 1996) |
None |
None |
System folder, Preferences folder, Netscape folder, Magic cookie file |
None |
|
3.0 (August 1996) |
Options, Network preferences, Protocols |
Show an Alert before Accepting a Cookie, Default setting: Off |
System folder, Preferences folder, Netscape folder, Magic cookie file |
Preference panels guide, Netscape Navigator Handbook |
|
4.01 (June 1997) |
Edit, Preferences, Category: Advanced |
Accept all cookies, Accept only cookies that get sent back to the originating server, Do not accept cookies, Warn me before accepting a cookie, Default setting: Accept all cookies |
Netscape Communicator folder, Communication, User name folder, Magic cookie file |
Help, Advanced panel |
|
6.01 (February 2001) |
Tasks, Privacy and security, Cookie manager Other option: Edit menu, Preferences, Advanced |
Enable all cookies, Enable cookies for the originating Web site only, Disable cookies, Warn me before storing a cookie, View stored cookies, Allow cookies from this site, Block cookies from this Site, Remove Cookie, Remove all Cookies, Don’t allow removed cookies to be accepted later, Default setting: Enable all cookies |
Mozilla folder, Users50, Default folder, Mgb93svy.slt folder, Cookies file |
Help, Understanding privacy, Also, ‘‘More information’’ tab in the cookie preference section leads to the understanding privacy document. |
The second column in table 6.1, Preferences Location, relates to the place in the respective version of Netscape’s browser, typically pull-down menus, where users can find and change the preferences for cookies. Preferences is the term widely used in the computer software industry to refer to the options that users are given to change various software functions. Many software programs, including Netscape for Macintosh, use the label Preferences for their pull-down menus. The Preferences pull-down menu for Netscape offers a daunting list of potential options, ranging from appearance options (including fonts), network proxies, cache, and, of course, cookies. Such software preferences or control options serve as a key indicator of a software’s flexibility and usability. There is no one established list of options or preferences for all software. Some software programs provide few options for customization and adaptation to computing requirements. Other programs offer a lengthy and exceedingly complex list of options, some of which pose potential systemwide hazards in the hands of all but the most computer-literate users.
Preferences and similar control options thus shed light on the limits of software and the choices that are made in the process of producing software. And although software programmers make decisions so that their company’s software will be compatible and complementary to their company’s other products or an allied corporation’s software, other preference decisions are often made for reasons of cost, time, efficiency, or simply ignorance of other possible options and can result in the shelving of more dynamic plans.[10]
Production decisions—made by computer programmers and software industry executives—have clear social, political, ethical, and of course economic implications.[11] Seen in this light, the default settings of various preferences that are set at the factory assume a lowest-common-denominator software user and suggest a ‘‘recommended’’ or preferable mode of use (for the benefit of the user, the software developer, and the developer’s corporate allies). The sections on the five browser versions provide more on these points.
The third column in table 6.1—Privacy Control Options—lists the actual preferences. These boxes, circles, and other interactive buttons let users change the function of cookies. In addition to providing their location and default setting, the terminology used for such options also provides some insight into Netscape’s attempts to respond to social criticism of cookie technology.
The fourth column—Cookie Files Location—lists the storage area for cookies after a user has visited a Web site. The complicated locations call into question the accessibility of cookie files, their appearance (are they presented in plain language, expert PC vernacular, or computer code?), and the very preferences for the files themselves (can they be edited, deleted, renamed, or color-coded like text, graphics, orl files?).
The last column—Information on Cookies—attempts to show the extent to which each version provides documentation on the workings of cookie technology. Almost all computer software and programs today are accompanied by either a ‘‘read-me.txt’’ or ‘‘text’’ file or for more advanced products an online Help index or frequently asked questions (FAQ) section.
Netscape’s earliest browser versions are completely devoid of any preferences, control options, or information on cookies. Cookies were operational in all version 1 (1995) and version 2 (May 1996) browsers, but users were not able to manipulate their workings and were not even aware of their existence. Because the first version of Netscape had no preferences or options for controlling the use of cookies, by default it accepted all cookie files that were sent back by Web sites. Subsequently, the new cookie-enabled Internet (as a networking of computers) meant that personal computers and their accompanying hard drives were no longer personal.
The only evidence of cookies in versions 1 and 2 is the Magic Cookie File (see the column headed Cookie Files Location). There is no clear path to this file or any information that suggests its existence or greater significance for the individual user. The file itself is a simple generated text file that cannot be edited in any manner. Even a lengthy reading of the Netscape Handbook (version 1), with its tutorial, reference guide, and index, reveals no mention of cookies or client-server states at all. In fact, the ‘‘Filling in [online] Forms’’ section of the ‘‘Learn Netscape’’ portion of the Handbook is the most obvious and applicable place to mention cookie technology, given that such online forms employ cookies to ‘‘remember’’ repeat visitors. The section, however, merely offers the following passage about the convenience of the Web browser (Netscape 1995):
Typically, forms are used to give you a fast and easy way to make a request or send back a response regarding the page you are reading. Forms can supply an interface to databases with fields that let you query for information and perform Internet searches.
