No matter what level of encryption you have, you can maintain some degree of control over the way the browser handles cookies. At their simplest, cookies - small data files sent by a Web site and written to your hard disk - identify you when you return to a site, making your re-entry quicker. Or they can be more insidious, tracking everything that you do both on the sending site's pages and wherever else you go on the Web. Don't get too excited about per-session cookies - they disappear after you leave a site, and they cannot be used to track you.
Tweak your browser: both Net-scape Navigator and Internet Explorer provide limited options for disabling cookies. If you turn off cookie acceptance altogether, you'll be stopped in your tracks online. Yahoo and Amazon.com demand identity confirmation at almost every link, while Hotmail flatly refused to let us in unless we enabled cookies.
In IE 5, you can either raise the browser's security level to maximum or create a custom setting. To specify maximum security, select Tools-Internet Options-Security and move the slider to the top of its range - but bear in mind that this setting will prevent ActiveX and Java from automatically working, and it will prevent you from entering certain sites. Custom settings provide more flexibility, and they're easy to implement. Select Tools-Internet Options-Security and click the Custom Level button; scroll to the Cookies section and click Prompt under "Allow cookies that are stored on your computer". To turn on this setting in IE 4.0, select View-Internet Options-Advanced and check the box that says "Prompt before accepting cookies".
In Netscape Communicator, select Edit-Preferences and click Advanced. Under Cookies, click either Disable Cookies, Warn me before accepting a cookie, or Accept only cookies that get sent back to the originating server (an option that prevents other sites, such as advertising partners, from viewing your cookies). Netscape's cookie-warning dialogues tell you where the cookie comes from (the site that you're visiting or its banner advertising service) and how long the cookie is scheduled to last (for example, DoubleClick and Yahoo set their respective cookies to last for 10 years; Amazon.com's stop working after two weeks).
In Internet Explorer you can delete the cookies already in place on your hard drive by emptying the directory (usually c:\Windows\Cookies). In Netscape, shut down the browser and then select Start-Find-Files and Folders. Enter cookies.txt in the search box and click Find Now. Select all the files listed and press the
You can also have Window Washer keep some cookies if you trust the issuing site to use them wisely. Right-click the program's Tray icon; select Settings from the pop-up menu to open the main window; and in the Standard Wash Items list, click the Options button for the browser you're using. In the next dialogue box, click the Cookies To Keep button to bring up a box with a list of cookies from various sites. Select one to see its contents - which may include details such as your e-mail address but usually consist of mumbo jumbo codes. Click Add to Keepers for the sites you trust, but leave out any you don't like the look of. All cookies not specifically approved will be purged whenever you select Wash Now from the main Window or click the Tray icon.
Other downloadable share-ware programs - Cookie Pal, Cookie Cutter, and Cookie Crusher, among others - use your browser's cookie settings to refuse cookie requests, add filters for accepting or declining cookies from specific sites, and alert you visually or audibly whenever a cookie arrives. See last month's PC World's cover CD for 10 shareware tools to help you manage cookies.
Personal firewall software like Norton Internet Security 2000 ensures that cookies are accessible only to the site that issues them. They prompt you when a cookie is about to be written, allowing you to accept or refuse it permanently (this action creates a profile for the site that automatically deals with the site's cookies as you specify).