HTTP Cookies: Standards, privacy, and politics

@article{Kristol2001HTTPCS,
  title={HTTP Cookies: Standards, privacy, and politics},
  author={David M. Kristol},
  journal={ACM Trans. Internet Techn.},
  year={2001},
  volume={1},
  pages={151-198}
}
  • D. Kristol
  • Published 9 May 2001
  • Computer Science
  • ACM Trans. Internet Techn.
How did we get from a world where cookies were something you ate and where "nontechies" were unaware of "Netscape cookies" to a world where cookies are a hot-button privacy issue for many computer users? This article describes how HTTP "cookies" work and how Netscape's original specification evolved into an IETF Proposed Standard. I also offer a personal perspective on how what began as a straightforward technical specification turned into a political flashpoint when it tried to address… 
Cookies: a legacy of controversy
Abstract Cookies are a legacy of the early commercial web. Developed and deployed by Netscape in 1994, debated by developers since 1995, and subject to political scrutiny since 1998, cookies have
Cookies and Sessions: A Study of What They Are, How They Work and How They Can Be Stolen
TLDR
What a cookie is, how they work and how a cookie may be stolen from an end user to gain illegitimate access to accounts are discussed.
Cookies and Sessions: A Study of what they are, how they can be Stolen and a Discussion on Security
TLDR
What session hijacking is, and a lab was constructed to test and show how a cookie can be stolen and replayed to gain authenticated access, and various countermeasures for common attacks and tools checking for authentication cookies vulnerabilities are presented.
Whose Hands Are in the Finnish Cookie Jar?
TLDR
The exploratory results reveal some similarities and interesting differences between the Finnish and the global web---in particular, popular Finnish web sites are mostly owned by media companies, which have established their distinct partnerships with online advertisement companies.
Web Cookies: Is There a Trade-off Between Website Efficiency and User Privacy?
TLDR
The trade-off between security and performance of websites portrayed in the literature is illusory and is mainly due to the lack of information about cookies by users, and there is a paradox: although most users feel insecure, they eventually accept cookies to simplify their online browsing.
Virginia Tech Privacy on the Web : Facts , Challenges , and Solutions 40
T he Web has spurred an information revolution, even reaching sectors left untouched by the personal computing boom of the 80s. It made information ubiquity a reality for sizeable segments of the
Bittersweet cookies. Some security and privacy considerations
  • 2011
Cookies have emerged as one of the most convenient solutions to keep track of browser – server interaction. Nevertheless, they continue to raise both security and privacy concerns due to their
Some security and privacy considerations
  • 2011
Cookies have emerged as one of the most convenient solutions to keep track of browser – server interaction. Nevertheless, they continue to raise both security and privacy concerns due to their
Cookies on-the-move: managing cookies on a smart card
  • A. Chan
  • Computer Science
    SAC '04
  • 2004
TLDR
The article presents the development of the CookiesCard proxy that directly interacts with the smart card to provide cookies management, while acting as an intermediatary between the client browser and a web server.
Privacy, Security Of Cookies In HTTP Transmission
TLDR
This paper proposes a new mechanism which helps to encrypt the cookies and protect them from possible threats, and shows high possibilities of that cookies can be manipulated.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 43 REFERENCES
Use of HTTP State Management
TLDR
This memo identifies specific uses of Hypertext Transfer Protocol (HTTP) State Management protocol which are either not recommended by the IETF, or believed to be harmful, and discouraged.
HTTP State Management Mechanism
TLDR
Three new headers are described, Cookie, Cookie2, and Set-Cookie2, which carry state information between participating origin servers and user agents, which can interoperate with HTTP/1.0 user agents that use Netscape's method.
Database Nation
Fifty years ago, in 1984, George Orwell imagined a future in which privacy was demolished by a totalitarian state that used spies, video surveillance, historical revisionism, and control over the
Hypertext Transfer Protocol - HTTP/1.1
TLDR
The Hypertext Transfer Protocol is an application-level protocol for distributed, collaborative, hypermedia information systems, which can be used for many tasks beyond its use for hypertext through extension of its request methods, error codes and headers.
The New Hacker's Dictionary
TLDR
This new edition of the hacker's own phenomenally successful lexicon includes more than 100 new entries and updates or revises 200 more and supplies additional background on existing entries and clarifies the murky origins of several important jargon terms.
Instructions to RFC Authors
This Request for Comments (RFC) provides information about the preparation of RFCs, and certain policies relating to the publication of RFCs. This memo provides information for the Internet
Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
(1) Whereas the objectives of the Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering
Private communication
vii
Proposed HTTP State-Info Mechanism
  • draft-kristol-http-state-info-
  • 1995
WEBSIDESTORY
  • 2001. Cookie rejection less than 1 percent on the Web, according to WebSideStory.
  • 2000
...
1
2
3
4
5
...