“It haunts me. I can’t sleep at night.”

“Um hmm.” The Doctor scrawled a note on his notepad making the sound of understanding to show that he was listening attentively. He was your classic stereotype of a psychologist – grey hair with a beard, in a highcut suit, speaking, when he spoke, in a German accent.

“I thought they were harmless but that was before I understood. And then I started reading things, terrible things. They’re watching me. Waiting to strike.”

“Um hmm.”

“I can’t use it anymore.” said the Patient, who could have been anyone, indicating the laptop computer he brought with him. “They might spring into action at any time and I’ll be ruined!”

The Doctor turns to the camera and speaks.
“My friend here is suffering from an acute case of mpiskotophobia. The fear of cookies.”
He returns to addressing the patient.

“I think what you fear is not the cookie, but what it can do to you. What would you say if I told you that there is no reason for your fear?”

“But I read things. They talk about how those things can destroy my computer. How they track me, like spies, always watching. Waiting for the right moment to drain my account and broadcast my doings to the world.”

“You have been misinformed my friend. Cookies cannot destroy your computer. They are not programs. They do not ‘run.’ They sit quietly on your machine causing no harm. They are not viruses.” The Patient gave a gentle shudder. “And you are right to shudder. Viruses can harm your computer or steal information. They are programs that do run without your knowledge. But cookies are harmless.” The Patient was showing skepticism with a rolling of the eyes.

“I see your skepticism. Let me prove it to you. Open your computer.” The Patient looked at the thing with horror. “You must,” The doctor continued. “It is the most important part of your therapy.” The Patient gingerly nudged the thing open, much as a person with a stick might turn over a rock covering a spider’s nest. “Now turn it on.” The Patient did so, with a quick stabbing motion, as though in fear of electical shock. The computer whirred into action. “Now let me show you.” Quickly, the doctor opened a Windows Explorer window and navigated to the following directory:

C:\Documents and Settings\[the patient's login name]\cookies

“There’s thousands of them! And the names, that’s every website I’ve ever been to!” The Patient shrieked and began to hyperventilate.

“Not thousands. Only three hundred cookies can be stored a single user’s system, according to the Netscape specification. And only twenty from any one domain. And they’re not from every website. Only the ones that use cookies. Let’s look inside one, shall we?” The doctor double-clicked a cookie file and it popped open in notepad (which it would do as cookies all use a .txt extension in Windows). Displayed on the notepad screen was, well, gibberish. “It looks scarey, but it isn’t really. There are four parts to a cookie. They are:” And a scrolling screen dropped down behind the Doctor. It had four things listed:

The Data
The Domain
The Path
The Expiration Date

“Let us look at each of these parts in turn, shall we? First, the data. This is the information that the website is interested in. It is not your bank account number in Switzerland. It is not personal letters to your lover. In fact, it is only information that is known to the website when you visited it last time. This could be personal information if you filled it out in a form, but usually it is the pages you went to or your username and password.”

“But why would they want to know that about me? Why are they after me?”

“They’re not after you. They want your username and password so that you don’t have to enter it next time you visit the site.” The Doctor explained. “Instead of asking for that information they simply get it from your cookie. They might want to know which pages you visit so that they can have more information about what interests people – what pages they should improve and which ones people aren’t going to so they can drive more traffic to them or get rid of them altogether.

“And if it’s a store they might want to know what items you looked at last time so they can make recommendations of things that might interest you, this time.

“The second part of the cookie is the Domain. This is important because a domain can only read and write their own cookies. They can’t read or write someone elses. So if you visit, for example (and I’m not accusing you, you must understand), hotblondes.com,” The Patient blushed, “and then navigate to christianitytoday.com, christianitytoday can’t read the hotblondes cookie and condemn you to hell. Your secret is safe.”

“But,” the Patient interjected, looking at the list of cookie files on the screen, “I’ve never been to doubleclick.com so why do I have a cookie from them? Surely another site must have put it there. And how do you know about hotblondes.com?”

“Er, um, well, anyway, no, another site did not put it there.” said the Doctor. “That is what is called a ‘tracking cookie.’” The term “tracking” conjured up images of shady characters in trenchcoats monitoring the Patient’s every move.

“T-t-they’re tracking me?”

“Yes, but it’s nothing to be afraid of. And while you might think you’ve never been to this site, I’m afraid you have, without even knowing it. You’ve seen the ads on webpages, right?”

The Patient shrugged assent.

“Well, those ads don’t come from the site. They come from an ad service. The website owners subscribe to an ad service which serves up the ads. And because the ads originate on the service’s servers, they have the right to send a cookie along with the ad.”

“Why would they want to do that?” The Patient asked, fear now starting to be scared off by curiosity.

“Because they want to know how best to target their ads. They know, for example, you went to websitex.com and were looking at, say, wrist watches. They know this because the page sent the request to the ad service. The next time you visit websitex they can know that you’re in the market for a watch so they can show, as the next ad on that page websitey.com which sells watches.

