I've been cookie conscious for a long time and for years had my Netscape cookies.txt file emptied out and set to read-only to avoid any cookie interactions. I found that this worked pretty well in Netscape because it appears that the cookies are kept in memory until the program closes down so I could still engage in those transactions that require cookies for the duration of the session, such as making purchases.
Recently I decided to try a cookie cutter program and installed Cookie Pal (shareware, www.kburra.com). After a few months of use I had a very short list (two items) of cookies that I accept, and a very long list (over 100 items) of cookies that I always reject. New cookies are presented to me for my judgment and nearly all go into the "never accept" category. I can see statistics on how many cookies I encounter in a day of Net use and the numbers are frighteningly high getting up into the high double and low triple digits.
As the list of rejected cookies has grown I've found myself getting curious about them. In particular I wondered how easy or hard would it be to find out more about them? Ideally, before rejecting or accepting a cookie I would have some idea of who I'm dealing with. So I copied down all of my rejected cookies and started on a hunt.
Methodology
I eliminated some of the cookies that I could easily recognize (yahoo.com, for example), but that was only a small handful. (Later I counted among the cookies 7 sites that I could recognize as ones that I actually visit.) What was left were 105 cookie "hosts". I took each host as listed in the cookie cutter program (i.e. ad.doubleclick.net) and plugged it into my browser. If I got to a web site, I looked to see if the opening screen of the site had a privacy policy posted.
Results
This means that although the cookie is supposedly being posted by a "host" many of the cookies do not lead to anywhere on the Net where you can verify who is sending it. In other words, they are anonymous. Sometimes it was possible to find a site by reformulating the host address (adding "www", for instance), but not always. A whois lookup (which I think is beyond the ken of the average Net user) often got not much more info: a cookie from xyz.com would yield a record for xyz company with a post office box and no individual names listed ("postmaster@xyz.com").
The most astonishing, though, was the site that dropped me into their directory listing where I could view all of their files, including the lists of customers and the banner ads for each of them.
It's no comfort to think that these people might be writing to my hard drive.
I'm not exactly sure what all of this means, but it confirms my impression of the nature of cookies that I encounter. The use of cookies is a kind of "stealth" marketing where the marketing company gathers information about the user but does not allow the Net user to learn anything about itself or its practices. People are not so wrong when they say that they feel that cookies are spying on them because the mechanism is very much like spying.