Cookie Use and Control with the Protein Explorer
by Eric Martz and Srinivas Turaga (January 1999; revised March 2004)

Why are cookies required?

The only mechanism provided in web browsers for remembering personal data between sessions at the client's computer is called "cookies". (Don't ask us where the name came from!). Cookies are small items of information which are saved on your disk by your browser. One of the most common uses for cookies is to remember items you have selected for purchase in an on-line "shopping cart". Protein Explorer uses cookies to remember your preferences, and a list of the files you have loaded in previous sessions. It also uses cookies to enable multiple sessions to be run concurrently while minimizing confusion between sessions: each session is give a session number.

Are cookies safe? Yes!

There is a widespread rumor that cookies are a security hazard. Therefore some people have disabled cookies, or configured their browser to warn them when the web page being viewed requests saving a cookie (see below).

The US Government's Department of Energy says cookies are OK. This is because cookies cannot be used to harm you, or your computer. "The popular rumors about web cookies describe them as programs that can scan your hard drive and gather information about you including: passwords, credit card numbers, and a list of the software on your computer. None of this is close to the truth. A cookie is a short piece of data, not code, which is sent from a web server... it is not an executable program and cannot do anything to your machine." [This quote and information below is from an information bulletin about cookies by the US Department of Energy's highly respected Computer Incident Advisory Capability.] This means that cookies can neither be viruses, nor collect sensitive information about you and send it somewhere undesirable (see below, however, for particular versions of Netscape to avoid). Cookies, once set, can be read only by the server site that sets them, and no other site. So the information about how many times you visit Website A cannot be read by Website B.

Cookies "cannot be used to 'steal' information about you or your computer system". They can only be used to "store information that you have provided at some point" for use by a particular site [emphasis ours; from the W3C Consortium - the standards forming body for the World Wide Web].

What websites know about you (regardless!).

Whenever you visit a web site, it has access to the following information regardless of whether cookies are enabled [from Cookie Central]:

The managers of websites can use this information in any way they wish. Typically it is used to gather information of interest for business marketing purposes. For Protein Explorer development, we have used it to decide how much effort to put into supporting various screen resolutions, operating systems, and browsers.

Are cookies for everyone?

Why would anyone want to disable cookies? "One of the less admirable uses of cookies, and the one that is causing all the controversy, is its use as a device for tracking the browsing and buying habits of individual web users." When a group of sites use a common marketing service, your browsing and buying habits can be pooled into a central database. The advertisements you see popping up on many sites may come from a central marketing service, and along with the ads may come cookies. "This information is also in the server's log files and so the use of a cookie here does not increase a server's ability to track you, it just makes it easier." [Quotes and information from the DOE/CIAC Bulletin cited above.]

Cookie Control.

If you wish to control the use of cookies on your computer, there are several ways you can do this. Most web browsers can be set either to disallow cookies, or to require you to confirm or deny setting every cookie. Netscape 4's cookie options are under Edit, Preferences, Advanced. In Internet Explorer 6, go to Tools, Internet Options, Privacy.

Disallowing cookies will prevent Protein Explorer from working. Approving every cookie will make using the Protein Explorer, and many other web sites, unacceptably cumbersome.

The above methods intercept cookies from all sites, equally. A better method is to use a program that can be set to allow cookie access to selected websites that you trust. Many of these can be found at the software page on Cookie Central's website.

(Note that if you download the Protein Explorer and use it while not connected to the Internet, it will still set and read cookies. So not only remote websites, but also local browser-based resources can use cookies. If you've installed the Protein Explorer on your computer, we surmise that you trust it.)

One useful cookie-control shareware utility is called Cookie Pal from Kookaburra Software. With this tool, you can configure your browser to allow selected websites that you trust to set cookies. Cookie Pal is shareware that costs $15. You can try it free for 30 days.

Cookie-leaking bug in old versions of Netscape.

If you are using Netscape 4.7 or later, you don't have to worry about this. (The current version of Netscape Communicator is 4.8. Later versions of Netscape [Mozilla, 6, 7] don't work with Protein Explorer.) There is a bug in older versions of Netscape: "A malicious hacker/site operator could also see cookie information as well as directory names and filenames by writing a special program.... The Injection bug affects Navigator 3.x and Netscape Communicator 4.0 to 4.07 as well as the two prerelease beta versions of Communicator 4.5 for all platforms. The bug was fixed in Netscape Communicator 4.5 and later versions [From Netscape Communications' Security Pages] We suggest that you upgrade to the latest version of Communicator 4.X to protect yourselves from this vulnerability. We provide instructions on how to find and download Netscape 4.8x.


[End of document]