Cookies and Their Impact on Internet Security Term Paper

Download this Term Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Term Paper:

Cookies and Their Impact on Internet Security

Cookies are tiny bits of information that is stored by a web site when a user enters its site. The next time the user enters that site; the user's browser sends the information back to the site (Andrews, 1996). A cookie is typically designed to remember and tell a web site some useful information about the user.

For example, an online music store may uses cookies to keep track of what products each individual customer purchases. When the customer returns to the site, the company's browser allows it to read the cookie. The site could then make a list of similar products that the customer may be interested in, based on the cookie's information (p. 20).

Cookies are invisible to users, unless the users set preferences that alert them when cookies are being used. In most cases, cookies are harmless (Cole, 2002). Cookies cannot be used to gather personal information about users, unless the users provide the information.

However, some companies use cookies develop a profile of Internet users' interests based on the sites visited and the things they do at the sites (Descy, 1999). As a result, advertisers can tailor online advertising based on the interests and buying habits of Internet users, or use the information in a variety of other ways. This can present a significant threat to Internet security, if Internet users do not exercise caution.


Many Web surfers have a fear of cookies that is based on ideas from the media that cookies are a dangerous risk to Internet security (Lowe, 2002). However, the majority of cookies are actually harmless.

Cookies are small text files that many websites place on a user's machine to identify it (Cole, 2002). Different websites use cookies for different reasons. Many use cookies to store registration details, so that users do not have to enter all their details every time they visit a site.

Others use them as an additional security check, or to verify a user's identity. In addition, some use websites use cookies to record which areas of a website a user has visited. Advertisers can also use cookies to monitor which advertisements have been seen by users and how successful their campaigns are.

Cookies are actually beneficial to Internet users and websites when properly used to personalize the Web experience. However, some websites' use of cookies has a negative impact on Internet security, such as DoubleClick Network's use of cookies to record the Internet habits of users (Davidson, et al., Sterne, Philips). This type of use poses a threat to the privacy of the users, as the company uses information obtained through cookies for marketing purposes.

The Basics of Cookies and Their Impact on Security

According to Joshua Woodruff, E-Business architect at Avaya Communications, Inc. "Internet cookies, or small files that get downloaded to client browsers when surfing sites, can potentially expose a significant security risk."

The cookie file can contain information such as user IDs and passwords, credit card numbers, social security numbers, or any other piece of information the organization handing out the cookie feels it needs to store on a client system. This file exposes information that is then vulnerable to hackers who may be able to get onto a client system via the Internet and copy these files.

Why are cookies used then? This kind of information helps organizations track new and repeat visitors, provide automatic sign in, and pre-populate web pages with information entered the last time the client visited the site, among many other things. According to Woodruff, it "is completely up to the whims of the organization handing out the cookie as to what may be contained in the file and what it's used for."

Therefore, it is not necessarily the cookie itself that poses a security risk, but rather the level of expertise and professionalism used on the other end - the web development teams within these organizations that build the code for these cookie files and functions (Sterne, 1997).

When asked how to tell what level of skill and scrutiny a particular web developer has when visiting a particular web site, Wooduff's answer was, "You can't! Any time you visit any web site, you are exposing yourself to the code that's been written by a particular team of developers whom you can only hope use strict security guidelines in their development practices. Of course most professional, major web sites, such as and, would not code cookies in such a way to expose any potential risk - right? But how do you know for sure?"

Protection is offered in the way of client browser controls. A client browser can be configured to accept any and all cookies, allow cookies only from sites it "trusts" (which a user could configure), or not allow any cookies (Gunderson, et al., 1996).

This presents the familiar scenario of security vs. usability - if a browser is configured for high security and set to not accept cookies at all, a lot of web sites will not be able to deliver full functionality to the client, where as if the browser was configured for low security, the client may be able to experience full featured web sites but at the same time exposes itself to vulnerabilities (NetScape).

With Internet security such a huge issue today, users have to protect themselves against sites that use cookies. An Internet user must find a situation where he feels comfortable. He also must use caution when entering any kind of personal information into a web page.

Most reputable Web pages will have links to their security guidelines and even explain their usage of cookies. This information is provided to enhance awareness of the usage of information and should be used for Internet security.

Weighing the Benefits of Cookies with Their Threat to Internet Security

Cookies are mechanisms developed by the Netscape Corporation to make up for the stateless nature of the HTTP protocol (Netscape). Without cookies, every time a browser requests the URL of a page from a Web site, the request is treated as a completely new interaction.

The request, which is often just the most recent in a series of requests as the user browses through the site, may be lost. While this makes the Web more efficient, this stateless behavior makes it difficult to create things, such as shopping carts, that must remember the user's actions over a long period of time (Philips, 1995).

