Monday 2 April 2007

Cookies

Cookies have become perhaps the most widely-recognized privacy risk, receiving a great deal of attention. Although HTML-writers most commonly use cookies for legitimate, desirable purposes, cases of abuse can and do occur.

An HTTP cookie consists of a piece of information stored on a user's computer to add statefulness to web-browsing. Systems do not generally make the user explicitly aware of the storing of a cookie. (Although some users object to that, it does not properly relate to Internet privacy, although it does have implications for computer privacy, and specifically for computer forensics).

The original developers of cookies intended that only the website that originally sent them would retrieve them, therefore giving back only data already possessed by the website. However, in actual practice programmers can circumvent this intended restriction. Possible consequences include:

  • the possible placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or,
  • possible use in some circumstances of cross-site scripting or of other techniques to steal information from a user's cookies.
Many users choose to disable cookies in their web browsers. This eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) have an option to have the system clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper application (for example, PrivacyView) that will redirect cookies and cache data to some other location. The Private Internet Browsing feature found in the CryptoStick Software Suite redirects all Internet Explorer information to a USB flash memory device. This prevents the storing of browsing information on the actual computer: the information goes off-system when the user removes the USB flash memory device from the computer.

http://en.wikipedia.org/wiki/Internet_privacy



digg delicious furl google ma.gnolia reddit Technorati yahoo Squidoo

1 comment:

PrivacyView Software said...

Excellent article. Special thanks for the mention!

20 April 2007 at 11:53

Post a Comment

Subscribe to: Post Comments (Atom)