I’ve written here a number of times about browser cookies: small pieces of text that your browser stores on your system at the request of a Web server. The cookie’s contents can be returned to the server with a later HTTP request. The cookie mechanism was developed to provide a means of maintaining state information in the otherwise stateless HTTP protocol, which deals only in page requests and responses; the concept of logging in to a Web site, or having a session, is grafted onto the underlying protocol via the cookie mechanism. This can lead to some security problems; it also impacts users’ privacy, since cookies are very widely used to track users as they browse to different sites. (For example, those ubiquitous “Like” buttons from Facebook can set tracking cookies in your browser, even if you never visit the Facebook site itself.)
For some time now, several browsers have offered an option to disallow so-called “third party” cookies: those set by sites other than the one you are visiting. And Apple’s Safari browser, as well as development builds of Mozilla’s Firefox, have included heuristics to accomplish something similar. These are helpful, but imperfect, since the definition of a “third party” is not as precise as one might like. For example, XYZ.COM might have a companion domain for videos, XYZ-MEDIA.COM; logically, both are part of the same site, but simple heuristics won’t see things that way.
Now, according to an article at Ars Technica, Stanford University, along with the browser makers Mozilla and Opera Software, is establishing a Cookie Clearinghouse to serve as a sort of central cookie rating agency.
The Cookie Clearinghouse intends to provide lists of cookies that should be blocked or accepted. Still in the planning stages, it will be designed to work in concert with the heuristics found in Firefox in order to correct the errors that the algorithmic approach makes.
The Clearinghouse is just being set up, so it’s too early to say how much it will help. Similar cooperative efforts have helped reduce the impact of spam, phishing, and malicious Web sites, though, so we should hope for the best.