Subj: Cookies
Date: 3/3/00 8:42:58 AM Pacific Standard Time

I am the cgi programmer for one of your advertisers. Let me explain a
little about the cookies. When an ad runs a cookie is sent to the
person who saw the ad. This is necessary so that when they click on the
ad they can be redirected to the correct advertiser site. Why don't we
use the ip of the client to do this? Well, we do. If a person has
cookies turned off then we fall back to a lookup of the ip and website
to find which advertiser banner was displayed. But this is not
foolproof. AOL and a few other isps will not give a client a consistant
ip, changing every time they send a request. This makes it impossible
to track AOL users reliably by lookup. Also since we have hundreds of
thousands of banners thrown during the two hour period we maintain for
look up, a redirect to the sponsor takes much longer than if cookies are

Cookies are also used for something else. When the person brings up
your page again later, we check a cookie to see what banner has already
been sent to that client. Then we make sure to send them a different
banner. This gives the client more opportunities by giving them
different banners each time, and increases a chance that they will click
on the banner, increasing your earnings. Data anlaysis has shown that
when a banner is shown a second time, the probably of a click is less
than half what it was the first time.

Profiling can also be done, although we do not do it at this time. That
means that if the client shows an interest in ads relating to something,
say automobiles, then he will receive more automobile ads than other

Some think this is an invasion of privacy. Well first of all, we have
no idea who is behind the screen, there is no way to put a name or face
on the information. The information is only so banners with a higher
probability of interest to that client, whoever it is, can be thrown,
and if they click on a banner, we can send them to the right place..

Some think that some type of propriatary information can be obtained
from cookies. Well cookies are such that the only information we can
get back from the client is what we put there in the first place. We
already have that information anyway, and we have it linked to the
client's ip. Since it is only for redirection, the information is
deleted in 2 hours, but we do have it, so getting it back the quick and
easy way by cookie should be a non-issue. Since it is impossible to get
information from a cookie that we did not put there in the first place,
it is impossible to obtain any kind of proprietary information from a
cookie another site put there. It simply cannot be done. The domain of
the site that put the cookie there MUST match the domain of the site
retrieving it, or it is totally inaccessible.

I hope this explains how it all works.

ads programmer for