Abstract: Internet cookies have been around for a few years now, and have become quite widespread in usage. However, their use has attracted criticism from some privacy experts. They claim that cookies give a web site's administrator power to monitor an internet user's travel through the internet - a blatant infraction into the anonymity on the internet. What is being done to counter this claim is also discussed.
A cookie is a small text file placed by a Web server on a client's browser for identification purposes. This small text file (usually less than 1K in size) can contain information to identify a user to the Web server.1 The cookie is given during the first ...view middle of the document...
6 This turns out to be only a minor threat since cookies are available only to the webmaster of the Web site that set the cookies in the first place.3 And as is the case, cookies are mostly comprised of identity information which can only be understood by the Web server which set them.7 What is at issue, however, is how Web companies can monitor, or 'track' where a user goes while on the internet. Web site tracking is useful because it allows webmasters to view how a user moves around its site, and based on this information to improve the Web site. It can also be used, and is more often used, for targeted marketing. By seeing an advertisement on a web site, a marketing company can monitor the web site's user visits, and thus target advertisements to that user's interests.8
Cookies - A Brief History and Objective
The hypertext transfer protocol (HTTP) is a stateless mechanism of file transfer. When a client requests a Web page, a connection is made with the Web server. Once the Web server transfers the file (one connection is made for each file - be it a web page or an image), the connection between the client and the server is lost. If the same client requests another Web page, a new request is made and the Web server treats the client as one never seen before. The cookie protocol was invented to overcome stateless HTTP. Using cookies, a Web server can recognize that the client has already been serviced, and based on this information can determine how to service it further.10
The word 'cookie' was chosen by Netscape Communications Corp. for what Netscape claims as "no compelling reason."11 However, the word 'cookie' was previously used as a name for an access control mechanism under X Window System. Under this system, which was released in 1991, a variable called MIT-MAGIC-COOKIE-1 was used to store "shared plain-text 'cookies'".12 Cookies as we know them today, however, did not enter into the internet vocabulary until 1995 when its protocol was set for patenting by Lou Montulli of Netscape Communications Corp.13 And although cookies were supposedly supported under Netscape browser version 1.0, they began to be documented and used in Netscape browser version 2.0 and later.14
According to Netscape's specification, cookies are:
"a general mechanism which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection. The addition of a simple, persistent, client-side state significantly extends the capabilities of Web-based client/server applications."15