[Previous] [Next] [Index] [Thread]

Re: Cookie?

> From owner-www-security@ns2.rutgers.edu  Thu Jul 11 05:46:19 1996
> Date: Wed, 10 Jul 1996 13:28:45 -0700
> From: "John C. Pavao" <pavaojc@rixix.sod.eds.com>
> Organization: EDS Rhode Island Title XIX
> To: www-security@ns2.rutgers.edu
> Subject: Cookie?
> 
> I apologize if this is redundant, but I think I must have missed the very 
> beginning of the "cookie" thread.  Could someone please just reiterate 
> what the function of the cookie is and how it works?  I understand that 
> the server and the browser are trading information about usage, but I 
> don't know the specifics.  In other words, what is the main reason for 
> concern?

The intended purpose of cookies is to allow web servers to save "state"
information between HTTP connections on the client user's computer,
thus supporting applications which require continuity from one
connection to the next (e.g., "shopping basket" applications, custom
views based on user preferences, etc.)

Different people have expressed different concerns.  For me the most
compelling concerns are privacy issues.  By using cookies to track
users' browsing habits across multiple connections (and especially by
pooling cookies from multiple websites as in the DoubleClick scheme),
detailed profiles of individual users can be developed.  Using the
current norm for web browsers' handling of cookies, Netscape Navigator,
users could easily reveal a great deal more about themselves than
intended while thinking that they were engaged in distinct and mostly
anonymous transactions.

Some references:

	Netscape preliminary cookie specification
	http://www.netscape.com/newsref/std/cookie_spec.htm

	DoubleClick and its pooling of cookies by advertisers
	http://www.doubleclick.net/
	http://www.doubleclick.net/advertising/howads.htm

-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Opinions expressed are not necessarily those of my employer.
References: