Most of the experienced web visitors and even new visitors are now familiar with the use of cookies these days. Cookies are small data files that are being put on your hard drive by Websites when you visit them. They install cookies into your system for many different reasons. One of them is to identify you as a distinctive visitor by identifying your Web browser software. When your return to the Web site that has stored a cookie, it will search your computer for those cookies, and they will know past activities. It may also update your previous cookie. This way the site can customize its contents depending on previous activities. It will also allow the site to provide customized news, weather, sports information, and many other things based on stated interests. In theory, a cookie only transmits information back to the Web site that put it there and can’t be accessed by other parties. But some Internet advertising companies had crossed the limits of using their own cookies. These companies use cookies to create highly sophisticated profiles of online visitors, most of the time without visitors’ knowledge and usually without their consent.
As the use of cookies is for providing the user the better experience for their web pages visit but the excess use of cookies and mostly the sophisticated cookies which create an online profile of the user for the purpose of advertising has centrality raising the issue of breach of privacy of a user. In this paper the technical and legal issues regarding the cookies are addressed and also how to save the user from the breach of privacy has been discussed. Even though cookies serve an important role in today’s e-commerce and advertising industries, it is impossible not to think of them as a breach in user security. There is something about a seemingly forced piece of information being saved on your computer for the use of a computer hundreds or even thousands of miles away. One can only think of one word, Privacy. How does a user know that the companies are collecting cookies for their own advertising or e-commercial purposes rather than probing a user as a candidate for the ever-present adware? Does a user want vendors to know exactly what it is they usually shop for when they get online? Do they really need to save my shopping time by one or two clicks with the sacrifice of decreased privacy?
COOKIES:
A Cookie is a small file
containing a string of characters that is sent to your computer when you visit
a website. When you visit
the website again, the cookie allows that site to recognize your browser.
Cookies may store user preferences and other information to “improve the user experience”. You can reset
your browser to refuse all cookies or to indicate when a cookie is being sent.
However, some website features or services may not function properly without cookies. It is generated by
a web page server, which is basically the computer that operates a web site.
The information the cookie contains is set by the server and it can be used by
that server whenever the user visits the site. A cookie can be thought of as an
internet user's identification card, which tell a web site when the user has
returned. They
can be session based and expire after a session or persist beyond the current
web session:
· Persistent internet cookies are stored on end users’ devices beyond the current session. They send information to the web page (server) whenever the user visits the site until the internet cookies’ expiry date. These internet cookies allow websites to remember the actions of a user across a website (or several websites) and across sessions. For example, persistent internet cookies enable websites to remember settings for personalized content.
Cookie text files contain several pieces of information, including the host and a name-value string. For our analysis, we consider a cookie to be the unique pair and the cookie’s value to be the value component of the name-value string. Our most fundamental analytical task was to effectively identify cookies with value strings that correspond to unique identifiers.
PIXEL TAGS
A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.
SERVER LOGS
Like most websites, our servers automatically record the page requests made when you visit us sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
TYPES OF COOKIES
A cookie is a small data file your browser uses to save information it sends. Personal information is never saved in cookies. Using cookies is safe. Cookies are used to track web statistics and to make the website easier to use. Cookies help the websites owner to tailor their marketing decisions according to the website visitors’ needs. Data collected by installation of cookies is not focus on or for specific people. Cookies can be broadly classified into two types:
1. Functional / Session Cookies:
Session cookies are the cookies which is use to track the user session, either user is logged in or not and after authentication server assigns authenticated session cookie to user by that server with check the request is coming from user or not.
2. Non-functional / Persistent Cookies
Persistent cookies are those which is used to track the user activity, in what article or product that particular user is interested, so that if that user have persistent cookie in his machine then he will receive ads related to his interest.
PROS AND CONS ON SAVING THE COOKIES
As every coins has either side so as the cookies too have. Installation of cookies no doubt increases the user experience but as the same time the sophisticated cookies can be installed for creating a digital profile of a user without the consent of the user thus violating the privacy rights of the user. This helps the company for the purpose of advertising and even to sell to the third party for their business need.
Pros of Installing Cookies
1. For Authentication, Security and Site Integrity
2. Advertisement
3. Localization
4. Site features and services
5. Performance
6. Analytics & Research
7. Preferences
8. Personalized Content
Cons of Installing Cookies
1. Privacy Concern
2. Unnecessary Storage
3. Illegal Activities
4. Security Threat
SECURITY ISSUES WITH COOKIES:
1. Direct Login
Some of the website provides access control schemes by the use of cookies like if any user logged in to any website with his/her credentials then the cookies is generated in the browser with the session details then if he/she open the same website on other tab of that browser then he/she directly get into the account without re-entering the credentials so this may have the security issue if the computer is used by multiple users.
2. Cookie Grabbing
When cookie is transfer between the client machines to server and can get access to the concerned website that gave the cookies, then it can be catch by the help of packet sniffer. “Since DNS is used to determine the cookies that are with a particular server it may be possible to cheat or play ahead with the browser to send a cookies to a server by subverting the DNS temporarily” like if intruder want to grab the users cookie then he just have to make the script and upload it on any hosting server and give the link of the script to the user then if that user click on that link then the cookies with the session details of users browser is grabbed and stored with a new file on intruders hosting server and then he/she can access the users account without knowing the credentials of user’s account.
