You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

Cookies

What are Cookies?

According to Netscape:

Cookies are a general mechanism which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection. The addition of a simple, persistent, client-side state significantly extends the capabilities of Web-based client/server applications.

To put it more plainly, a cookie is a mechanism that allows a web site to record your comings and goings, usually without your knowledge or consent. The following resources will provide you with additional information, and suggestions on how to "toss your cookies."

EPIC Opposes DoubleClick Class Action Settlement

A series of class action lawsuits were brought against DoubleClick for violation of privacy relating to the company's cookie tracking practices. These actions were consolidated and an attempt at settlement was made in 2002. This settlement must be approved by the Court, and a hearing has been scheduled for May 21, 2002 to determine whether the settlement is in the public interest.

As part of class action procedure rules, the judge published the terms of the settlement -- which will bind all individuals who were impacted by Doubleclick's profiling practices. The judge invited members of the class to file objections to the proposed settlement if they did not believe it was "fair, reasonable, and adequate." EPIC, on behalf of itself, members of the public, and its individual employees, filed with the court formal objections to the proposed settlement and concurrently asked that its employees be exempted from the settlement.

EPIC asserted that the proposed settlement is not fair, reasonable, or adequate because it does not provide any significant benefit to class members that was not previously agreed to by DoubleClick as part of its earlier agreement with the Federal Trade Commission under the terms of the Network Advertising Initiative (NAI). Doubleclick did not make any significant change to its practices or its policies, nor has it provided the type of meaningful privacy protection sought by consumer and privacy organizations that brought filed a complaint with the FTC in the first instance. It appears that the only new component in the proposed settlement is DoubleClick's agreement to pay almost two million dollars to the plaintiffs' lawyers.

In an objection filed with the Court, EPIC made side-by-side comparisons between DoubleClick's obligations under the weak NAI terms to DoubleClick's obligations under the proposed settlement -- and concluded that the proposed settlement fails to match those commitments to which Doubleclick is already bound. EPIC further argued that a broad range of leading organizations, representing the interests of consumers across the US, believe that stronger obligations should be imposed on a company, such as Doubleclick, that routinely monitors and profiles Internet users without their consent. EPIC concluded its objections with specific recommendations for the provisions of a settlement agreement that serves the public interest.

EPIC Files FTC Privacy Complaint Against DoubleClick

EPIC filed a complaint (PDF) with the Federal Trade Commission on February 10, 2000, concerning the information collection practices of DoubleClick Inc., a leading Internet advertising firm, and its business partners. The complaint alleges that DoubleClick is unlawfully tracking the online activities of Internet users (through the placement of cookies) and combining surfing records with detailed personal profiles contained in a national marketing database. EPIC's complaint follows the merger of DoubleClick and Abacus Direct, the country's largest catalog database firm. DoubleClick has announced its intention to combine anonymous Internet profiles in the DoubleClick database with the personal information contained in the Abacus database. See EPIC's press release for additional information.

IETF Proposal for Cookies

The Internet Engineering Task Force is now considering a proposal to fix some of the problems with cookies. A coalition of consumer, educational and privacy groups has urged the IETF to adopt the proposal.

Coalition Letter to IETF
CNET coverage of the coalition letter
The Internet Engineering Task Force
IETF Proposal - RFC 2109
More background on the IETF Proposal

Cookies and Privacy

"The Internet and Privacy Legislation: Cookies for a Treat?" by Viktor Mayer-Schoenberger, West Virginia Journal of Law and Technology

"The WWW offers a wide variety of communication, information and interaction. Cookies provide for necessary customization. But the Internet is not outside the law. Existing regulations, targeted at protecting personal information, limit the use and application of cookies. Current cookie usage violates such norms. Content providers continuing to use cookies that violate these regulations and browser producers unwilling or incapable of bringing their products into accordance with these laws both risk legal liability. It should be their concern to avoid legal action; and it should be our concern to safeguard our privacy. "

Media Coverage

DoubleClick Tries to Force Hand Into Cookie Jar (from Wired News)
Browser Users to Watch Cookies (from CNET)
That's the Way the Cookie Crumbles (from HotWired)
Netscape Users to Watch Cookie Jar (from CNET)
It Ain't All Cookies and Cream (from HotWired)
Fighting to Make a City's Cookie Files Public (from New York Times)

Resources

Cookie Central.
HTTP Cookie Library FAQs.
Netscape's Cookie Specs (from Netscape).
Cookie Jar (freeware cookie manager).
For more information on cookie-managing software, check out the EPIC page on Practical Privacy Tools.

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security