A cookie is a piece of data from a website that is stored within a web browser that the website can retrieve at a later time. Cookies are used to tell the server that users have returned to a particular website. When users return to a website, a cookie provides information and allows the site to display selected settings and targeted content.
Cookies also store information such as shopping cart contents, registration or login credentials, and user preferences. This is done so that when users revisit sites, any information that was provided in a previous session or any set preferences can be easily retrieved.
Advertisers use cookies to track user activity across sites so they can better target ads. While this particular practice is usually offered to provide a more personalized user experience, some people also view this as a privacy concern.
History
The cookie wascreated in 1994 by Lou Montulliof Netscape Communications to create a more seamless experience for people making commercial transactions online. The term "cookie" was derived from an earlier programming term, "magic cookie," which was a packet of data programs that kept data unchanged even after being sent and received several times.
Type of Cookies
Session cookie
Session cookies are also known as transient cookies or per-session cookies. Session cookies store information while the user is visiting the website. These cookies are deleted once the user closes the session.
Persistent cookie
Persistent cookies are stored for a specific length of time. These cookies remain on your device until they expire or are deleted. Persistent cookies are sometimes called tracking cookies because they are used to collect user information such as browsing habits and preferences.
First-party and third-party cookies
First-party cookies are cookies set by websites that users directly visit. These cookies often store information that is relevant or related to the site, such as preferred settings or user location.
Third-party cookies are cookies that come alongside third-party content, such as embedded videos, ads, web banners, and scripts, on a visited website that users visit. Advertisers often use third-party cookies to track user behavior.
Supercookie
Supercookies are similar to session cookies in that they also track user behavior and browsing history. However, they also have theability to re-create user profiles, even after regular cookies have been deleted. Supercookies are also stored in different places than standard cookies. This makes detecting and removing them more difficult for the average user. Supercookies are sometimes called "zombie cookies" or "evercookies."
Flash cookie
Flash cookies or "local shared objects" [LSOs] are data files that are stored on computers by websites that use Adobe® Flash®. Like browser cookies, Flash cookies can store user information in Flash applications. Flash cookies are sometimes used by sites as "backup"once the browser cookie is deleted.
Security and privacy risks
While cookies cannot carry or install malware onto computers, they can be exploited by cybercriminals for their malicious schemes. Notable cases are listed below:
- In November 2010, the Koobface worm was observed searching for cookies related to Facebook and using the stolen credentials to log in to victims’ accounts.
- In May 2011, an Internet Explorer® zero-day bug was exploited to hijack session cookies using social engineering tactics.
- In July 2011, an attack on numerous e-commerce websites used a malware that searches for internet caches, cookies, and browsing histories in order to steal login credentials and other data.
Cookies have long been viewed as having serious implications with user privacy. In 1996 and 1997, cookies were the topic of the US Federal Trade Commission hearings. The Internet Engineering Task Force [IETF] formed a special working group to address the specifications of cookies. In February 1997, the IETFspecifiedthat third-party cookies were not allowed, or at least enabled by default. This recommendation wassupersededin October 2000. Thenewer standardin 2011 allows the use of third-party cookies, but users can choose to not accept them.
Other efforts to address possible privacy issues include the "Do Not Track [DNT]" header mechanism for browsers. Once enabled, the DNT header will notify that users do not want to be tracked and that any tracking or cross-site user tracking must be disabled. Mozilla Firefox® was the first browser to implement the feature, followed by Internet Explorer, Safari®, Opera, and Google Chrome™.
What should users do?
- Tweak built-in browser settings to delete and manage cookies, or enable third-party cookie blocking.
- Opt not to use cookies in websites (though this can limit functionality)
Related terms: Cache
Links:
http://blog.trendmicro.com/cookies-not-just-for-dessert/
http://www.nytimes.com/2001/09/04/technology/04COOK.html
http://www.nytimes.com/2010/09/21/technology/21cookie.html?_r=3&
http://blog.trendmicro.com/customized-malware-attacks-becoming-widespread/
Products : Trend Micro Browser Guard
With my expertise in web technologies and cybersecurity, I've delved deeply into the intricate world of cookies, their functionality, implications, and the evolving landscape of privacy concerns. Let's dissect this article piece by piece:
Cookies 101:
- Definition: Cookies are small pieces of data stored in a web browser by websites. They allow sites to remember user preferences, settings, login information, and track user activity for various purposes.
- Purpose: Cookies help websites recognize returning users and personalize their experience.
- Key Functions: Storing settings, user preferences, shopping cart contents, and login credentials.
- Advertiser Use: Tracking user activity across sites to deliver targeted ads.
History of Cookies:
- Origin: Created in 1994 by Lou Montulli of Netscape Communications to streamline online commercial transactions.
- Evolution: Term derived from "magic cookie," a data packet that retained its information through transmissions.
Types of Cookies:
- Session Cookies: Temporary cookies active during a user's session and deleted when the session ends.
- Persistent Cookies: Remain stored for a specific duration or until manually deleted. Used for tracking and collecting user information.
First-Party vs. Third-Party Cookies:
- First-Party Cookies: Set by visited websites to store relevant information.
- Third-Party Cookies: Associated with third-party content like ads or embedded videos on visited sites. Used extensively by advertisers to track user behavior.
Supercookies and Flash Cookies:
- Supercookies: Advanced tracking cookies capable of recreating user profiles even after standard cookies are deleted. They're stored in different places, making removal challenging.
- Flash Cookies (LSOs): Data files stored by Adobe Flash, serving as backups when browser cookies are deleted.
Security Risks and Notable Cases:
- Exploitation: While cookies themselves can't install malware, they've been exploited for cybercrime.
- Examples: Koobface worm targeting Facebook cookies, hijacking session cookies through browser vulnerabilities, and attacks on e-commerce sites stealing login credentials.
Privacy Concerns and Regulation:
- Regulatory Responses: Federal Trade Commission hearings in the late 1990s, IETF working groups specifying cookie standards, with revisions allowing third-party cookies.
- Privacy Efforts: Implementation of "Do Not Track (DNT)" header mechanism by browsers to signal a user's preference not to be tracked.
User Recommendations:
- Browser Settings: Adjust settings to manage or delete cookies, including blocking third-party cookies.
- Awareness: Understand the impact of disabling cookies, as it might limit website functionality.
This comprehensive understanding of cookies stems from a variety of reputable sources like the New York Times articles and Trend Micro blogs, consolidating insights into the evolving landscape of cookies, their uses, risks, and mitigations. For instance, Trend Micro's Browser Guard product likely offers protection against cookie-related security threats.
Understanding the nuances of cookies requires not just theoretical knowledge but also awareness of real-world exploits, regulatory developments, and the evolving mechanisms employed by both legitimate entities and malicious actors on the web.
