www.ijcrt.

org © 2019 IJCRT | Volume 7, Issue 1 March 2019 | ISSN: 2320-2882

Cookies Privacy and Cyber Security

Ashok Kumar Reddy Nadikattu

Sr. Data Scientist & Department of Information Technology

California USA

Abstract attackers may use these cookies to monitor users’

If you use the word “cookies,” some people online activities and commit cyber-crimes such as
would believe you’re about to give them a treat. sending malicious ads (Zarouali et al., 2017). This
However, from a computer standpoint, these are not paper aims to describe the different types of cookies
dessert menu objects, and they cannot be tangible and how they are used to invade data privacy.
objects. Still, they serve essential functions in Additionally, the report will discuss cybersecurity
assisting someone who is searching the internet, and threats that may arise when cookies are used in a
they may cause problems if not handled properly. A computer or browser.
computer cookie is a tiny text file that is stored in the Keywords
browser of a computer. A device cookie is also Cookies, Cybersecurity, data privacy
known as a browser (internet/web) cookie or an Introduction
HTTP cookie informally. A cookie is a set of data, In contemporary society, technological
regardless of its name. A cookie allows a website to innovation has elicited a mixed response. Despite the
remember information and details such as a user’s fact that information technology makes person and
interests to be recognized when they return. In business activities much more accessible, there are
layman's terms, a cookie can be thought of as a many problems associated with its use. Within
"memory" that allows a website to recognize and minutes, you can lay back, make a purchase, and
react to a user. When a computer user visits a have ordered goods to your home. In the same way,
website, the website sends a cookie to their automation and improvements in technology have
computer, which the computer receives and stores in helped businesses significantly reduce the cost of
a designated location of the browser. It aims to aid manual effort in manufacturing processes. Social
the browser in tracking and recording browser networking is possible thanks to various social
activity. Many users tend to keep records of their media sites that provide unique services to their
searching and download activities by saving their users. Human beings pay the price for information
login information on frequently visited websites technology. When it relates to the use of information
(Lacy and Prince, 2018). Despite their monitoring technology by individuals and companies, one of the
and storage capabilities, fraudsters and cyber- significant points of concern is Cybersecurity
IJCRT1134034 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org 70
www.ijcrt.org © 2019 IJCRT | Volume 7, Issue 1 March 2019 | ISSN: 2320-2882

(Gootman, 2016). Data has become the new digital that have been enforced across the world take
gold, and it is expected to become more costly, seriously (Confer & Heuple, 2017).
especially as the digital age continues. Awareness is Literature Review
a critical component of nearly any project being Cookies
initiated, whether it is a research study or an It would be impossible to talk about
advertising campaign for businesses. Also, for small Cybersecurity without mentioning cookies. These
companies, data is essential for determining the can be defined as small text files that are found on a
project’s viability. computer. They recognize the activities of a network
Because of the risks that could come with the as shared between web pages (Kulyk, Hilt, Gerber,
disclosure, internet users have been concerned about & Volkamer, 2018). They mainly help in logging in
their personal information being exposed as they use to a website and purchase of items on an online
social media sites. With the increased use of the platform. Through cooks, servers can identify one's
internet for purchasing and selling, online users have computer and remember things that are conducted
expressed concern about the security of their by an individual through his laptop. Cookies are
personal information exchanged with different widely used by advertisers and online businesses in
websites. As a result, Cybersecurity has become one marketing their operations online (Zarouali et al.,
of the most critical aspects of treatment for many 2017). The use of cookies has been a subject of
people and organizations. In today’s world, identity heated discussion regarding vulnerabilities they
fraud has become commonplace. It’s difficult to read create in one’s system through the sharing of
or watch the news without seeing any incidents information about the online activities of a user.
involving Cybersecurity. It is clear that While many people view cookies as a security threat,
advancements in security practices have not an equal number of people feel that cookies indeed
balanced advancements in information technology. pose no danger to Cybersecurity and only the
It’s become increasingly difficult for systems to be privacy of IT users. Much research has been done on
entirely safe, as technological advances have the same, and answers vary from one research work
exposed flaws in even the most secure methods. As to another. The history of cookies dates as early as
a result, researchers and I.T. experts must devise 1994. In this year, Lou Montulli developed one of
new strategies for improving Cybersecurity while the earliest web browsers in the world of computers.
still keeping up with technological advancements to He acquired a lot of experience, and his innovative
plug the gaps in current security measures (Baumann minds helped him come up with cookies, HTTP
& Schunemann, 2017). All security risks are faced proxying, and Server push and Client push.
by humans interested in mining personal data for According to Montulli, cookies got their name after
various purposes, including identity theft and service a computer science word, “Magic Cookie,” which is
denial. Different laws regulate the use of technology; described as something passed by routineness of
online privacy is something that many cyber rules applications that allows the recipient to conduct

