Abstract
How did we get from a world where cookies were something you ate and where "nontechies" were unaware of "Netscape cookies" to a world where cookies are a hot-button privacy issue for many computer users? This article describes how HTTP "cookies" work and how Netscape's original specification evolved into an IETF Proposed Standard. I also offer a personal perspective on how what began as a straightforward technical specification turned into a political flashpoint when it tried to address nontechnical issues such as privacy.
- CRANOR, L. 2001. private communication.]]Google Scholar
- CRANOR,L.F.AND REIGLE, J., JR. 1998. Designing a social protocol: Lessons learned from the Platform for Privacy Preferences Project. http://www.research.att.com/ >>lorrie/pubs/ dsp/dsp.html.]]Google Scholar
- EU. 1995. Directive 95/46/EC of the European Parliament and the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such data. http://europa.eu.-int/eur-lex/eu/lif/dat/1995/eu 3951 0046.html.]]Google Scholar
- FIELDING, R., MOGUL, J., FRYSTYK, H., MASINTER, L., LEACH,P.,AND BERNERS-LEE, T. 1999. Hypertext Transfer Protocol-HTTP/1.1. Tech. Rep. RFC 2616 (June), IETF. http://www. ietf.org/rfc/rfc2616.txt.]] Google Scholar
- FTC. 1996. Public workshop on consumer privacy on the global information infrastructure. http://www.ftc.gov/bcp/privacy/wkshp96/frdoc.htm.]]Google Scholar
- FTC. 1997. Consumer information privacy workshop. http://www.ftc.gov/bcp/privacy/ wkshp97/.]]Google Scholar
- GARFINKEL, S. 2000. Database Nation. O'Reilly & Associates, Inc.]]Google Scholar
- HARTLEY, P. F. 1997. Comments of Netscape concerning consumer on-line privacy-P954807. http://www.ftc.gov/bcp/privacy/wkshp97/comments2/netsc067.htm.]]Google Scholar
- http-wg. HTTP-WG mailing list archive. http://www.ics.uci.edu/pub/ietf/http/hypermail/.]]Google Scholar
- KAPLAN, C. S. 2001. Kafkaesque? Big brother? Finding the right literary metaphor for net privacy. New York Times. http://www.nytimes.com/2001/02/02/technology/02CYBERLAW. html.]]Google Scholar
- KRISTOL, D. M. 2001. HTTP cookies: Standards, privacy, and politics. An extended version of this article. ACM Digital Libr. URL.]]Google Scholar
- KRISTOL,D.M.AND MONTULLI, L. 1997. HTTP state management mechanism. Tech. Rep. RFC 2109 (Feb.), IETF. http://www.ietf.org/rfc/rfc2109.txt.]] Google Scholar
- KRISTOL,D.M.AND MONTULLI, L. 2000. HTTP state management mechanism. Tech. Rep. RFC 2965 (Oct.), IETF. http://www.ietf.org/rfc/rfc2965.txt.]] Google Scholar
- LEWIN, B. 2000. Governing trust. http://207.87.15.232/issues/Issue371/item9225.asp.]]Google Scholar
- MONTULLI, L. 2001. Private communication.]]Google Scholar
- MOORE,K.AND FREED, N. 2000. Use of HTTP state management. Tech. Rep. RFC 2964 (Oct.), IETF. http://www.ietf.org/rfc/rfc2964.txt.]] Google Scholar
- NEW YORK TIMES. 2001. Senator raises privacy as Federal Web site issue. http://www.nytimes. com/2001/04/17/technology/17PRIV.html.]]Google Scholar
- NS. undated. Netscape Communications Corporation. Persistent Client State HTTP Cookies. http://www.netscape.com/newsref/std/cookie spec.html.]]Google Scholar
- P3P. 2001. P3P public overview. http://www.w3.org/P3P/Overview.html.]]Google Scholar
- PF. 2000. The top 10 privacy stories of 2000. http://www.privacyfoundation.org/release/ top10.html.]]Google Scholar
- PICS. 2000. Platform for internet content selection (PICS). http://www.w3.org/PICS/.]]Google Scholar
- POSTEL, J. 1993. Instructions to RFC authors. Tech. Rep. RFC 1543 (Oct.), IETF. http://www.ietf.org/rfc/rfc1543.txt.]] Google Scholar
- POSTEL,J.AND REYNOLDS, J. K. 1997. Instructions to RFC authors. Tech. Rep. RFC 2223 (Oct.), IETF. http://www.ietf.org/rfc/rfc2223.txt.]] Google Scholar
- RAYMOND, E. S. 1996. The New Hacker's Dictionary (3 ed.). MIT Press. http://www.eps.mcgill. ca/jargon/html/entry/magic-cookie.html.]] Google Scholar
- S.2606. 2000. Consumer Privacy Protection Act, S.2606. http://frwebgate.access.gpo.gov/ cgibin/getdoc.cgi?dbname=106 cong bills&docid=f:s2606is.txt.pdf.]]Google Scholar
- SMITH, R. 2001. Invasion of the web bugs. http://www.privacyfoundation.org/commentary/ tipsheet.asp?id=34&action=0.]]Google Scholar
- STATE. http-STATE mailing list archive. http://www.bell-labs.com/mailing-lists/http-state/archive. html for April 1997 through March 2000 and http://lists.bell-labs.com/pipermail/http-state/after April 2000.]]Google Scholar
- WEBSIDESTORY. 2001. Cookie rejection less than 1 percent on the Web, according to WebSideStory. http://www.websidestory.com/cgi-bin/wss.cgi?corporate&news&press 2 124.]]Google Scholar
- Wired. 2000. Dead site? There goes privacy. http://www.wired.com/news/business/0,1367, 37354,00.html.]]Google Scholar
- WP17. 1999. Recommendation 1/99 on invisible and automatic processing of personal data on the internet performed by software and hardware. Tech. Rep. (Feb.), European Union Work-ing Party on the Protection of Individuals with regard to the Processing of Personal Data. http://europa.eu.int/comm/internal market/en/media/dataprot/wpdocs/wp17en.htm.]]Google Scholar
- www-talk. WWW-TALK mailing list archive. http://www.webhistory.org/www.lists/ for 1991- 1995, http://lists.w3.org/Archives/Public/www-talk/ for 1995-2001.]]Google Scholar
Index Terms
- HTTP Cookies: Standards, privacy, and politics
Recommendations
Cookies and Web browser design: toward realizing informed consent online
CHI '01: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsWe first provide criteria for assessing informed consent online. Then we examine how cookie technology and Web browser designs have responded to concerns about informed consent. Specifically, we document relevant design changes in Netscape Navigator and ...
An examination of user perception and misconception of internet cookies
CHI EA '06: CHI '06 Extended Abstracts on Human Factors in Computing SystemsProper cookie management methods have long been the source of frustration to consumers and researchers alike. A primary reason for this challenge is the ability for cookies to be both beneficial and malicious. Because of this duality, a subjective ...
Cookies That Give You Away: The Surveillance Implications of Web Tracking
WWW '15: Proceedings of the 24th International Conference on World Wide WebWe study the ability of a passive eavesdropper to leverage "third-party" HTTP tracking cookies for mass surveillance. If two web pages embed the same tracker which tags the browser with a unique cookie, then the adversary can link visits to those pages ...
Comments