An HTTP cookie is a small piece of data stored on the user’s computer by the web browser while browsing a website. Cookies were designed to be a reliable mechanism for websites to remember stateful information or to record user’s browsing activity. Google Project Zero researcher Jann Horn describes ways cookies can be read by intermediaries, like Wi-Fi hotspot providers.
About HTTP cookie in brief
European and U.S. lawmakers took action in 2011 to require websites to obtain user consent before storing cookies on a user’s device. The original RFC 2109 was not followed by Netscape and Internet Explorer and was superseded by RFC 29-Cookie in April 2011. The recommendation about cookies was seldom used however, and was written as a Set-Nets-style header, which came to be called ‘Cookie-style cookies’ in October 2000. In February 1997, the Internet Engineering Task Force identified third- party cookies as a considerable privacy threat and recommended that they not be allowed at all, at least not enabled by default. At this time, advertising companies were already using third- parties to track users’ browsing habits. The specification produced by the group was eventually published as RFC 2 109 in February 1997. It specifies that cookies were either not allowed or not enabled at all at least by default, or that they were not allowed by default to be used at all. In April 2000, RFC 2965 was added to the RFC, which informally comes to be known as ‘Set-C Cookie header’ It was written by Brian Behlendorf and David Kristol as opposed to the original Set-C cookie header which was called ‘Netscape-stylecookies’ The first mention of cookies in the media was in the Financial Times on February 12, 1996. In the same year, cookies received a lot of media attention, especially because of potential privacy implications. The development of the formal cookie specifications was already ongoing.