3. Automatic Authentication
“Compromise of our login is a greatest privacy violation that we can imagine of and it’s a serious security implication as well. Some OLTP (Online Transaction Processing Systems) that use cookies should be very careful in providing privacy and security to the users of the system, the above scenario can happen and the users would never tolerate the compromise in the security. Some unauthorized transactions that may happen might have potential financial damages and customer dissatisfaction as well.”
PRIVACY CONCERNS ON COOKIES
As soon as we talk installation of cookies on users system on hard drive, the first question raises on the users mind about the breach of privacy. Cookies are simple un-compiled text files that help to coordinate the remote website servers and your browser to display the full range of features offered by most of the contemporary websites. These features include hassle-free automatic logins and authentication, third party ad serving, advertisement management, preference setting, language setting, etc. As cookie technology evolves along with website publishing and advertisement technology, privacy issues are sure to arise time and again.
Cookies basically coordinate the remote server and the user’s browser to display the full features which are offered by the server. The features given by the use of cookies are shopping cart functionality, ad management, automatic login and authentication and more. The technology of cookies develops the advertisement strategy in digital environment, so privacy issues on this is also arise time and again and they are as follows –
Invasion of privacy
It means that any act in which user’s interest, personal data, activity of user and behavior on internet is recorded, noticed or tracked with the consent of user and without consent is known as invasion of privacy. So this is the major privacy issue because the user can be tracked at any time by the intruder or by the government because under the Information Technology Act, 2000 government has the power to intercept or monitor intercepted in the interest of national security.
Storing Personal Information and Tracking User Behavior
The cookies are storing personal information in two ways, one is for form information and other is for ad tracking. Cookies itself cannot research the computer of user and his/her information. “Cookie-based ad tracking has evolved through the years. From simple operations like counting ad impressions, limiting popup, and preserving ad sequence, third party ad serving cookies have evolved to user profiling/website preference tracking. This latter group of activities—ad tracking, that has attracted a lot of controversy among online consumer privacy groups and other concerned parties. Many of the largest websites online use large-scale third-party ad serving networks which cover many sites. One of the largest is Google's ad serving network. For every click a valid user makes on a Google-served ad on their site, site owners make money ranging from pennies to dollars.
Flash cookies
This type of cookie is used in banking website which is neither browser based cookie or nor stored in computer. So it is difficult to find and delete the cookie, bank and other finance website stores the flash cookies to the user’s computer to authenticate the owner of account without any explicit notice that the flash cookie has been planted on the owner’s computer.
Cookies by themselves do not store or dig any information from your hard drive. It neither analyzes your system details and store. Cookies also do not contain any personal information so it should not be held for collecting the personal information of the users. This personal information is not generated by the cookies themselves but by your own input into websites' order forms, registration pages, payment pages, and other online forms. When we talk of ecommerce, these cookies are being protected by the remote server through security features such as SSL (Secure Socket Layer), certified pages and through other network security parameters
LEGALITY OF COOKIES
When we talk of legality of cookies, “The Information Technology Act (Amendment), 2008” have not defined the word “Cookies” nor the word “cookies” is used anywhere in The IT ACT, 2008. Thus it is quite clear that till now the government of India has not focused on the cookies installation or the use of same technologies and does not have any specific law on cookies, however, any person monitors the activity of user with the help of sophisticated cookies or collecting the traffic data of the user, can be dealt under the I.T. Act, 2008.
Under the section 69 of the I.T. Act, 2008 government has power to issue direction for interception or monitoring or decryption of any information through any computer resource can collect and monitor the traffic data or has power to authorize to monitor and collect traffic data or information through any computer resource for cyber security.
However Information Commissioners Office (ICO) has given New European Laws concerning cookies which came into effect on May 26th 2011 as “Guidance on the rules on use of cookies and similar technologies”.
CONCLUSION
Cookies play an important role for any website to provide some basic and necessary activities such as providing session and authentication to the users. Even the cookies help in providing ease and better experience with faster access to their websites, web application or web services. Cookies also help in remembering the preferences of the users which ease the user to show only the relevant posts, articles, news etc. Cookies also help online advertisement organization to place relevant advertisement which users usually tend to visit which may benefit the advertisement company. This activity is not performed only to sell their products rather than profiting by Pay-Per-Click (PPC) program of different companies like Google Adsense, Yahoo, etc.
In spite of having these benefits to the users, cookies can be used in other way too in order to get the personal or private details of the users. Some sophisticated cookies such as session cookies which are grabbed by the intruder to perform malicious activities. It can also be used to track the traffic data of the user for surveillance purpose. The cookie is an integral part of any website and also from user’s point of view, but it should ask the user either to install in or not with the option of Opt-in or Opt-out. Also the session cookies should be encrypted so that it can protect the user’s session cookies from being exploited by any intruder.
No comments:
Post a Comment