Introduction
A web cookie is a small file containing a unique code much like a password that is then stored on the users computer. This code is then used every time the user visits a webpage. The webpage then uses that cookie to bring up previous settings that the user had already chosen. Such information a cookie keeps track of would be passwords, usernames, credit card information, address, preferences, what areas of the site you visited, and what you were clicking on. The purpose of a web cookie was to act as a trigger between the user and provider to bring up the users personal settings without having to change them every visit. The cookie then made it quicker and easier to gain access to previously visited sites where you had already provided information.
Due to the information tracking capabilities of a cookie some privacy and security issues have developed. A cookie can be safe since it only accesses information that the user has provided. A cookie also tracks the surfing habits of the user such as which webpage’s have been visited and when.
Security Issues
Security is not as big of an issue as many users believe. Since a cookie only tracks information already provided and browsing habits, there is nothing to be too worried about. There are cases where if not sent over secure lines that a cookie can be hijacked during its travel between user and provider. Hijacking can be solved fairly easily by using simple http encryption. A more serious form of theft comes from the poor security precautions of the website provider that has been attacked by cross-site scripting, which cannot be prevented by encryption. This allows the attacker to have the provider send the cookie directly to them and then use it to access the personal information of that user.
Web cookies do not act as pervasive as spyware or adware. They cannot attack a computer as a virus or worm would, nor can cookies access any hardware on the computer. They are simply used as a tracking mechanism. The sites that are visited are for the most part only interested in providing a custom webpage that fits the users needs while catering content towards that individual.
Advertising
With the means to track what types of webpage’s a user is visiting, cookies are a measurable tool for online advertisers to target their audiences more effectively. Some privacy issues result from this targeting. While a user may believe that the cookie being used by the website is used only for that web site (First party) in reality an average website communicates and receives information and images from other sites. These other sites then have access to the users’ private information (Third party cookie). As a user browses the web they are automatically allowing cookies from various webpage’s into their computers. Webpage’s have many advertisements on their webpage. Those ads have to be downloaded from an outside source, which then allows that source to have access to the users computer. Advertisers and marketers use this information to track the users’ habits by sending cookies to the personal computer. The third party cookie allows for advertisers to track the user across any webpage where the advertiser has a presence. When the user surfs the web and the site goes to access the advertising material, it will already be aware of the type of user and catalog the habits into a central database, which can then be used for market research.
Privacy Settings
Since the intended use of first party cookies are very helpful in creating the web 2.0 aspects of personalization and customization, we cannot simply disregard web cookies by blocking them entirely. To change the settings in internet explorer go to tools and then internet options. The privacy tab is located near the top. The options for security vary from completely blocking cookies to allowing all cookies. Now since the third party cookie is huge in the advertising industry, Microsoft has made a lot of the settings confusing and unclear as to exactly what kind of protection the user is getting. Any setting other than block all cookies allows for a way to bypass security. The “compact privacy policy” is simply a code that anyone can enter into their cookie that will allow them to bypass internet explorers’ highest privacy setting before blocking all cookies. This is where the advanced tab found below comes in handy for those who know what they are doing. Surprising enough the advanced option is easier then the regular option. Simply tick the box that says “override automatic cookie handling” then accept the first-party cookies that are useful and block third-party cookies.
A web cookie is a small file containing a unique code much like a password that is then stored on the users computer. This code is then used every time the user visits a webpage. The webpage then uses that cookie to bring up previous settings that the user had already chosen. Such information a cookie keeps track of would be passwords, usernames, credit card information, address, preferences, what areas of the site you visited, and what you were clicking on. The purpose of a web cookie was to act as a trigger between the user and provider to bring up the users personal settings without having to change them every visit. The cookie then made it quicker and easier to gain access to previously visited sites where you had already provided information.
Due to the information tracking capabilities of a cookie some privacy and security issues have developed. A cookie can be safe since it only accesses information that the user has provided. A cookie also tracks the surfing habits of the user such as which webpage’s have been visited and when.
Security Issues
Security is not as big of an issue as many users believe. Since a cookie only tracks information already provided and browsing habits, there is nothing to be too worried about. There are cases where if not sent over secure lines that a cookie can be hijacked during its travel between user and provider. Hijacking can be solved fairly easily by using simple http encryption. A more serious form of theft comes from the poor security precautions of the website provider that has been attacked by cross-site scripting, which cannot be prevented by encryption. This allows the attacker to have the provider send the cookie directly to them and then use it to access the personal information of that user.
Web cookies do not act as pervasive as spyware or adware. They cannot attack a computer as a virus or worm would, nor can cookies access any hardware on the computer. They are simply used as a tracking mechanism. The sites that are visited are for the most part only interested in providing a custom webpage that fits the users needs while catering content towards that individual.
Advertising
With the means to track what types of webpage’s a user is visiting, cookies are a measurable tool for online advertisers to target their audiences more effectively. Some privacy issues result from this targeting. While a user may believe that the cookie being used by the website is used only for that web site (First party) in reality an average website communicates and receives information and images from other sites. These other sites then have access to the users’ private information (Third party cookie). As a user browses the web they are automatically allowing cookies from various webpage’s into their computers. Webpage’s have many advertisements on their webpage. Those ads have to be downloaded from an outside source, which then allows that source to have access to the users computer. Advertisers and marketers use this information to track the users’ habits by sending cookies to the personal computer. The third party cookie allows for advertisers to track the user across any webpage where the advertiser has a presence. When the user surfs the web and the site goes to access the advertising material, it will already be aware of the type of user and catalog the habits into a central database, which can then be used for market research.
Privacy Settings
Since the intended use of first party cookies are very helpful in creating the web 2.0 aspects of personalization and customization, we cannot simply disregard web cookies by blocking them entirely. To change the settings in internet explorer go to tools and then internet options. The privacy tab is located near the top. The options for security vary from completely blocking cookies to allowing all cookies. Now since the third party cookie is huge in the advertising industry, Microsoft has made a lot of the settings confusing and unclear as to exactly what kind of protection the user is getting. Any setting other than block all cookies allows for a way to bypass security. The “compact privacy policy” is simply a code that anyone can enter into their cookie that will allow them to bypass internet explorers’ highest privacy setting before blocking all cookies. This is where the advanced tab found below comes in handy for those who know what they are doing. Surprising enough the advanced option is easier then the regular option. Simply tick the box that says “override automatic cookie handling” then accept the first-party cookies that are useful and block third-party cookies.
References
"Webopedia." cookie. 22 May 2007. Jupitermedia. 22 Jan 2008
Kyrnin, Jennifer. "How Cookies are Used by Web Pages and Web Browsers." About.com. New York Times. 22 Jan 2008
"HTTP Cookie." Wikipedia. 15 Jan 2008. Wikipedia Foundation. 22 Jan 2008
"Spyware, adware, and internet cookies. What's good and what's bad. Privacy and removal tips and help.." cookiescache. 22 Jan 2008
Eichelberger, Lori. "Cookiecentral." The Cookie Controvercy. 08 Apr 1998. 22 Jan 2008
"GRC." Misfortune Cookies. 13 Aug 2005. Gibson Research Corp. 22 Jan 2008
Further Readings
http://www.grc.com/cookies.htm
http://www.cookiecentral.com/ccstory/cc2.htm
http://cookiescache.tripod.com/
http://en.wikipedia.org/wiki/Internet_cookie#Misconceptions
http://webdesign.about.com/od/cookies/a/aa021506.htm
http://www.webopedia.com/TERM/c/cookie.htm
No comments:
Post a Comment