IJCRT1134034 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org 71

www.ijcrt.org © 2019 IJCRT | Volume 7, Issue 1 March 2019 | ISSN: 2320-2882

some operations. At Netscape browse, Montulli had Types of Cookies

an idea of using some programs similar to cookies in There are three different types of cookies;
the company's browser for communication. Cookies they include third party cookies, persistent cookies,
then became the first to be used in the company's and session cookies. Cookies are virtually visible
brewers in knowing whether users had visited the small text files that significantly differ from one
company's website. These cookies allowed the another. Each type of cookie has a distinct function
website to remember a person's preferences and keep and mission as described below.
a history of the items viewed by a visiting customer Session cookies
as placed in the virtual carts. These are simple cookies that remember the
At this period, people did not understand online activities of a person. Owing to the fact that
cookie until the year 1996, when potential threats by websites do not have memory, it would be typically
cookies on personal information were popularized impossible to remember the browsing history of an
by the media. The issues raised by the numerous individual without these cookies. Each activity done
media reports revolved around the fact that cookies on a website would be treated as a new user with a
were storing information on personal computers new business. Some application of session cookies
without the user’s knowledge. The news spread and can well be illustrated by looking at online shopping.
created panic in the country, such that in the year Here checking out guarantees the items will be found
1998, the U.S. Department of Energy Computer thanks to the cookies.
Incident Advisory Capability released a report that Persistent cookies
entailed its assessment on the issue of cookies. The These are also known as first-party cookies.
report asserted that the vulnerably of various system They usually function by tracking all online
or snooping through the use of cookies could not be activities and preferences of and a giver person. For
ascertained in any way (Floros et al., 2013). The instance, for the first visit to a site, the cookies are
report conducted that cookies could only tell a web basically at their default state. When one
server whether a person had been visiting the personalized the website, these cookies have the
website before. The limited information shares with ability to remember these settings and put them in
the website servers included several visits to remind place with each login by that individual. The
the site of the next stop. The report clarified that the functioning of computers is similar to these cookies
information on the places that a user had visited in that each login makes machines set all the
before could easily be located from the browser log preferences set, including the language selection and
files and could be used in tracing the user’s browsing the bookmarks. These cookies are usually stored on
habits. Therefore, cookies only made this function the hard disk, generally for a long time.
easier. Third-party cookies
These are also known as tracking cookies;
they collect the data regarding one’s online

IJCRT1134034 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org 72

www.ijcrt.org © 2019 IJCRT | Volume 7, Issue 1 March 2019 | ISSN: 2320-2882

activities. Each time a person visits a website, Cybersecurity. There are various components of
various information regarding the user's activities Cybersecurity. It would be impossible to attain
are collected and sent to the website that created complete Cybersecurity without privacy in I.T. At
these cookies. The data collected is hence sold to the the same time, it would be hard to achieve privacy
advertisers. Tracking of one’s interests, preferences, without Cybersecurity. This means that the two
and search trends is done through this. Therefore, terms complement each other in the world of
marketers can send customized ads to a person Information technology. There are various roles that
thanks to the information revered through these both I.T. users are anticipated to play in enhancing
cookies. However, this is viewed in many aspects as their security. On the other hand, the developers of
being intrusive to the users' online privacy. sites and applications are also expected to increase
Privacy the security features of their websites to protect the
There is nothing valuable in the world of user data from being accessed or stolen by attackers
information technology as having privacy with your (Zhelang, 2017). The growth of information
online activity and information shared. Privacy technology has prompted a regular revision of the
touches on various aspects of life, ranging from cyber laws to ensure all the emerging issues in the
access to the medical history of a patient: personal cyber world.
bio and other necessary information, such as credit Cookies and Privacy
and social security number (Torra, 2017). According For quite some time, cookies and privacy
to the Health insurance portability and have taken the forefront in various discussions, with
accountability act (HIPAA), individuals have the many people arguing that cookies do not pose any
right to autonomy for their personal information vulnerability to privacy concerns of uses of
from unauthorized access by third parties. Entities information technologies. The same opposition is
such as hospitals have the duty to ensure that the seen from the people who say that cookies have
information shared by the patients remains secure nothing to do with vulnerabilities on people's
and private, as stipulated by the act. Failure to adhere privacy concerns and their systems. The reality is
to the provisions of the law is liable for a fine or a that cookies do not damage computer systems in any
jail term. The essence of privacy for individuals is to way. They’re all text files that can be disabled
ensure that one's personal information remains in whenever you want (Cavusoglu et al., 2005). They
one's realms. No one can be jeopardized based on the aren’t plug-ins, and their applications aren’t either.
information shared with entities such as hospitals. It Cookies cannot be used to spread malware or gain
also protects one from incidences that may be access to your computer’s hard drive. This isn’t to
brought about by exposing one’s personal say that cookies aren’t crucial for a user’s online
information to third parties. privacy and anonymity. Cookies cannot access your
Privacy and Cybersecurity are intertwined in hard drive to obtain information about you; however,
a manner that one cannot detach privacy from unless you have disabled cookies in your browser,

IJCRT1134034 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org 73

www.ijcrt.org © 2019 IJCRT | Volume 7, Issue 1 March 2019 | ISSN: 2320-2882

any personal information you provide to a Web site, to an increased profit margin. Through these
even credit card information, will certainly be stored cookies, personal browsing data is analyzed using
in a cookie. Cookies are just a threat to privacy in the items viewed from one website to another
this way. Only information that you freely submit to (Jegatheesan, 2013). The information gathered is of
a website will be held in the cookie. great essence to the marketing body as it helps
In many cases, cookies can be blocked, but predict the purchasing behavior of the targeted
after doing this, many websites are rendered less customers and hence allows the business to serve
active as they were when cookies get blocked. When with the right products and services following their
one needs the entire functioning of the site, one is purchasing patterns.
prompted to accept the cookies to get the entire How Cookies Invade Privacy
operation of the website. People concerned about There are many ways online users have to
their security find cookies a nuisance to their describe and attested cookies to have invaded their
autonomy due to their impact on the effectiveness of privacy. To explain this, it is essential to use an
a web page. However, there are various ways example of an actual situation that can face anyone
through which this issue can be addressed. One of as they use the Internet—taking the case of a person
the best methods is to delete cookies once we close entering a restaurant or a lodge. One is stopped by
the browser. Another critical purpose is to browse by the security personnel at the entrance who ask to do
anonymizing; this ensures that one’s identity is a thorough search (Hessler et al., 2018). They record
masked. It, therefore, becomes complicated for the all the items found with you and also take notes of
cookies to track down the activities of a person. the items found with you. As if not enough, there are
However, in respect to jeopardizing the privacy and hidden cameras that record every activity and
security of people, cookies cannot be categorized as movement of a person. The functioning of cookies
such. People, therefore, need to be much concerned can be said to work similarly to this example.
about other technologies that can use these cookies Cookies gather information about the browsing
break down the security protocols of a system. activities of a person once they are allowed into
In many cases, cookies are usually set by the one’s computer (Gupta et al., 2016). This is viewed
sites that one visit; this is not always the case, in as a significant issue of concern regarding the
some instances, they are set by the third parties privacy of the people involved.
associated with the places that people visit. Not once On top of tracking down the activities that
that one tends to get cookies from the website that one engages in on his browser, cookies bring endless
he has never heard or visited. The truth of the matter ads that, apart from cutting disrupting browsing
is, these sites are usually related to the places we sessions, may prompt one to look at the items being
visit. The essence of these cookies is aimed at displayed. The issues with these adverts are that they
helping entities in marketing their brands with the are usually from the same website, and the
aim of increasing their sales revenues, which leads likelihood of a similar thing being shown is very

