Internet Cookies and Confidentiality
From Computing and Software Wiki
Internet Cookies and Confidentiality
Internet cookies or just cookies are small text files that are used by web site designers to enhance the browsing experience by enabling quick authentication, storing user prefernces, and tailoring sites for individual experience. Although cookies allow for a better browsing experience there is much misguided confusion and concern regarding internet cookies by the general public which will be addressed below. Internet cookies are not porgrams and cannot collect data, surfing tendencies debit or credit card information stored on a users computer. However there are a some confidentiality and privacy concerns regarding internet cookies that users should be aware of when browsing the internet.
Contents |
Definition
An internet cookie is a text file that is placed on your hard drive by a web server when you access certain sites. These text files can contain data about your login informatoin, preferences, and keep track of current shopping carts. The text files only contain information that the user has given to the current site. Sites that do not share specific domains cannot share cookie information, collected or access another sites cookie.
Purpose
Cookies are used for serveral different purposes when creating a web site. They are used both by the site developers for keeping track of how many people visit the site, how many new versus repeat users are visiting the site and how ofter peopel visit the site. This informatoin allow owner and developers to monitor the susscess of their site or parts of their site. Cookies can also be used to enhance the users expeience as well. Cookes allow webstie to save specific user prefferences when they browse, such as page layouts, visual designs and favour sections. Cookies have also allowed sites to implement shopping carts which allow for e-commerce.
How It All Works
Name-Value Pair
Cookies are all stored using Name-Value Pairs. Name-Value pairs are simply named pieces of data. More specifically each paiec of data a website stores has the form identifier=value. Examples of this would be NAME=VALUE which would be a unique user id. Any kind of information can be stored in cookies but there is certain information that most cookies use:
NAME=VALUE is always used to identify the user. It assigns a unique identification number to each user so that the site can identify which settings belong to which users.
EXPIRES=DATE is used to set the life time of the cookie. It can be set for one session only, a week, year or indefinetly.
DOMAIN=DOMAIN_NAME this is set so that the browser can identify which cookie belongs to which sites. Sites can only access cookies with the same domain. Domains must contain two dots. For example .com is not acceptable since it does not have two dots, amazon.com would be acceptable, and any site that contains .amazon.com would access that cookie.
Interaction
Cookies are created by sites that users visit. When a user visits a website they first enter a URL into a browser. The browser then searches for any cookies that the corresponding website has set. If it finds a cookie for that website it then sends the request for the page to the sever along with the cookie. If no cookie is found the request for the page is sent without a cookie. The server then sends the request back to the browser for viewing. If the sever does not recieve a cookie the site knows that this is a first time viewer to the site and creates a cookie which is sends back to the user to store on the hard drive for future use. If a cookie is send the site will take the information in the cookie (usually a login) and applies it to the site.
Problems & Misconseptoins
Personal Information
Although cookies cannot search your computer for personal information cookies can store personal informtation that you give to a site. This can cause some confidentiality issues that will be examined below.
Common Machines
Cookies are stored on a specific computer, any user that uses that computer will have access to those cookies. If you user purchases something online and enters a credit card number for the purchase, that site may kepe that information for future use. Since multiple peopel have access to this computer the next person could gain access to that credit card number through the cookie. To avoid this problem refrain from entering personal information on public ocmptuers and if you must clear the history and cache of the computer after use.
Cookie Hijacking
Cookie Hijacking comes when someone is monitoring the transmission of data between a browser and server. If you are sending personal information over the internet via cookies and someone is collecting the transmission, an attacker could gain access to confidential information. Although this is not a fault with cookies it is a reality when using cookies that contain sesitive informaotin. To avoid this, only enter peronsal information to sites that use a secure connection.
Conclusion
Internet Cookies are surrounded by a common misconception that cookies have a singular purpose of collection personal data for devious purposes. Although cookies can present a security risk, if used properly and with caution that risk is marginal compared to the benifits that cookies provide.
See Also
Anti-spam systems and techniques
References
http://computer.howstuffworks.com/cookie.htm
http://en.wikipedia.org/wiki/HTTP_cookie#Inaccurate_identification
http://computer.howstuffworks.com/cookie1.htm
http://www.webopedia.com/DidYouKnow/Internet/2002/Cookies.asp