AOL cookie rumor called hoax

The chain email going around the Net this week about America Online (AOL) would have alarmed anyone: It claimed to contain information from AOL developers who discovered a devious cookie in the next version of the online service's software that would peek at the contents of users' computer and report them back to the company.

Of course, it was a hoax, AOL said.

Representatives there already have informed the Energy Department's Computer Incident Advisory Capability of the spoof.

But that won't stop the message from spreading around the Net faster than the Ebola virus. Even after word gets out that it's a hoax, it will continue to spread, because that's how these things work.

Take the Good Times virus. That hoax is nearly three years old and still makes its way around the Net, snagging in a newbie every once in a while.

America Online, being the largest online service, is especially targeted by tricksters, company spokeswoman Wendy Goldberg said.

"We have the largest member base in cyberspace, and sometimes someone attempts to target our members with rumors that are untrue and this was one of those," she added.

But the author of the email also put in enough information that could make even the most skeptical recipient read it twice.

It purports to be written by two former AOL employees who were laid off after they started spreading the word that AOL's next version included a cookie that would be planted on an unsuspecting member's computer that could be used later to grab private information.

Those who know about cookies say this scenario is unlikely. It also contained several hints that it was a fraud, such as a bad return address and melodramatic stories about the authors that included one having cancer and the other having gone through a divorce.

But those who know about AOL know that the service has not had the best record when it comes to guarding members' privacy, and that gave some a reason to wonder if there was any validity to the email.

Just a few months ago, the company created a national uproar when word got out that it planned to give members' phone numbers to its partners, one of whom happened to be a telemarketer.

As reported, AOL reserves the right to track its members online and it pays marketing firms for detailed profiles of users that can be used to advertise to those users.

Yet even security experts don't know exactly what every piece of code does, according to David Banisar, staff counsel for the Electronic Privacy Information Center.

"Nobody understands what these things do anymore," he said. "We are all blindly relying on the companies that provide the software to be acting in our interest. There is absolutely no way for most people to figure out what they're doing.

"On top of that, AOL has the rather bad reputation of not doing what it's saying," Banisar added.