HTTP Cookies: Standards, privacy, and politics

@article{Kristol2001HTTPCS,
  title={HTTP Cookies: Standards, privacy, and politics},
  author={David M. Kristol},
  journal={ACM Trans. Internet Techn.},
  year={2001},
  volume={1},
  pages={151-198}
}
  • D. Kristol
  • Published 9 May 2001
  • Computer Science
  • ACM Trans. Internet Techn.
How did we get from a world where cookies were something you ate and where "nontechies" were unaware of "Netscape cookies" to a world where cookies are a hot-button privacy issue for many computer users? This article describes how HTTP "cookies" work and how Netscape's original specification evolved into an IETF Proposed Standard. I also offer a personal perspective on how what began as a straightforward technical specification turned into a political flashpoint when it tried to address… 

Tables from this paper

Cookies: a legacy of controversy

Abstract Cookies are a legacy of the early commercial web. Developed and deployed by Netscape in 1994, debated by developers since 1995, and subject to political scrutiny since 1998, cookies have

Cookies and Sessions: A Study of What They Are, How They Work and How They Can Be Stolen

What a cookie is, how they work and how a cookie may be stolen from an end user to gain illegitimate access to accounts are discussed.

Whose Hands Are in the Finnish Cookie Jar?

The exploratory results reveal some similarities and interesting differences between the Finnish and the global web---in particular, popular Finnish web sites are mostly owned by media companies, which have established their distinct partnerships with online advertisement companies.

Web Cookies: Is There a Trade-off Between Website Efficiency and User Privacy?

The trade-off between security and performance of websites portrayed in the literature is illusory and is mainly due to the lack of information about cookies by users, and there is a paradox: although most users feel insecure, they eventually accept cookies to simplify their online browsing.

Virginia Tech Privacy on the Web : Facts , Challenges , and Solutions 40

This article focuses on Web privacy from users' perspectives, surveying the issue of Web privacy and investigating the main sources of privacy violations on the Web, and aims to form a comprehensive picture of the Web privacy problem and its solutions.

Bittersweet cookies. Some security and privacy considerations

  • Computer Science
  • 2011
The new types of cookies now being deployed in the online environment; these new cookies do not have enough exposure to demonstrate how they are being used and, as such, their security and privacy implications are not easily quantifiable.

Some security and privacy considerations

  • Computer Science
  • 2011
The new types of cookies now being deployed in the online environment; these new cookies do not have enough exposure to demonstrate how they are being used and, as such, their security and privacy implications are not easily quantifiable.

Cookies on-the-move: managing cookies on a smart card

The article presents the development of the CookiesCard proxy that directly interacts with the smart card to provide cookies management, while acting as an intermediatary between the client browser and a web server.

Privacy, Security Of Cookies In HTTP Transmission

This paper proposes a new mechanism which helps to encrypt the cookies and protect them from possible threats, and shows high possibilities of that cookies can be manipulated.

The platform for privacy preference as a social protocol: An examination within the U.S. policy context

An examination of the privacy model underlying P3P, the U.S. political context regarding privacy, and the technical components of the protocol is presented with an eye towards distilling lessons for developers of future social protocols.
...

References

SHOWING 1-10 OF 49 REFERENCES

Use of HTTP State Management

This memo identifies specific uses of Hypertext Transfer Protocol (HTTP) State Management protocol which are either not recommended by the IETF, or believed to be harmful, and discouraged.

HTTP State Management Mechanism

Three new headers are described, Cookie, Cookie2, and Set-Cookie2, which carry state information between participating origin servers and user agents, which can interoperate with HTTP/1.0 user agents that use Netscape's method.

Database Nation

Fifty years ago, in 1984, George Orwell imagined a future in which privacy was demolished by a totalitarian state that used spies, video surveillance, historical revisionism, and control over the

Hypertext Transfer Protocol - HTTP/1.0

The Hypertext Transfer Protocol is an application-level protocol for distributed, collaborative, hypermedia information systems, which can be used for many tasks beyond its use for hypertext through extension of its request methods, error codes and headers.

The New Hacker's Dictionary

This new edition of the hacker's own phenomenally successful lexicon includes more than 100 new entries and updates or revises 200 more and supplies additional background on existing entries and clarifies the murky origins of several important jargon terms.

Instructions to RFC Authors

This Request for Comments (RFC) provides information about the preparation of RFCs, and certain policies relating to the publication of RFCs. This memo provides information for the Internet

Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

(1) Whereas the objectives of the Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering

Private communication

vii

Proposed HTTP State-Info Mechanism. draft-kristol-http-state-info-01

  • 1995

WEBSIDESTORY

  • 2001. Cookie rejection less than 1 percent on the Web, according to WebSideStory.
  • 2000