New internet cookies could steal users' identities, invade privacy, says EU cyber agency

News

New internet cookies could steal users' identities, invade privacy, says EU cyber agency

Ian Grant

A new type of internet cookie threatens users' privacy and security by tracking their online behaviour for advertising management, profiling, and other reasons, the EU's cyber security agency Enisa warns.

"The possibilities to misuse cookies both exist and are being exploited," Enisa said in a recommendation to EU member states to examine their implementation of Directive 2009/136/EC, which seeks to govern the use of cookies. The deadline for implementing the directive is 25 May 2011.

Describing the latest breed of cookies (short bits of code that help to regulate a user's visit to a website via the browser) Enisa says the advertising industry has led the drive for new, persistent and powerful cookies, with privacy-invasive features for marketing practices and profiling.

It says both the user's browser and the origin server must assist informed consent, and that users should be able to manage their cookies easily.

Enisa says the new cookies support user identification in a "persistent manner". They do not have enough "transparency" in how they are being used, so it is hard to quantify their security and privacy implications, it says.

Enisa says informed consent should guide the design of systems using cookies and that their use and the data stored in cookies should be transparent to users.

"All cookies should have user-friendly removal mechanisms which are easy to understand and use by any user," Enisa said.

It says storage of cookies outside browser control should be limited or banned, and that users should have an alternative service channel if they do not accept cookies.

Enisa executive director Udo Helmbrecht said these next-generation cookies need to be as transparent and user-controlled as regular HTTP cookies. "This would safeguard the privacy and security aspects of consumers and business alike," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy