Nick Cole

Scotland

Director

Cookies are NOT required. They are however used because people like Bill Gates incorporate them in their operating systems. They are an officially sanctioned loophole through security and privacy. This built in remote control capability is at the heart of almost all security flaws.

It is hardly surprising that web site operators use cookies since it removes considerable resource overheads on their servers and a more complex database. But that doesn't make them mandatory.

If they were more open about what was being captured and let people see what was going on then users would be able to make a more informed choice.

Sites that use them for basket tracking and other e-commerce purposes have a higher degree of justification, though since these usually require some form of account log-in anyway their use is probably not justified.

Cookies are not needed to count visitors, the fact that a connection has been made does that already. What they are after is recording what is looked at and where and also capturing other information, but again that can be done by monitoring the website itself rather than by a cookie, and more openness on the part of the site operator.

The only other valid purpose is to enable automatic login. I have noticed that some sites (such as Silicon) do it with a proper persistent cookie, though what else it tracks is unknown. However some do it with non-persistent cookies and they are an extreme irritation as it results in a proliferation of the dreaded post-it password reminders.

If cookies were only used for login purposes and could not be read remotely, and web site designers developed their databases better with sufficient hardware capacity then the need to rely on these dangerous and almost uncontrollable code snippets could be eliminated.