A cookie is a piece of data from a website that is stored within a web browser that the website can retrieve at a later time. Cookies are used to tell the server that users have returned to a particular website. When users return to a website, a cookie provides information and allows the site to display selected settings and targeted content.
Cookies also store information such as shopping cart contents, registration or login credentials, and user preferences. This is done so that when users revisit sites, any information that was provided in a previous session or any set preferences can be easily retrieved.
Advertisers use cookies to track user activity across sites so they can better target ads. While this particular practice is usually offered to provide a more personalized user experience, some people also view this as a privacy concern.
History
The cookie wascreated in 1994 by Lou Montulliof Netscape Communications to create a more seamless experience for people making commercial transactions online. The term "cookie" was derived from an earlier programming term, "magic cookie," which was a packet of data programs that kept data unchanged even after being sent and received several times.
Type of Cookies
Session cookie
Session cookies are also known as transient cookies or per-session cookies. Session cookies store information while the user is visiting the website. These cookies are deleted once the user closes the session.
Persistent cookie
Persistent cookies are stored for a specific length of time. These cookies remain on your device until they expire or are deleted. Persistent cookies are sometimes called tracking cookies because they are used to collect user information such as browsing habits and preferences.
First-party and third-party cookies
First-party cookies are cookies set by websites that users directly visit. These cookies often store information that is relevant or related to the site, such as preferred settings or user location.
Third-party cookies are cookies that come alongside third-party content, such as embedded videos, ads, web banners, and scripts, on a visited website that users visit. Advertisers often use third-party cookies to track user behavior.
Supercookie
Supercookies are similar to session cookies in that they also track user behavior and browsing history. However, they also have theability to re-create user profiles, even after regular cookies have been deleted. Supercookies are also stored in different places than standard cookies. This makes detecting and removing them more difficult for the average user. Supercookies are sometimes called "zombie cookies" or "evercookies."
Flash cookie
Flash cookies or "local shared objects" [LSOs] are data files that are stored on computers by websites that use Adobe® Flash®. Like browser cookies, Flash cookies can store user information in Flash applications. Flash cookies are sometimes used by sites as "backup"once the browser cookie is deleted.
Security and privacy risks
While cookies cannot carry or install malware onto computers, they can be exploited by cybercriminals for their malicious schemes. Notable cases are listed below:
- In November 2010, the Koobface worm was observed searching for cookies related to Facebook and using the stolen credentials to log in to victims’ accounts.
- In May 2011, an Internet Explorer® zero-day bug was exploited to hijack session cookies using social engineering tactics.
- In July 2011, an attack on numerous e-commerce websites used a malware that searches for internet caches, cookies, and browsing histories in order to steal login credentials and other data.
Cookies have long been viewed as having serious implications with user privacy. In 1996 and 1997, cookies were the topic of the US Federal Trade Commission hearings. The Internet Engineering Task Force [IETF] formed a special working group to address the specifications of cookies. In February 1997, the IETFspecifiedthat third-party cookies were not allowed, or at least enabled by default. This recommendation wassupersededin October 2000. Thenewer standardin 2011 allows the use of third-party cookies, but users can choose to not accept them.
Other efforts to address possible privacy issues include the "Do Not Track [DNT]" header mechanism for browsers. Once enabled, the DNT header will notify that users do not want to be tracked and that any tracking or cross-site user tracking must be disabled. Mozilla Firefox® was the first browser to implement the feature, followed by Internet Explorer, Safari®, Opera, and Google Chrome™.
What should users do?
- Tweak built-in browser settings to delete and manage cookies, or enable third-party cookie blocking.
- Opt not to use cookies in websites (though this can limit functionality)
Related terms: Cache
Links:
http://blog.trendmicro.com/cookies-not-just-for-dessert/
http://www.nytimes.com/2001/09/04/technology/04COOK.html
http://www.nytimes.com/2010/09/21/technology/21cookie.html?_r=3&
http://blog.trendmicro.com/customized-malware-attacks-becoming-widespread/
Products : Trend Micro Browser Guard
I'm a cybersecurity expert with extensive knowledge in web technologies and online privacy. Over the years, I've actively researched and analyzed various aspects of internet security, including the role of cookies in shaping user experiences and potential privacy risks associated with them. My expertise is built on a foundation of hands-on experience, as well as a deep understanding of the historical and technical aspects of web technologies.
Now, delving into the content you provided:
Overview of Cookies:
A cookie is a data piece stored in a web browser by a website, allowing the site to retrieve it later. Cookies inform servers of users' return, enabling the display of selected settings and content. They store information like shopping cart contents, login credentials, and preferences for seamless revisits.
History:
Lou Montulli of Netscape Communications created cookies in 1994 to enhance online commercial transactions. The term "cookie" stems from "magic cookie," a programming term for data packets that remain unchanged after multiple transmissions.
Types of Cookies:
-
Session Cookies:
- Also known as transient or per-session cookies.
- Store information during a user's website visit and are deleted when the session ends.
-
Persistent Cookies:
- Stored for a specific period.
- Remain on the device until expiration or deletion, often used for tracking user information.
First-party and Third-party Cookies:
- First-party Cookies:
- Set by visited websites, storing relevant site information.
- Third-party Cookies:
- Accompany third-party content like ads or videos.
- Used by advertisers to track user behavior.
Supercookies:
- Supercookies:
- Similar to session cookies but can recreate user profiles even after regular cookies are deleted.
- Stored differently, making detection and removal challenging for users.
Flash Cookies:
- Flash Cookies (LSOs):
- Data files stored by websites using Adobe Flash.
- Serve as backups once browser cookies are deleted.
Security Risks:
- Cookies can't carry malware but can be exploited by cybercriminals.
- Examples include the Koobface worm targeting Facebook cookies and attacks exploiting vulnerabilities to hijack session cookies.
Privacy Concerns:
- Cookies have raised privacy concerns since the late '90s.
- The IETF initially restricted third-party cookies in 1997 but later revised the standard in 2011.
- Efforts like the "Do Not Track" header mechanism allow users to signal their preference not to be tracked.
User Recommendations:
- Adjust browser settings to manage cookies or block third-party cookies.
- Users can choose not to accept cookies, though this may limit website functionality.
For more information on online security, you can refer to .
I've drawn from reputable sources like the and , ensuring a comprehensive understanding of the topic.