HTTP Cookies (original) (raw)
HTTP Cookies: Standards, privacy, and politics
Published: 01 November 2001 Publication History
Abstract
How did we get from a world where cookies were something you ate and where "nontechies" were unaware of "Netscape cookies" to a world where cookies are a hot-button privacy issue for many computer users? This article describes how HTTP "cookies" work and how Netscape's original specification evolved into an IETF Proposed Standard. I also offer a personal perspective on how what began as a straightforward technical specification turned into a political flashpoint when it tried to address nontechnical issues such as privacy.
References
[1]
CRANOR, L. 2001. private communication.]]
[2]
CRANOR,L.F.AND REIGLE, J., JR. 1998. Designing a social protocol: Lessons learned from the Platform for Privacy Preferences Project. http://www.research.att.com/ >>lorrie/pubs/ dsp/dsp.html.]]
[3]
EU. 1995. Directive 95/46/EC of the European Parliament and the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such data. http://europa.eu.-int/eur-lex/eu/lif/dat/1995/eu 3951 0046.html.]]
[4]
FIELDING, R., MOGUL, J., FRYSTYK, H., MASINTER, L., LEACH,P.,AND BERNERS-LEE, T. 1999. Hypertext Transfer Protocol-HTTP/1.1. Tech. Rep. RFC 2616 (June), IETF. http://www. ietf.org/rfc/rfc2616.txt.]]
[5]
FTC. 1996. Public workshop on consumer privacy on the global information infrastructure. http://www.ftc.gov/bcp/privacy/wkshp96/frdoc.htm.\]\]
[6]
FTC. 1997. Consumer information privacy workshop. http://www.ftc.gov/bcp/privacy/ wkshp97/.]]
[7]
GARFINKEL, S. 2000. Database Nation. O'Reilly & Associates, Inc.]]
[8]
HARTLEY, P. F. 1997. Comments of Netscape concerning consumer on-line privacy-P954807. http://www.ftc.gov/bcp/privacy/wkshp97/comments2/netsc067.htm.\]\]
[9]
http-wg. HTTP-WG mailing list archive. http://www.ics.uci.edu/pub/ietf/http/hypermail/.\]\]
[10]
KAPLAN, C. S. 2001. Kafkaesque? Big brother? Finding the right literary metaphor for net privacy. New York Times. http://www.nytimes.com/2001/02/02/technology/02CYBERLAW. html.]]
[11]
KRISTOL, D. M. 2001. HTTP cookies: Standards, privacy, and politics. An extended version of this article. ACM Digital Libr. URL.]]
[12]
KRISTOL,D.M.AND MONTULLI, L. 1997. HTTP state management mechanism. Tech. Rep. RFC 2109 (Feb.), IETF. http://www.ietf.org/rfc/rfc2109.txt.\]\]
[13]
KRISTOL,D.M.AND MONTULLI, L. 2000. HTTP state management mechanism. Tech. Rep. RFC 2965 (Oct.), IETF. http://www.ietf.org/rfc/rfc2965.txt.\]\]
[14]
LEWIN, B. 2000. Governing trust. http://207.87.15.232/issues/Issue371/item9225.asp.\]\]
[15]
MONTULLI, L. 2001. Private communication.]]
[16]
MOORE,K.AND FREED, N. 2000. Use of HTTP state management. Tech. Rep. RFC 2964 (Oct.), IETF. http://www.ietf.org/rfc/rfc2964.txt.\]\]
[17]
NEW YORK TIMES. 2001. Senator raises privacy as Federal Web site issue. http://www.nytimes. com/2001/04/17/technology/17PRIV.html.]]
[18]
NS. undated. Netscape Communications Corporation. Persistent Client State HTTP Cookies. http://www.netscape.com/newsref/std/cookie spec.html.]]
[19]
P3P. 2001. P3P public overview. http://www.w3.org/P3P/Overview.html.\]\]
[20]
PF. 2000. The top 10 privacy stories of 2000. http://www.privacyfoundation.org/release/ top10.html.]]
[21]
PICS. 2000. Platform for internet content selection (PICS). http://www.w3.org/PICS/.\]\]
[22]
POSTEL, J. 1993. Instructions to RFC authors. Tech. Rep. RFC 1543 (Oct.), IETF. http://www.ietf.org/rfc/rfc1543.txt.\]\]
[23]
POSTEL,J.AND REYNOLDS, J. K. 1997. Instructions to RFC authors. Tech. Rep. RFC 2223 (Oct.), IETF. http://www.ietf.org/rfc/rfc2223.txt.\]\]
[24]
RAYMOND, E. S. 1996. The New Hacker's Dictionary (3 ed.). MIT Press. http://www.eps.mcgill. ca/jargon/html/entry/magic-cookie.html.]]
