Online Security - Cookies

The main ingredients of a cookie are usually simple strings of text. The nature of this text is to open a dialogue between
your web browser and the website that you’re visiting.

A cookie is created by a website and sent to your computer so the next time you visit that site, it knows what to do and how to act.

Examples of helpful cookies:

Three common examples of cookies encountered day-to-day:

  • Remembering your username for a site so it’s already entered every time you visit
  • Your selected preferences for personalization on your favorite websites (such as your zip code for a website with your weather forecast)
  • Product information stored in your shopping cart on e-commerce websites

It’s hardly the kind of information that would allow somebody to break into the high security vault for your Swiss bank account. More on privacy later.

Other usage of cookies:
Cookies can be used in other ways as well. Have you ever had an advertisement seem to follow you across the web, with ads for the same company appearing on site after site?

  • A website can use cookies to track your usage of the site, determining which pages you visited and the length of time you spent on each page
  • Third-party cookies are generally used by advertisers to track you across multiple sites, thereby building up a “profile” of who you are based on your web browsing habits

Just like the ones you’d find on a trip to your favorite local bakery, Internet cookies come in a variety of different flavors. Let’s take a quick overview of two different types that exist in addition to the plain old web cookies we covered above.


Flash Cookies
Flash Cookies, also known as Local Shared Objects (LSO’s), take their name from the fact that they work in a similar manner to regular web cookies. They’re used in conjunction with Adobe’s Flash Player, which is used to play videos on YouTube, for website animations, and to power Flash games such as the popular Desktop Tower Defense. Flash cookies can also be used by advertisers in a similar was to the third-party cookies mentioned above. The only difference is that they need to be deleted in a different way.

Evercookie

Despite sounding like a good idea (who wouldn’t want an unlimited supply of cookies?!), Evercookie serves a more nefarious purpose. Evercookie is an Application Programming Interface (API) that allows developers to create a type of cookie that’s nearly impossible to delete. By storing the cookie data using 13 different methods (including hiding the cookie data in a small image file), the original cookie can be recreated if at least one of those pieces of data remains present on the system. The nature of an Evercookie to actively resist deletion has earned it the nickname of “the zombie cookie” and has repeatedly been cited by online privacy advocates as a cause for concern.

What other types of cookies can you find information on?

How Cookies Are Stored

There was a time (back in the dark days before FaceBook and YouTube) when cookies were stored as individual .txt files. These days, however, modern web browsers utilize a cookie database (‘cookie jar’, if you will) to store cookies as individual entries in a common, shared location, which varies depending on the browser that you’re using.

You may be wondering whether having all these snippets of personal information in one tidy location would be a cause for concern regarding privacy or security, and this brings us to our final point.

Is There Genuine Concern over Privacy?

While your personalized Google home page or local weather site may be harmless on an individual basis, hundreds of these small details can add up and start to paint a bigger picture, raising concerns over the extent of the market for tracking and selling information which should otherwise be private.

Whether or not cookies present a privacy concern depends on your perspective of what really constitutes private information. A cookie will not be able to take a video of you while you’re taking your morning shower, but at the same time it’s a bad idea to underestimate the ingenuity of people who create malware, or the tenacity of advertising agents who gather behavioral browsing information from the Internet. Now that you know what cookies are and how they work, you’ll be able to make informed decisions when it comes to managing your online privacy.


Questions to consider:

·       How do the websites I visit keep track of what I do?

·       What is a cookie and what does it do?

·       Are cookies good or bad?



Assignment 1

1)     Choose a browser (i.e. Internet Explorer, Firefox, Chrome)

2)     Adjust your browser’s cookie settings (i.e. set them to high or low).

3) Visit a shopping site (i.e. Amazon)

4. Use the "Snipping Tool" to take a screen shot of the page before you do any searches. (search for "Snipping" in the     search for programs and files window under the Windows start button)

5)     Now search for 3 or  4 items that interest you.

6)     Close your browser, open it again, and return to that site.

7)  Use the snipping tool to again take a second screenshot of the page.

5)     Assess whether you think this site has gathered data about your browsing history.

6)    Write and describe any obvious differences in point form in a Google Doc. Include the two screen shots from          your visits to the site.

8)     Discuss the benefits/drawbacks/cautions of using cookies in one paragraph (i.e. convenience vs. privacy,                 consumer model for info sharing, etc.)

9) Share your assignment and upload it to your Google Site

See bottom of page for Assignment 2 


The Positive side of Cookies

Cookies are essential to keep track of individual actions on a website. They  make it convenient to do what we need to do on the internet.  For example, they allow Amazon to store info about your browsing history and previous purchases so that they can recommend books for you. Cookies associate data you have submitted to online forms with your unique ID, so that you don’t have to re-enter that info every time you visit the site. They also make it possible for website analytics (like Google Analytics) to accurately track user visits.  

  • Cookies are necessary for site personalization (such as Google Chrome, MSNBC, BBC or Netvibes) and to participate in many online courses at UBC. Many browser extensions let the user choice which (if any) cookies to approve.
  • Your computer keeps a record of the websites you visit. Your internet history is a chronological list of URLs you’ve visited (which can also be arranged by frequency of use). Your computer also stores temporary internet files from individual websites you access.
  • If somebody else has access to your computer (physically, through cookies, or by hacking) they will be able to find out which sites you visit. This could be a problem if you save your password on your favorite sites since an attacker might be able to visit the site and pose as you.

Assignment 2

Read

Based on the 3 articles above, answer these questions at the bottom of Assignment 1
  1. What is the difference between a web browser's "Do Not Track" feature and the "Private Browsing" feature?
  2. Describe the features and differences between web cookies, opt-out cookies, and flash cookies.
  3. Describe how Facebook uses cookies. What different types of cookies do they use and how do they integrate with their social plugins?
  4. Describe 3-4 steps to make sure you are protecting your privacy from invasive cookies while surfing the web.

For Further Discussion




Comments