The first of three articles.
ne day in June 1994, Lou Montulli sat down at his keyboard to fix one of the biggest problems facing the fledgling World Wide Web — and, as so often happens in the world of technology, he created another one.
At that moment in Web history, every visit to a site was like the first, with no automatic way to record that a visitor had dropped by before. Any commercial transaction would have to be handled from start to finish in one visit, and visitors would have to work their way through the same clicks again and again; it was like visiting a store where the shopkeeper had amnesia.
At 24, Mr. Montulli was the ninth employee hired by what would come to be known as Netscape Communications, and was already known as a programmer of exceptional skill. So he quickly came up with an ingenious idea to address the problem and hammered out a five-page document describing the technology that he and co-workers would design to give the Web a memory.
The solution called for each Web site's computer to place a small file on each visitor's machine that would track what the visitor's computer did at that site. Mr. Montulli called his new technology a "persistent client state object," but he had a catchier name in mind, one from earlier days of computing. When machines passed little bits of code back and forth for such purposes as identification, early programmers called the exchanged data "magic cookies." Mr. Montulli would call his invention, a direct descendant, a "cookie."
It was a turning point in the history of computing: at a stroke, cookies changed the Web from a place of discontinuous visits into a rich environment in which to shop, to play — even, for some people, to live. Cookies fundamentally altered the nature of surfing the Web from being a relatively anonymous activity, like wandering the streets of a large city, to the kind of environment where records of one's transactions, movements and even desires could be stored, sorted, mined and sold.
Since then, cookies have become nearly ubiquitous — and that has many people upset. A recent survey by Public Opinion Strategies, a Republican polling organization, found that 67 percent of Americans identify online privacy as a big concern — far more than those who identify fighting crime (55 percent) or building an antimissile shield (22 percent).
Yet while public anger has grown over invasions of privacy both real and imagined, momentum in Washington to restrict the use of cookies and other high-technology tools for monitoring Internet users' activities has slowed.
In Washington, at least 50 privacy- related bills are awaiting consideration, though the current leadership in the House has focused its attention on privacy invasions by government, not by private business. President Bush's recently appointed chairman of the Federal Trade Commission, Timothy J. Muris, is just preparing his first statement on the commission's direction on privacy, to be delivered next month.
Whether willingly, begrudgingly or unknowingly, however, most Web users have already traded a slice of their privacy for the convenience that cookies bring to the Web. Most people accumulate cookies unknowingly; a search on the average Internet user's machine will turn up dozens, or even hundreds, of the small files.
Thanks to cookies, a customer shopping at a site who walks away from the shopping cart before buying can come back later to have the site ask if he wants to complete the order. Cookies also allow sites to show advertisements tied directly to the parts of the site a visitor has seen, so that someone visiting a health-oriented site who reads information about diabetes drugs might see an advertisement for a newly approved medication for the condition.
All these functions can be performed without knowing the name of the visitor because the anonymous, unique identifier included in the cookie is enough. But if a Web site owner can combine that identifier with personal information, say from having visitors register with the site, then the cookie becomes a powerful mechanism for personal tracking.