“If you think about it, this not only helps the ad service, by making it more likely that they will have successful advertising, but it also helps you because you might not like the watches at websitex.com but you might see the ad which shows exactly what you’re looking for. That sort of personalized advertising can save you a lot of surfing time.”

“I see. So they’re not tracking my every movement on every page.”

“Not at all. They can’t see the cookies except the ones they’ve set. Now, let’s move on to the path.” Said the Doctor, tapping the chart where it said “The Path.”

“This tells the website which part of the site the cookie pertains to. This can be any directory on the site. When set the cookie can be read from this directory or any lower directory. If set to the root directory the cookie is good for the entire site.”

“And why is that good?”

“From a user’s perspective it really doesn’t matter. But for the website owner it is useful because it helps them divide up the cookie tasks to different part of the site. In the old days of the slow internet it also sped things up, slightly – every time you hit the page the cookies for that page are sent, so if you’re hitting a page that the cookie is irrelevent to then there’s no point in sending the cookie. It’s just wasted bandwidth. But now that the internet is so much faster and cookies
are so small, there’s not really much difference.”

“How small? That’s another thing that worries me. Even though there can only be three hundred cookies, who’s to say that they won’t store entire encyclopedia on my computer and leave me no room!” The panic was coming back and the Patient began to sweat again.

“The Netscape specification says it, that’s who.”

“But I use Internet Explorer.”

“It doesn’t matter. The Netscape cookie specification was created by Netscape Corporation in 1996 and has since become the standard for cookies in all of the major browsers. And the Netscape cookie specification states that cookies can be no bigger than four kilobytes, or 4096 bytes. The most space cookies can take up on your computer is 1.2 megabytes. Considering that the average hard drive these days exceeds eighty gigabytes, this is almost no room at all.
“And if they get in your way, simply delete them. Go to the folder I showed you earlier, select the files and hit the ‘delete’ button. Off they go. And if you don’t want them to come back then there are settings in your browser to block the cookies. But I don’t know why you would want to. That would mean that sites you visit regularly would be asking for your login information everytime you go there, or would stop you from shopping at certain sites because many sites store your shopping cart in a cookie so that you can pick up where you left off if you go away and then come back.

“Or you could simply wait for the cookie to expire. The last part of the cookie is the Expiration Date. When a cookie is set so too is an expiration date and when that date is passed the cookie is automatically deleted. A cookie with no expiration date set is available only for the length of the current session.”

“I see.” said the Patient, now starting to look visibly relieved. But then something dawned on the Patient who became agitated, another streak of panic starting to develop. “But who is to stop someone from stealing my cookie information when it’s being sent?”

“No one. Cookies can be intercepted just like any other data on the Internet. Cookie information is simply part of the header information on an HTML page. And you remember what I told you in our last session, though, don’t you?” The Doctor asked. Like a parrot the Patient repeated the mantra that the Patient was told to repeat while surfing the ‘net:

“If you don’t trust the safety of the information you are sending then don’t send it.”

“That is true. Remember, a cookie only has whatever information you give it. Apart from your IP address, but that’s common knowledge, anyway. Anyone can randomly attempt to hit IP addresses and that why…”

The Patient picked up the beat, “a secure firewall is a must.”

“Exactly! Very good.” The Doctor commended. “But there is one more thing about cookies that you should know. If any sensitive information is being sent then the cookie can be marked as ‘secure’ meaning that the data can only be transmitted on a secure connection, meaning…”

“The data is encrypted.”

“Excellent!” The Doctor applauded. “So you see there is nothing to be afraid of when it comes to cookies. Cookies are not the enemy. They are your friends and make your Internet life so much more rewarding. Unfortunately, however, now our time is up.”

The Patient carefully closed the laptop and snuggled it lovingly under the Patient’s arm. The Doctor shook the Patient’s hand warmly and walked the Patient out of the office. The Doctor then turned to the camera and spoke.

“It is sad that I see so many cases like this of mpiskotophobia. It is by far the most irrational form of technophobia. But our friend here is finally starting to get the message…

“Are you?”

The Doctor then turned to his secretary. “Remember to send the bill,” he said, mentioning the Patient’s name, “And confirm another appointment for a week from today. I’m sure the Patient return with a severe debt anxiety.”

*Editor’s Note: There is no such actual term as “mpiskotophobia.” I totally made it up. I searched and searched but could not find any legitimate term for “fear of cookies.” A shame, really, because the fear of cookies is both irrational and pandemic. There should be a term for it so I created this one. It comes from the Greek “mpiskoto” (a phonetic spelling) meaning “cookie” and, of course, “phobia” which comes from the Greek suffix “phobe” meaning “One that fears or is averse to a specified thing.” [dictionary.com]

Tweet