Cookies have come forth as one of the most proficient ways to keep track of browser-server interaction. However, security and privacy remains its major issues due to the level of progression. In this research, most common types of cookies in terms of security and the relevant privacy concerns have been identified and briefly analyzed. The research was carried out by means of systematic theory review to understand the research through previous studies. It involved a survey with the use of questionnaires to get users' understanding on web cookies and also use existing systems such as www.cookiepro.com and www.cookiechecker.com to gather information about cookies used by the websites. This was achieved by scanning through these websites when their URLs are provided. Findings of this research indicated that a lot of websites use cookies that keep track of its users without users knowing, a lot of websites that users visit daily use marketing cookies which constitute for about 50% of cookies found in websites, and are good examples of persistent cookies that are used to monitor users' behavior on the internet, which in turn leads to security and privacy issues.
Published In:IJCSN Journal Volume 9, Issue 3
Date of Publication : June 2020
Pages : 130-139
Figures :07
Tables : 07
Shehu Mohammed Ahmed :
is a graduate from Federal University
of Technology Minna with bachelor's of Technolog y in Mathematics
and Computer Science 2010 and Master's of Technology in
Mathematics 2016. He is currently working as Lecturer in
Department of Computer Science Federal University of Lafia. The
Authors current research area is Algorithms and Computational
mathematics.
Song Shombot Emmanuel :
graduated from the University of East London with a Bachelor's degree in Software Engineering in 2012 and a Master's degree in Information Security and Digital Forensics in 2017. He is currently working as a Lecturer in Federal University Lafia, Nigeria. S.S. Emmanuel has been a constant recipient of the Dean's list award of academic excellence in 4 consecutive semesters during his Undergraduate years and also won the Tertiary Education Trust Fund Award (TETFUND in 2016. The author's current research interest is IoT and Big Data Analytics.
Avong
Emmanuel John :
is an outstanding student who grad uated
from the department of Computer Science in Federal University
Lafia in 2019. His current research area is web development
technologies.
Cookies, Security, Privacy
This project has investigated and presented in brief, some of the common types of cookies used on the Internet or websites. During the inception of first cookies design and implementation, it was aimed to provide efficient state management in the interactions of user's web browsers and web servers; before subsequently extended for other purposes, such as user activities tracking, profiling advertising, profiling, etc. This project analyzed security and privacy concerns generated by the use of cookies. Users must be able to find out how a web site plans to use the information from the cookie and should be able to choose whether or not those policies are acceptable. Both the user browser and the origin server must assist in gaining informed consent. For a user with limited IT expertise there is not enough information available to explain cookies' management.
[1] Claude Castelluccia, Emiliano De Cristofaro, Daniele Perito (2010). Private Information Disclosure from Web Searches (or how to reconstruct users' search histories), inProceedings of the 2010 Privacy Enhancing Technologies Symposium (PETS), LNCS 6205, pp. 38-55.
[2] David Kristol (2001). HTTP Cookies: Standards, privacy, and politics, ACM Transactions on Internet Technology, 1(2), pp.151-198, http://www.cs.stevens.edu/~nicolosi/classes/sp10 cspriv/ref5-1.pdf
[3] Edward W. Felton, Peter Zimmerman, Christian Eubank, Steven Englehardt (2015). Cookies that give you away: the surveillance implication of web tracking. Florence, In Proceedings of the 24th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee. Italy. ACM 978-1-4503-3469.
[4] Joon S. Park and Ravi Sandhu (2000). "Secure Cookies on the Web". George Mason University. IEEE Internet Computing. http://computer.org/internet/ 1089-7801/000.
[5] Raymond Eric (ed.) (2017). "Magic cookie". The Jargon File (version 4.4.7).
[6] Rodica Tirtea, Claude Castelluccia, and Demosthenes Ikonomou (2013). "Bittersweet cookie; some security and privacy considerations". European Network and Information Security Agency http://www.enisa.europa.eu/.
[7] Soltani Ashkan, Canty Shannon, Mayo Quentin, Thomas Lauren, and Jay Hoofnagle Chris (2009). Flash cookies and privacy, Technical report, University of California, Berkeley, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
[8] Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Haixin Duan, Shuo Chen, Tao Wan, and Nicholas Weaver (2015). "Cookies lack integrity: real world implication". Institute for Network Science and Cyberspace, Tsinghua University, Department of Computer Science and Technology, Tsinghua University, Tsinghua National Laboratory for Information Science and Technology, International Computer Science Institute, Microsoft Research Redmond, Huawei Canada,UC Berkeley.
