The cookie recipe: untangling the use of cookies in the wild

Research Projects
Organizational Units
Journal Issue
Users online are commonly tracked using HTTP cookies when browsing on the web. To protect their privacy, users tend to use simple tools to block the activity of HTTP cookies. However, the "block all" design of tools breaks critical web services or severely limits the online advertising ecosystem. Therefore, to ease this tension, a more nuanced strategy that discerns better the intended functionality of the HTTP cookies users encounter is required. We present the first large-scale study of the use of HTTP cookies in the wild using network traces containing more than 5.6 billion HTTP requests from real users for a period of two and a half months. We first present a statistical analysis of how cookies are used. We then analyze the structure of cookies and observe that; HTTP cookies are significantly more sophisticated than the name=value defined by the standard and assumed by researchers and developers. Based on our findings we present an algorithm that is able to extract the information included in 86% of the cookies in our dataset with an accuracy of 91.7%. Finally, we discuss the implications of our findings and provide solutions that can be used to improve the most promising privacy preserving tools.
Proceeding of: 2017 Network Traffic Measurement and Analysis Conference (TMA)
Cookie recipe, HTTP cookies, Online users, Web browsing, Block all design, Web services, Online advertising ecosystem, Network traces, HTTP requests, Privacy preserving tools, Computer network security, Data privacy, Online front-ends, Transport protocols, Web services, Tools, Privacy, Browsers, Ecosystems, Europe, Advertising, Web Pages
Bibliographic citation
TMA Conference 2017: Proceedings of the 1st Network Traffic Measurement and Analysis Conference, Dublin, Ireland, June 21-23, 2017, 9 pp.