[25]
S.2606. 2000. Consumer Privacy Protection Act, S.2606. http://frwebgate.access.gpo.gov/ cgibin/getdoc.cgi?dbname=106 cong bills&docid=f:s2606is.txt.pdf.]]
[26]
SMITH, R. 2001. Invasion of the web bugs. http://www.privacyfoundation.org/commentary/ tipsheet.asp?id=34&action=0.]]
[27]
STATE. http-STATE mailing list archive. http://www.bell-labs.com/mailing-lists/http-state/archive. html for April 1997 through March 2000 and http://lists.bell-labs.com/pipermail/http-state/after April 2000.]]
[28]
WEBSIDESTORY. 2001. Cookie rejection less than 1 percent on the Web, according to WebSideStory. http://www.websidestory.com/cgi-bin/wss.cgi?corporate&news&press 2 124.]]
[29]
Wired. 2000. Dead site? There goes privacy. http://www.wired.com/news/business/0,1367, 37354,00.html.]]
[30]
WP17. 1999. Recommendation 1/99 on invisible and automatic processing of personal data on the internet performed by software and hardware. Tech. Rep. (Feb.), European Union Work-ing Party on the Protection of Individuals with regard to the Processing of Personal Data. http://europa.eu.int/comm/internal market/en/media/dataprot/wpdocs/wp17en.htm.]]
[31]
www-talk. WWW-TALK mailing list archive. http://www.webhistory.org/www.lists/ for 1991- 1995, http://lists.w3.org/Archives/Public/www-talk/ for 1995-2001.]]
Information & Contributors
Information
Published In
ACM Transactions on Internet Technology Volume 1, Issue 2
November 2001
111 pages
Copyright © 2001 ACM.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 November 2001
Published in TOIT Volume 1, Issue 2
Permissions
Request permissions for this article.
Check for updates
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations
- Downloads (Last 12 months)350
- Downloads (Last 6 weeks)32
Reflects downloads up to 20 Jan 2025
Other Metrics
Citations
- Hunter M(2025)CookieEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_105(438-440)Online publication date: 8-Jan-2025
- Jo ARossi J(2024)La rivalité très politique des standards de recueil du consentement sur le WebQuaderni10.4000/12cpq112Online publication date: 2024
- Lin WShieh MLin Y(2023)Web API Verifier for IoTtalk and Its ApplicationsMobile Internet Security10.1007/978-981-99-4430-9_24(323-337)Online publication date: 20-Jul-2023
- Lapin KVolungevičiūtė L(2023)Improving the Usability of Requests for Consent to Use CookiesDigital Interaction and Machine Intelligence10.1007/978-3-031-37649-8_19(191-201)Online publication date: 25-Jul-2023
- Pantelic OJovic KKrstovic S(2022)Cookies Implementation Analysis and the Impact on User Privacy Regarding GDPR and CCPA RegulationsSustainability10.3390/su1409501514:9(5015)Online publication date: 22-Apr-2022
- Azeroual OKoltay T(2022)RecSys Pertaining to Research Information with Collaborative Filtering Methods: Characteristics and ChallengesPublications10.3390/publications1002001710:2(17)Online publication date: 2-Apr-2022
- Belen ARigor TOng Dde Guzman J(2022)Enhancing Web Authentication Security Using Random ForestTENCON 2022 - 2022 IEEE Region 10 Conference (TENCON)10.1109/TENCON55691.2022.9978128(1-6)Online publication date: 1-Nov-2022
- Mao KDong QWang YHonga D(2022)An Exploratory Approach to Intelligent Quiz Question RecommendationProcedia Computer Science10.1016/j.procs.2022.09.469207:C(4065-4074)Online publication date: 1-Jan-2022
- Martínez DCalle EJové APérez-Solà C(2022)Web-tracking compliance: websites’ level of confidence in the use of information-gathering technologiesComputers & Security10.1016/j.cose.2022.102873122(102873)Online publication date: Nov-2022
- Adhatarao SLauradoux CSantos C(2022)Why Is My IP Address Processed?Privacy Symposium 202210.1007/978-3-031-09901-4_12(231-250)Online publication date: 21-Jun-2022
- Show More Cited By
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Full Access
View options
View or Download as a PDF file.
eReader
View online with eReader.
Media
Figures
Other
Tables
Affiliations
David M. Kristol
Bell Labs, Lucent Technologies, Summit, NJ