Stefanus Prayitno Photography

Cookies

Cookies are tools which are sometimes used for user-tracking, a common concern in the field of privacy. As a result, some types of cookies are classified as a tracking cookie. Although HTML-writers most commonly use cookies for legitimate purposes, cases of abuse can and do occur.

An HTTP cookie consists of a piece of information stored on a user's computer to add statefulness to web-browsing. Systems do not generally make the user explicitly aware of the storing of a cookie. (Although some users object to that, it does not properly relate to Internet privacy. It does however have implications for computer privacy, and specifically for computer forensics).

The original developers of cookies intended that only the website that originally distributed cookies to users could retrieve them, therefore returning only data already possessed by the website. However, in practice programmers can circumvent this restriction. Possible consequences include:

• the placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or,
• use of cross-site scripting or other techniques to steal information from a user's cookies.

Some users choose to disable cookies in their web browsers - as of 2000 a Pew survey estimated the proportion of users at 4%^[1]. Such an action eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location.

The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual.

Governments and organizations may set up honeypot websites - featuring controversial topics - with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.

We do all we can not to abuse cookies. We are not cookie-monsters .