The earliest discussions of cookie technology were published in newspapers and popular technology periodicals just prior to the release of the Netscape 2.02 browser, so it shows no evidence of substantive changes from version 1.12. However, as concern over cookies mounted in spring 1996, news reports indicated that Netscape would offer options for cookie use in its upcoming version3.0 (August 1996) (Rigdon 1996). Table 6.1 shows that the preferences for cookies (control options) were obscurely labeled (Options, Network Preferences, Protocols) and did not mention ‘‘cookies’’ or other common language such as ‘‘privacy or identity controls.’’ Without substantial knowledge of cookies or computer language, users could not easily recognize or find the cookie preference. Although the Magic Cookie File remained in the same place as it had in previous versions, information on cookies was added to an expanded Netscape Handbook 3.0. Given the many criticisms of Netscape’s treatment of privacy control options, the Handbook offered very little that explained cookie technology. Indeed, as with earlier handbooks, discussions of client-server interactions (the raison d’eˆtre of cookie technology) lack any reference to cookies (Netscape 1996):
The server transmits page information to your screen. The Netscape application displays the information and leaves the connection to the server open. With an open connection, the server can continue to push updated pages for your screen to display on an ongoing basis.
Indeed, of all the information provided by Netscape (including a cookieless eighteen-page document that lists ‘‘What’s New Since2.0?’’), the new cookie preference receives almost the briefest description (Netscape 1996):
The Alert check Boxes determine whether you receive a notification dialog box (popup alert) when accepting a cookie (unchecked, by default) or submitting a form by mail. (A cookie is a piece of limited, internal information transmitted between server software and the Netscape application.) The dialogs notify you before information is transmitted.
The most significant and relevant change to version 3.0 was the option Show an Alert before Accepting a Cookie. If a user changes the preference from the default No position (do not alert) and visits a cookie-enabled Web site, a notification appears in a box asking the user, ‘‘Do you wish to allow the cookie to be set?’’ Buttons with the options No and Yes are provided. The Yes option is set as a default, meaning that a user who simply hits Return is choosing the Yes option (allow cookies).
Moreover, such seemingly minor changes to the Netscape browser hint at the political debate over privacy and anonymity online and also point to the broadening use of cookie technology throughout the burgeoning Internet industry. To unearth the expansion of cookie technology, I visited a representative sample of Web sites that included two search engines (MyExcite and MyYahoo!), a content provider (NYTimes.com), and an e-commerce provider (Yahoo! shopping) using the new cookie alert option for the 3.0 browser (table 6.2). After the alert was received, both options— do not accept the cookie and accept the cookie—were tested. Although the Netscape browser allowed users to control the storage of cookies on their hard drives, choosing to decline cookies blocked access to the aforementioned sites. In other words, if a user wanted the convenience of reading the New York Times, shopping online at Yahoo!, or personalizing content at the Yahoo! or Excite Web sites, then they had to accept the cookie files.
|
Options |
NYTimes.com |
MyYahoo! |
Yahoo! Shopping |
MyExcite.com |
|---|---|---|---|---|
|
‘‘Show an alert before accepting a cookie.’’ No (cookie is not set) Yes (cookie is accepted) |
In order to access NYTimes.com, your Web browser must accept cookies. Access allowed |
An error occurred setting your user cookie. Access allowed |
Sorry! You must configure your browser to accept cookies in order to shop at this merchant. Access allowed |
Please enable your browser to accept cookies. Access allowed |
With users’ concerns still mounting over cookies, in June 1997 Netscape released the 4.01 version of its browser (table 6.3).
|
Options |
NYTimes.com |
MyYahoo! |
Yahoo! Shopping |
MyExcite.com |
|---|---|---|---|---|
|
A. Accept only cookies that get sent back to the originating server. |
Access allowed |
Access allowed |
Access allowed |
Access allowed |
|
B. Do not accept cookies. |
In order to access NYTimes.com, your Web browser must accept cookies. |
An error occurred setting your user cookie. |
Sorry! You must configure your browser to accept cookies in order to shop at this merchant. |
Please enable your browser to accept cookies. |
|
C. Warn me before accepting a cookie. Cancel (cookie is not set) OK (cookie is accepted) |
In order to access NYTimes.com, your Web browse must accept cookies. Access allowed |
An error occurred setting your user cookie. Access allowed |
Sorry! You must configure your browser to accept cookies in order to shop at this merchant. Access allowed |
Please enable your browser to accept cookies. Access allowed |
Cookie control functions were no easier to find, nor did they particularly encourage novice users to experiment with the cookie- control functions. The preferences panel now simply offered cookie controls under the daunting title Advanced (see table 6.1). The browser offered four options—accept, decline, warn before accepting a cookie, and accept ‘‘only cookies that get sent back to the originating server.’’ The fourth choice was a response to the news that third parties, originally hackers, were able to ‘‘read’’ cookies left behind by a host of Web sites and offer the raw materials for a personal profile of the user (based on the history of sites visited by the user).
