One of the joys of continuing my education is
having getting to write a mini-article once a week for my fellow students and instructors. I’ve decided to share some of the better ones here. B.
Long ago, in what sure seems like a galaxy far, far, away, I got a job working for a small ISP in the Inland Empire in California. We were literally in the attic above a Birkenstock store in the Claremont Village shopping center. Back then, AOL was cool and still on the rise, rotary phones were still common, and this whole “world wide web” thingy was just taking off.
You see, the problem with web browsing was and is that it is “stateless.” The web was never intended for all the uses we take for granted today. It was intended as a way for scientists to share information in a platform independent manner. At the time when Tim Berners-Lee wrote the first proposal for the World Wide Web in 1989, Mac and Windows systems really did not play well together, and if you were using a NeXt system or any flavor of UNIX, you could forget all about sharing documents with anyone using a different kind of system than what you used. This was a big problem at CERN, where Sir Tim worked (“A short history of the web,” n.d.).
Fast forward a mere five years later, to 1994. By the end of that year, over 10,000 web servers had been implemented around the world (“A short history of the web,” n.d.). While a lot of people didn’t see the point of this web thingy, quite a few businesses realized that the web opened up business opportunities and new ways to both market and sell goods and services. But the stateless nature of the web was a serious problem. If every single request sent to a web server was made without context or data retention about the history of the user’s actions and behaviors, there was no way for a potential customer to put anything into a virtual shopping cart.
Cookies to the rescue! Sort of…
Browser cookies, in case you didn’t know, are files stored on your computer with information to be used by your web browsers. Each web browser handles cookies a little differently, with some storing them as separate text files and others storing them in data files that contain profile information and settings data (“Cookies – Information that websites store on your computer,” n.d.). The reason that cookies exist is to provide persistence of data from one client/server interaction to the next (Richardson & Thies, 2013, p. 328).
The problem security-wise isn’t necessarily the cookies themselves. Rather it is how they are used.
First, understand that Cookies are NOT encrypted. They are sent, received, and stored in plain text. That means anything and everything contained within cookies as they are set or echoed is fully readable by anyone who might be listening in (BÎZGĂ, 2021). So, if a web developer stores PII or other sensitive information in a cookie, that data may as well be posted in public.
Then there are tracking cookies used by Google, Facebook, and other companies heavily invested in online advertising. They are used to track user behaviors across as many websites as possible, building ever more detailed profiles so that marketing campaigns can be tailored more and more effectively against you (“What are computer cookies?,” 2021).
In addition, there are also “super-cookies,” which combine cookies and other browser traits to track you even when you go incognito (“What are computer cookies?,” 2021).
Each of these poses both security and privacy issues, and as of this writing, nothing close to a decent solution exists, short of unplugging every digital device you own and moving into a cave. And even that isn’t a sure bet.
BÎZGĂ, A. (2021, October 1). The good, the bad and the ugly side of internet cookies. Bitdefender. https://www.bitdefender.com/blog/hotforsecurity/the-good-the-bad-and-the-ugly-side-of-internet-cookies/
Cookies – Information that websites store on your computer. (n.d.). Mozilla Support. https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Richardson, T., & Thies, C. N. (2013). Secure software design. Jones & Bartlett Publishers.
A short history of the web. (n.d.). CERN. https://home.cern/science/computing/birth-web/short-history-web
What are computer cookies? (2021, September 16). Malwarebytes Labs. https://blog.malwarebytes.com/malwarebytes-news/2021/09/what-are-computer-cookies/
 Berners-Lee was knighted due to his work creating and developing web technologies.