Web pages as "Paste-Ups"
One thing about the Web that isn't obviousââ,¬" except to techies and Web page designersââ,¬"is that a single Web page can be composed of material that comes from many servers throughout the Internet. A page on your favorite news site might have text from one server, pictures from a second, and ads from several more. The Hyper Text Markup Language (html) in which the page is written tells your Web browser how to call for the images from different places and paste them up to make the page that appears on your screen.
Trouble is, unless you've installed cookie management software or turned off cookies altogether, any machine that supplies any part of a Web page is capable of feeding your machine a cookie and retrieving it later. Thus, if you visit two pagesââ,¬"even on different sitesââ,¬"that contain ads from the same advertising company, that company can see via its cookies that you traveled from one to the other. What's more, if the advertising firm has acquired personal information about you from the owner of any one of those sites (perhaps because you filled in a form or made an online purchase), it can apply that information when you visit the other.
Sometimes, an image that allows you to be tracked is not even visible to the naked eye. Last year, computer security expert Richard Smith, founder of Phar Lap Software, reported that many Web pages contain Web bugsââ,¬"tiny images that are only one or two pixels in size and are designed to blend into the page's background. Why are these invisible images there? Because they allow Web servers to log your access to the page and to place cookies on your computer.
Special delivery: a cookie
Snooping via cookies isn't limited to the World Wide Web. Because the rendering engine that's used in Web browsers is also woven into e-mail clients and Usenet news readers, it's possible for someone who sends you e-mail or posts an HTML article to a newsgroup to cause your machine to access images on his or her site when you read the mail or article. (If the program has a preview window, the access may occur automatically before you can stop it.) Instantly, the sender's Web server can tell that you read the message.
What's more, if the sender customises the URL in the message so that it contains your e-mail address, he or she will also know exactly who you are. (This technique has been used by spammers to verify e-mail addresses.) Finally, unless you have a very recent browser that closes this security hole, the server can leave and retrieve a cookieââ,¬"again, possibly containing your e-mail address.
Even software you install on your computer can gather information and place it in cookies for later retrieval. The Registration Wizard in Windows 98 places unique id numbers that identify you and your computer into cookies without your knowledge or consent. When you later log onto the Internet and invoke Internet Explorer, the browser jumps to Microsoft's Web site, which retrieves the cookies. Each time you visit Microsoft's site thereafter, the cookies are sent again, letting the company know you're back. More worrisome still is the fact that the Registration Wizard ActiveX control has a bug that allows any Web site to retrieve your registration information at will.
excelant article
one addtional point:
one way to prevent the reading of email in outlook and outlook express from triggering the html bugs, etc is to
1) download your email
2) disable your internet connection
3) read all your email
4) enable your internet connection