Initially, cookies were meant to bridge an individual user’s computer to a single server, such as a respective e-tailer like Amazon.com or CDNow.com. But individual hackers were not the only ones trying to bypass this one-to-one cookie setting. The online advertising giant Doubleclick, for instance, partnered with a number of online Web sites to set individual server-addressed cookies from multiple remote sites. Visiting a page from a Doubleclick partner, regardless of its URL (Web address), thus resulted in the storage of a Doubleclick cookie. Doubleclick used the information collected at these partnered sites to target specific and ‘‘relevant’’ commercial messages to individual users. Responding to criticism of such online profiling, Doubleclick later offered an ‘‘opt-out’’ option through its Web site. Ironically, opting out was contingent on accepting a cookie from Doubleclick.
After Netscape was taken over by Internet service provider giant America Online (AOL), its browsers took a decidedly different approach to cookies, especially in its accompanying help material.
|
Options |
NYTimes.com |
MyYahoo! |
Yahoo! Shopping |
MyExcite.com |
|---|---|---|---|---|
|
A. Enable cookies for the originating Web site only. |
Access allowed |
Access allowed |
Access allowed |
Access allowed |
|
B. Disable cookies. |
In order to access NYTimes.com, your Web browse must accept cookies. |
An error occurred setting your user cookie. |
Sorry! You must configure your browser to accept cookies in order to shop at this merchant. |
Please enable your browser to accept cookies. |
|
C. Warn me before storing a cookie. No (cookie is not set) Yes (cookie is accepted) |
In order to access NYTimes.com, your Web browser must accept cookies. Access allowed |
An error occurred setting your user cookie. Access allowed |
Sorry! You must configure your browser to accept cookies in order to shop at this merchant. Access allowed |
Please enable your browser to accept cookies. Access allowed |
Netscape 6 (2001) and its updates provide comprehensive documentation on cookies (table 6.4). The Privacy document contains over five pages on cookies and more pages on online privacy issues in general. Netscape’s documentation now points its finger at rogue Web sites and other interests less concerned about privacy. In the section that asks ‘‘Why Reject Cookies?’’ Netscape’s privacy documentation (Netscape 2000) now reads:
If a site can store a cookie, it can keep track of everything you’ve done while visiting the site by writing these things into a cookie that it keeps updating. In this way, it can build a profile on you. This may be a good or a bad thing depending on what the site does with the information. . . . It might be bad if the bookseller then sold that information to the local dog pound so they could cross-check for potential dog owners who do not have valid dog licenses.
Netscape’s attempts to share the blame for cookie abuse has not resulted in any radical modifications in the way cookies are encoded into browser preferences. The default setting is not ‘‘Do not accept cookies,’’ and new and intermediate users still have to dig deep into the program to find out about privacy and cookie controls. Part of the reason for this lack of modification is that the Web would become a much less convenient and relevant place if it had generic ‘‘lowest common denominator’’ portals, offered leaky online shopping bags, and showed advertisements for products and services that the user had never previously bought or browsed. Moreover, such inconvenience would disproportionately fall on Netscape and its Web browser—especially when Web sites such as Yahoo! remark (if a user visits with cookies turned off ) that ‘‘The browser you’re using refuses to sign in. (cookies rejected).’’
Having a cookie warning set as the default choice would be even more maddening, although it is potentially the most instructive way to demonstrate the extent to which cookie technology is used on the Web. A browse through Amazon.com, for instance, with the ‘‘Warn me before accepting a cookie’’ option chosen results in multiple interruptions to show the message ‘‘The site amazon.com wants to set a cookie. Do you want to allow it?’’ Being asked for a cookie preference on multiple pages within a site would be very inconvenient. A user could not knowledgeably discriminate between one Web site cookie and another, particularly when bombarded with requests from page to page. The cookie manager in Netscape version 6.0 follows a similar logic by offering the option of deleting individual cookies but providing little to no help in distinguishing one cookie file from another (except perhaps a warning about the aforementioned ‘‘foreign cookies’’ employed by advertising brokers such as Doubleclick).
[9]In contrast to Netscape, Internet Explorer 4.0 offers its privacy options under the title ‘‘cookie.’’
[10]See Elmer (2001) for a discussion of Tim Berners-Lee and the development of hypertext for the Web.
[11]The preferences of Microsoft’s products—namely, its Windows operating system and accompanying Explorer Web browser—have served as key points of contention in the ongoing dispute between the corporation and the U.S. Department of Justice.