IJCRT1134034 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org 74

www.ijcrt.org © 2019 IJCRT | Volume 7, Issue 1 March 2019 | ISSN: 2320-2882

high. It eliminated the chances of a person viewing Another critical security compromise that
new themes and products from other business can be attributed to the use of cookies is the exposure
entities. Many people do not feel comfortable with of personal information. Information shared on a
the endless ads courtesy of cookies as they make the browser is likely to be collected by the cookies and
overall experience of browsing to be clogged by stored. If the website whose cookies have been
unnecessary popups (Isaak & Hanna, 2018). There allowed is malicious, the shared information can be
have been some development done on some used by people with ill motives to commit a
browsers to ensure that cookies are blocked cybercrime (Aggarwal & Reddie, 2018).
automatically to address this issue. However, this is Information such as credit card number and
not the final solution as it also limits access to sites passwords, when stored by the cookies, serves as a
that one must allow cookies to access the contents of significant risk to users' online privacy. When
the websites. accessed by third parties through cookies, this can be
Security Concerns Regarding Cookies a considerable security threat to the online users of
Although security issues are not directly government services (Houser & Voss, 2018).
associated with cookies, there are some incidences How Improving Cybersecurity Will help the U.S.
that cookies indirectly cause a security alarm for the Privacy infringement and Cybersecurity
users of I.T. For websites that generally use cookies attacks in the recent past have increased. Businesses
to provide access control schemes, having many and individuals have suffered losses due to data loss
users usually set cookies and login credentials and and identity theft. Despite technology seeing some
the session details in some cases. When not correctly rapid developments, there have never been effective
implemented, the system becomes prone to various security enhancement measures that address the
vulnerabilities imposed by third parties. In many security concerns people currently have. There are,
cases, packed sniffer programs can get into cookies however, some possible ways that can be
when transferred between the server and the implemented to reduce vulnerabilities and risks. One
browser, hence getting into a website in question that of the best ways to ensure that security and privacy
grants cookies (Degeling et al., 2018). With Domain are enhanced is by reducing over-reliance on I.T.
name server (DNS) used in determining the cookies (Aladeokin, Zavarsky, & Memon, 2017). This
used with a given served, it becomes quite possible ensures that critical information is not shared
for one to cheat and play ahead with a browse in through the Internet. Another important way to
sending cookies to the server through subversion of enhance privacy and security is by employing new
Domain name server temporarily. The chances of technology in managing incidences. This entails
compromising a person's login credentials become moving with the latest technology is addressing
one of the significant issues of concern through this security concerns. The use of antimalware may help
vulnerability created through cookies. detect malicious cookies directed at collecting
personal information.

