Suppose you bought a TV set that included a component to track what you watched, and then reported that data back to a company that used or sold it for advertising purposes. Only nobody told you the tracking technology was there or asked your permission to use it.
You would likely be outraged at this violation of privacy. Yet that kind of Big Brother intrusion goes on every day on the Internet, affecting millions of people. Many Web sites, even from respectable companies, place a secret computer file called a “tracking cookie” on your hard disk. This file records where you go on the Web on behalf of Internet advertising companies that later use the information for their own business purposes. In almost all cases, the user isn’t notified of the download of the tracking cookie, let alone asked for permission to install it.
Luckily, the leading Windows antispyware programs can detect and remove these tracking cookies. It is the best defense a user has against this tactic.
Now, though, some of the companies that place these files on your hard disk are complaining about that defense. Some are urging the antispyware software companies to stop detecting and removing tracking cookies. They assert that the secret placement of these tracking mechanisms is a legitimate business practice, and that tracking cookies aren’t really spyware or aren’t harmful.
Unfortunately for consumers, this twisted reasoning is having some impact. In the most notable case, Microsoft disabled the detection and removal of tracking cookies when it purchased an antispyware program from a small company called Giant and turned it into Microsoft Windows AntiSpyware. That is a big reason why I can’t recommend the Microsoft product, which still is in the test phase but is available for anyone to download.
Microsoft says it still is evaluating how to treat tracking cookies in the program’s final release. I believe it is important for consumers to know who is on their side right from the start and who may be being swayed by companies that do things to your computer without telling you.
The antispyware program I currently use and recommend, Spy Sweeper from Webroot Software, still detects and removes tracking cookies. So does another antispyware program derived from some of the same computer code as the Microsoft product — CounterSpy, by Sunbelt Software. I haven’t tested the latter program, but it has received good reviews elsewhere. There are other antispyware programs as well that still treat tracking cookies as spyware.
To understand the tracking-cookie issue, you have to know something about cookies overall, and you have to know what spyware actually is.
Cookies are small text files that Web-site operators — and third-party companies that insert ads into Web sites — place on a user’s computer. Many types of cookies are harmless or even helpful. For instance, a cookie might help a Web site remember your preferences for what news topics you chose to see. With your permission, it might store your login information, so you don’t have to type it in each time you visit a particular site. Antispyware programs aren’t designed to detect or remove these helpful cookies.
Tracking cookies shouldn’t be confused with these other cookies. They have no user benefit except the vague promise that the ads you get as a result may be better tailored to your interests.
What is spyware? There are many definitions, but here is mine, in two sentences. Spyware — and a related category called adware — is computer code placed on a user’s computer without his or her permission and without notification, or with notification so obscure it hardly merits the term. Once installed, spyware and adware alter the PC’s behavior to suit the interests of outside parties rather than those of the owner or user.
Examples of spyware and adware include programs called “browser hijackers,” which reset the home page or search engine used by your browser so the user is diverted to the sites of the spyware and adware companies or their clients. Others record your activities and report them to outside parties. Still others push ads in your face, even when you aren’t using the Web.
Some tracking-cookie purveyors say their cookies aren’t really spyware because they aren’t full-fledged programs and they aren’t as outrageous as spyware programs like “key loggers,” which record and report every keystroke you enter. Others argue that the companies don’t collect personally identifiable data, only aggregate data from many users. To me, tracking cookies clearly meet the obvious definition of spyware.
Rather than trying to legitimize tracking cookies with pressure and marketing campaigns, I suggest that, if they really believe tracking cookies are legitimate, the companies that use them simply go straight. They should ask a user’s permission to install the cookies, pointing out whatever user benefits they believe the cookies provide. They might even offer users compensation for allowing tracking cookies on their machines.
Until that happens, here is my advice: If you don’t like the idea of tracking cookies, run an antispyware program that detects and removes them, along with all the other indefensible computer code some companies think they have the right to install. After all, it is your computer.
Write to Walter S. Mossberg at email@example.com