Cookies by xuyuzhu


									Cookies and Internet Privacy
          What are cookies?
• It is a small piece of information sent by a
  web server to store on a web browser so it
  can later be used for future access
• It is useful for having the browser
  remember some specific information, such
  as your passwords, user ID, preferences of
  start pages and even credit numbers that
  have been supplied via forms
• Cookie files are small
    Original Concept of Cookies

• as originally designed, cookies were to be of
  benefit to the user. It is intended to be a time-
  saving device for computer users.
   – Some online organizations that require user ID and
     passwords and store these information in the form of a
     cookie. This way, repeat visitors to a site could avoid
     having to fill out form information on each visit.
   – Others use cookies to remember” users and them
     customized news and services based on their prior use.
      What are cookies used for?
•   Online Ordering Systems
•   Site Personalization
•   Website Tracking
•   Targeted Marketing
     Online Ordering Systems
• could be developed using cookies that
  would remember what a person wants to
  buy, this way if a person spends spends a
  long period of time ordering something and
  suddenly has to get off the net they could
  quit the browser and come back later and
  still have those items in the shopping cart.
         Site Personalization
• This is one of the most beneficial uses
• example: if you come to the news site but
  don’t want to see any sports news. They
  allow you to select this as an option. From
  then on until the cookie expires, you
  wouldn’t see sports news.
           Website Tracking
• website designers can use cookies to see
  what interests the visitors, they will use site
  tracking to show them places in their
  website that visitors go to.
• Many people think this is an invasion of
           Target Marketing
• is probably one of the main uses of cookies
• cookies can be used to build up a profile of
  where you go, what adverts you click on,
  etc. and this information is then used to
  target adverts at you.
       How do cookies work?
• A command line in the HTML of a
  document tell the browser to set a cookie of
  a certain name or value.
• Cookies are usually run from CGI scripts,
  but they can also be set or read by
• Example:
 Set-Cookie: Name=Value; expires=date;
  path=Path; domain=Domain_name; secure
      What does a cookies look like?
• The layout of Netscape’s cookie.txt file is such that each
  line contains one name-value pair. Example: TRUE / FALSE 946684799 NETSCAPE_ID
• from left to right, each field represents:
   – domain - the domain that created and that can read the variable
   – flag - TRUE/FALSE value indicating if all machines within a
     given domain can access the variable
   – path - the path within the domain that the variable is valid for
   – secure - TRUE/FALSE value indicating if a secure connection
     with the domain is needed to access the variable
   – Unix time measured in sec from Jan 1, 1970
   – name - name of the variable
   – value - value of the variable
Concerning issues about cookies
• security
• user privacy
• the potential for abuse
• HTTP Cookie cannot be used to
  – get data from your hard drive
  – get your email address
  – steal sensitive information about you
• Early versions of Java and JavaScript could
  do these, but not anymore
   User privacy and potential for abuse

• HTTP Cookie can be used to track where you travel over a
  particular site, each click on a page or advertisement in a
  website is added to the profile maintained by the
• So far, this information is primarily used for website
  design and the placement of banner advertisements
• but, there exists the possibility that these profiles will be
  sold and resold to other commercial interests, or even to
  special-interest groups
        Can I delete cookies?
• The answer is Yes
• Whether you use Netscape or MSIE, your
  cookies are saved to a simple text file that
  you can delete - REMEMBER TO CLOSE
• deleting your cookie file entirely will cause
  you to start over with every web site you
  usually visit.
        Can I reject cookies?
• The answer is Yes
• In Netscape 4.0+, go to
  Edit/Preference/Advanced and you will see
  the choices.
• In MSIE 4.0+, go to View/Internet
  Options/Advanced and make the selection
           Future of Cookies
• Given the controversy associated with
  cookies, the ability of recent browser
  options to refuse accepting cookies, and the
  growing number of anti-cookies software,
  cookies may be becoming obsolete.
• Two new systems have been proposed:
  – the Open Profiling Standard (OPS)
  – Platform for Privacy Preferences (P3P)
  Open Profiling Standard (OPS)
• is co-authored by Netscape, Firefly, and VeriSign
• is a system of collecting user information on a
  strictly voluntary basis
• would allow computer users to create their own
  profiles, including their names, e-mail addresses,
  hobbies, interests, and etc.
• OPSs main purpose is to protect user privacy
  while still allowing for the individualized Internet
  advertising that cookies are designed for.
• Its main drawback is that it fails to identify the
  privacy practices of the online service or Web site.
Platform for Privacy Preferences
• The goal of P3P is to enable Web sites to
  express their privacy practices and enable
  users to exercise preferences over those
• P3P products will allow users:
  – to be informed of site practices
  – to delegate decisions to their computer when
  – to tailor their relationship to specific sites
                P3P vs OPS
• while P3P and OPS are somewhat similar, the
  focus and originating requirement of each
  technology is different.
• OPS’s focus was on the secure storage, transport,
  and control of user data
• P3P was initially focussed on enabling the
  expression of privacy practices and preferences,
  but “data-exchange” is also relevant.
• OPS has been integrated with P3P project.
How to protect your online privacy?
1) Do not reveal personal information inadvertently
2) Turn on cookie notices in your browser, and/or
   use cookie management software on
3) Keep a “clean” e-mail address
4) Don’t reveal personal details to strangers or just-
   met “friends”
5) Realize you may be monitored at work, avoid
   sending highly personal e-mail to mailing lists,
   and keep sensitive files on your home computer
6) Beware sites that offer some sort of reward or
   prize in exchange for your contact or other
How to protect your online privacy?
7) Do not reply to spammers, for any reasons
8) Be conscious of Web security
9) Be conscious of home computer security
10) Examine privacy policies and seals
11) Remember that YOU decide what
  information about yourself to reveal, when,
  why and to whom
12) Use encryption

To top