When people think of internet cookies, they often think of sneaky bits of spyware that track you all over the internet. While, yes, that is something they are used for, it is not the only thing they do. They come with major benefits too. For instance, if you have ever changed the language on a website, that was a cookie. If you have ever been automatically logged in, that was a cookie. And, perhaps most importantly to the field of communications, if you have ever used a shopping cart, that was a cookie.
The shopping cart was actually one of the original intended uses for cookies. Back in 1993 online shopping was not very popular, and while that was mostly due to the limited popularity of the internet at the time, it was also because it was very tedious. Without any extra features like cookies, websites cannot remember anything about your visit, whether that be between visits or even just between different pages in a single visit. There was no way for you to find an item you wanted and then go find a different item so you could buy multiple things at once. The website would simply forget.
Lou Montulli
That is where cookies come in. A man named Lou Montulli was working with the Mosaic Communications Corporation to develop the Netscape Navigator web browser, which would coincide with the launch of the World Wide Web. One of Mr. Montulli’s visions for the internet of the future was easy and efficient online shopping, and so he devised the cookie.
The Anatomy of a Cookie
The concept behind the cookie is very simple. It is a small packet of data that a website sends a visiting device so that it can store browsing data on that device. Even though the data packets are small, having thousands or millions of them stored on the host server would quickly get out of hand. If each user stored their own data though, the amount would be so miniscule that no one would even notice. When the user visits the website again or changes pages, the site simply requests the packet back from the user so they can resume right where they left off. The data was also encrypted so that only the rightful website could access it. Montulli reasoned that governments, corporations, advertising agencies, and hackers would be absolutely salivating over all that data, so it could not just be sitting around easy for them to access.
Montulli’s implementation of the cookie would be a flagship feature for Netscape Navigator, and when that web browser took over the internet, it set a cookie standard that is still held to this day. Thus, all of our favorite shopping websites like Amazon, Steam, and Ebay can exist and help people all over the world get the products they need.
Unfortunately, though, that is not the end of the story. It is common knowledge today that cookies are practically spyware that track your every movement. So, where did it all go wrong? The answer is Third Party Cookies. For an example, consider the targeted advertising industry:
Third Party Cookies
Website owners often want to make money, but website users often do not want to pay them. The most common compromise is for the website to have ads on it. However, that ad space can be tricky to sell to advertisers. That is where an advertising company steps in. They automatically connect website owners with advertisers, and in exchange receive a portion of the ad revenue. They also request that the site owner distribute the ad service’s cookie packaged with the site’s own cookies. This is a really sneaky way of bypassing Montulli’s encryption. Effectively, because the ad service now owns part of the cookie package, they can now rightfully access the rest of the cookie too. With thousands of sites all using their ad service, and millions of cookies being distributed, they now get a constant stream of data from users all over the internet which they can do with as they please. That is how they track you.
This was a flaw in the cookie’s design that was known even before the release of Netscape Navigator. It had already been exploited to lesser degrees in cruder cookie-like features in previous browsers. Montulli knew about this, but he included and standardized his flawed cookie design anyway. His reasoning was that it was a choice between standardizing his flawed, but still somewhat privacy respecting cookie, or wait and risk more malicious developers standardizing something even more invasive. It was a choice between the devil he knew and the devil he did not. He chose the one he knew.
Unfortunately, this story does not have a happy ending. The devil he did not know was eventually created. It is called Fingerprinting, and Montulli was right. It is far worse than his cookies. However, this marks the end of the cookie’s story, the story of how the hard work of a genius was corrupted into the tool of spies. Though they have attained the ire of the masses, maybe the next time you buy groceries online you will remember all the good cookies do for us, as well as all the bad that comes packaged with them.
Sources:
https://www.digitaltrends.com/computing/history-of-cookies-and-effect-on-privacy/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#security
https://allaboutcookies.org/what-is-a-cookie
https://developer.mozilla.org/en-US/docs/Web/Privacy/Third-party_cookies
No comments:
Post a Comment