IJCRT1134034 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org 75

www.ijcrt.org © 2019 IJCRT | Volume 7, Issue 1 March 2019 | ISSN: 2320-2882

Conclusion References
Though computer cookies are essentially 1. Aggarwal, V. K., & Reddie, A. W. (2018).
harmless, they can only store data in several Comparative industrial policy and
different ways. They cannot dig up personal cybersecurity: the US case. Journal of Cyber
information or reveal data on computers by Policy, 3(3), 445-466.
themselves. Users upload their information web sites 2. Aladeokin, A., Zavarsky, P., & Memon, N.
in order forms, login sites, payment sites, and other (2017, September). Analysis and compliance
internet pages, not cookies. After that, the data is evaluation of cookies-setting websites with
encoded and protected against attacks using security privacy protection laws. In 2017 Twelfth
features such as stable sockets layers (SSL). On the International Conference on Digital
other hand, Cookies have been heavily criticized in Information Management (ICDIM) (pp. 121-
the past for being seen as a potential threat to user 126). IEEE.
privacy. This is because they monitor user activity 3. Baumann, M. O., & Schünemann, W. J.
and save browsing history. This creates a significant (2017). Introduction: Privacy, data
challenge in ensuring cybersecurity as web users are protection and cybersecurity in
exposed to malicious ads, and their information can Europe. Privacy, Data Protection and
be tracked through the internet. Cybersecurity in Europe, 1-14.
In summary, security is one of the major 4. Confer, S., & Heuple, K. (2017). A socialist
concerns for online users. Privacy touches on theory of privacy in the internet age: An
various aspects of life, ranging from access to the interdisciplinary analysis. Philologia, 9.
medical history of a patient. Personal bio and other 5. Degeling, M., Utz, C., Lentzsch, C.,
necessary information such as credit and social Hosseini, H., Schaub, F., & Holz, T. (2018).
security number while security guarantees the safety We value your privacy... now take some
of the information stored from being accessed cookies: Measuring the GDPR’s impact on
through breaching security protocols. Cookies, on web privacy. arXiv preprint
the other hand, are primarily meant to enhance the arXiv:1808.05096.
user experience with the website. In many cases, 6. Edwards, L. (2018). Data protection and e-
they have been associated with the infringement of privacy: From spam and cookies to big data,
privacy rights of the online users. It is essential, too, machine learning and profiling. Machine
therefore, to understand how cookies work and the Learning and Profiling (May 23, 2018).
truth about them. Forthcoming in L Edwards ed Law, Policy
and the Internet (Hart, 2018).
7. Gootman, S. (2016). OPM hack: The most
dangerous threat to the federal government

IJCRT1134034 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org 76

www.ijcrt.org © 2019 IJCRT | Volume 7, Issue 1 March 2019 | ISSN: 2320-2882

today. Journal of Applied Security to footprint: Revealing physical world

Research, 11(4), 517-525. privacy leakage by cyberspace cookie logs.
8. Gupta, B., Agrawal, D. P., & Yamaguchi, S. In Proceedings of the 2017 ACM on
(Eds.). (2016). Handbook of research on Conference on Information and Knowledge
modern cryptographic solutions for Management (pp. 1209-1218).
computer and cyber security. IGI global. 16. Zarouali, B., Ponnet, K., Walrave, M., &
9. Hessler, M., Pöpping, D. M., Hollstein, H., Poels, K. (2017). “Do you like cookies?”
Ohlenburg, H., Arnemann, P. H., Massoth, Adolescents' skeptical processing of
C., & Wenk, M. (2018). Availability of retargeted Facebook-ads and the moderating
cookies during an academic course session role of privacy concern and a textual
affects evaluation of teaching. Medical debriefing. Computers in Human
Education, 52(10), 1064-1072. Behavior, 69, 157-165.
10. Houser, K. A., & Voss, W. G. (2018). 17. Zerlang, J. (2017). GDPR: a milestone in
GDPR: The end of Google and Facebook or convergence for cyber-security and
a new paradigm in data privacy. Rich. J.L. & compliance. Network Security, 2017(6), 8-
Tech., 25, 1. 11.
11. Isaak, J., & Hanna, M. J. (2018). User data
privacy: Facebook, Cambridge Analytica,
and privacy protection. Computer, 51(8), 56-
59.
12. Kulyk, O., Hilt, A., Gerber, N., & Volkamer,
M. (2018, April). this website uses cookies”:
Users’ perceptions and reactions to the
cookie disclaimer. In European Workshop
on Usable Security (EuroUSEC).
13. Lacy, M., & Prince, D. (2018). Securitization
and the global politics of
cybersecurity. Global Discourse, 8(1), 100-
115.
14. Torra, V. (2017). Data privacy:
Foundations, new developments and the big
data challenge. Berlin: Springer
International Publishing.
15. Wang, H., Gao, C., Li, Y., Zhang, Z. L., &
Jin, D. (2017, November). From fingerprint

IJCRT1134034 International Journal of Creative Research Thoughts (IJCRT) www.ijcrt.org 77