One of the major issues surrounding Internet security in today's society is keeping information secure and private. The Internet is a public network, so information can easily be shared with or stolen by others.

Cookies have a significant impact on Internet security when companies cross the line between using cookies as a simple data management tool and infringing on the online privacy of Internet users (Narayan, Gunderson). The users are often the victims here, because cookies are tracking all of their movements on the Internet, and the users do not know that it is happening.

Fundamentally, cookies are harmless pieces of text. They cannot be used as a virus and cannot access the hard drive. However, cookies, when transmitted through a website, can have an impact on Internet security.

Cookies cannot be used to steal data or information over the Internet. They are simply used to store information that was provided by the user at some point. For example, if a user entered his name when filling out a form, a server can turn this information into a cookie and send it to the user's browser. The next time the user visits the site, the site may welcome him by name. This is a harmless use of cookies.

However, cookies can negatively affect user security when they are used for other purposes (Andrews). When a browser accesses and surfs Web sites, it leaves a trail of information across the Internet, including the name and IP address of the computer, the brand of browser used, the operating system that is run, the URLs of the Web pages accessed, and the URLs of the pages last viewed (p. 17).

Dangers of Cookies to Internet Security

Cookies basically enable companies or individuals to follow this trail to learn about the Web browsing habits of the user.

For example, the DoubleClick Network develops profiles of individuals using the World Wide Web and sends them advertising banners customized to their interests (Descy, 1999). DoubleClick's clients are Web sites that want advertise their services.

Each of Doubleclick's clients becomes a host for the advertising of other members of the network. The clients also create advertisements for their products and services, and submit them to DoubleClick's server.

Each Web site uses it site to link with DoubleClick. If a user views on these pages, his browser automatically links to DoubleClick's server to retrieve one of its member's advertisements and return it to the browser. When the user reloads the page, a different advertisement appears (p. 50).

The user typically does…[continue]

Cite This Term Paper:

"Cookies And Their Impact On Internet Security" (2002, November 27) Retrieved November 30, 2016, from

"Cookies And Their Impact On Internet Security" 27 November 2002. Web.30 November. 2016. <>

"Cookies And Their Impact On Internet Security", 27 November 2002, Accessed.30 November. 2016,

Other Documents Pertaining To This Topic

  • Security and Privacy on the

    Again, people find a difference between intrusion by the government and by the private companies. In U.S., there are very few restrictions on private companies than on the government about collecting data about individuals. This is because activities like buying of books, getting a video, seeing a movie in theatres or eating in restaurants have been viewed as public activities of individuals. These are essentially not bothered with by laws

  • Internet Privacy for High School Students

    Internet Privacy for High School Students The unrestrained stream of information is conceived necessary for democracies and market-based economies. The capability of the Internet to make available the vast quantity of information to practically everyone, irrespective of their locations thus entails large benefits. The Internet provides access to the greatest libraries of the world to the students even in the smallest towns and permit the medical specialists to analyze the patients

  • Internet Trust Certificates in Every

    Trust alleviates the apprehensions of insecurity that crop up when the retailer is not known, or the way the company will deliver the goods or services purchased. Building trust in e-commerce necessitates a clear indication of rigorous standards of security, data safeguard, transparency of data use, etc. (The effect of IT-based security on feedback mechanisms and trust building in online auction settings) Morgan and Hunt during 1994 indicate that trust

  • Internet Profiling and Privacy This

    Ethics is an essential part of the individual condition. As an important person who starts up a large business as well as deals on a daily basis with other corporation at all arena of expansion so basically business ethics is lively and glowing plus hotly chat about in boardrooms all over the world. Furthermore for the majority of administration and boards know their accountability goes well beyond periodical results.

  • Internet Laws

    Internet Ethics and the consumer's private existence in an unstable regulatory environment -- untapped economic waters in a wild, wild west of identity theft and chronic consumption When it comes to Internet ethics, even in the absence of legal requirements, businesses must themselves self-regulate when it comes to consumer privacy. If they do not, it is likely that the government will step in to do so, as the government has done

  • Regulating Internet Privacy Regulation Has Remained Pinnacle

    Regulating Internet Privacy Privacy regulation has remained pinnacle of issues that got birth with internet. Every innovation in technology is at the expense of privacy; it is no more there as most of technicians believe. A layman using internet does not find how and when his personal information is can be traced by someone else; privacy at workplace that was once enjoyed by the employees is no more at one's disposal,

  • Personal Security and the Internet

    The responsibility to seek out and use the most appropriate form of protection for a particular system lies with its user. If a user does not regard these duties with the appropriate seriousness, the consequences could be dire indeed. Another very threatening form of computer crime is the phishing scam. Phishing Phishing involves email from an apparently legitimate source such as a bank or other place of business that requires the user

Read Full Term Paper
Copyright 2016 . All Rights Reserved