The true cookie conundrum... and another cookie catch

Yes, I have been going on and on and on about Web cookies... even in print... and yes, I think it is important, to a certain degree, but only because it is such a low hanging fruit. Web cookies, when it comes right down to it, is an easy privacy issue to deal with. Furthermore, the policy is fairly clear.

Are Web cookies a real privacy threat? Probably not. But it is an important visibility and trust issue -- if you say that you are not going to use persistent cookies, then don't do it.

And cookies are particularly minor when compared to the National Security Agency's warentless wiretaps -- a real privacy issue... and a very complex issue with no easy answer or solution.

That being said, there is nothing quite like sitting at Fed 100 judging and calling up a Web site -- in this case NIST's National Vulnerability Database, which lists all the computer vulerabilities out there -- and having my Web browser's cookie monitor pop up. The site uses a persistent cookie that expires in 2035. Given the caliber of people in the room, I'd expect it will be gone sometime soon.

And, just to quote from NIST's privacy policy:

Cookies: "Cookies" are small bits of text that are either used for the duration of a session ("session cookies") or saved on a user's hard drive in order to identify that user, or information about that user, the next time the user logs on the a Web site ("persistent cookies"). This Web site does not use persistent cookies or any other persistent tracking technology.

Currently, we are using session cookies as part of a Web customer satisfaction survey we are conducting in collaboration with ForeSee Results. The sole purpose of the session cookies is to cause the survey to be displayed to a small percentage of our Web site visitors as they leave the NIST Web site. NIST does not retain any information collected by these session cookies. Session cookies are automatically deleted at the end of a session, that is, when you close your browser. Additional privacy information related to the survey is available from a link on the survey itself.