50 Cookie visualiser - Browser independent

visualisation of cookies stored on your

personal computer
Gowri S1,a, Senduru Srinivasulu1,b, Johnpaul S2,c,
Surendran R3,d and Jabez J1,e
1
School of Computing, Sathyabama Institute of Science and Technology, Chennai,
Tamil nadu, India
Department of Information Technology, Vel Tech Multi Tech Dr.Rangarajan
2

Dr.Sakunthala Engineering College, Tamil nadu, India

3
Center for Artificial Intelligence & Research (CAIR), Chennai Institute of Technology,
Tamil nadu, India

Abstract
Tracking a user’s online activities to target them with advertisements, gathering their
personal information, profiling them has become pervasive. Cookies are small bits of
data that are stored on a user’s computer system. Web browsers and servers mainly
use these cookies to capture information about user’s online behaviour and also IP
addresses of users on the web. Currently, Internet e-commerce is relatively limited in
using these cookies, as the sensitive data cannot be safely stored and communicated.
Browser independent cookies are those that are used by third-party applications pres-
ent on various websites to track user online activities. Many online marketing ven-
dors follow users on the Internet by investigating these cookies. The General Data
Protection Regulation (GDPR), an EU legislation has enforced that one may not
track users without their consent or other legitimate reasons which is an effective step
in securing our privacy.

Keywords: cookies, privacy, security, applications, policies, browser

Introduction
The Internet plays a huge part in everyone’s life. We utilise it for almost everything
from education, banking, shopping to entertainment. We often give away a lot of our
personal information voluntarily while creating accounts on websites or purchasing
online. Let us consider a user is looking out for product on a shopping website and
they switch to a social networking site like Facebook, they are displayed with adver-
tisements of exactly similar products they have been previously searching for. This is
feasible for the websites to gather uniquely discoverable data about users that links
them to recurring visits. This process is known as web tracking [1]. It is especially
used to display customised advertisements and product recommendations to users.
There are several methods by which information about the users are collected which
a
[email protected]; [email protected]; cjohnpaul.svist@
gmail.com; [email protected]; [email protected]
336 Proceedings Goel Institute of Technology and Management

we will be discussing in this paper. The information gathered could be a user’s IP

address, details about the operating system being used, browser details and even the
location and browsing details of a user.

Literature Review
In the year 1994, Lou Montulli, a 24-year programmer from Netscape communi-
cations established cookies [2]. They keep track of all the browsing activities of a
user and they provide targeted information like recommendations, advertisements,
etc. One of the basic functions of a cookie is to remember the login credentials of
a user and thereby allowing them to enter into the same website without providing
their credentials all over again. This is because they are already stored on the user’s
machine. Lou first built an online shopping site for an ecommerce application and
saw that the company’s server was filling up with client shopping cart data as they
browsed the online store. As a result, he devised a method of keeping each user’s
shopping cart data on their own computers. This technique eventually saved a lot of
money and server space for the companies. The establishment of cookies was not so
popular during that period. Users were unaware of the presence of cookies because
they were accepted by default [3]. A cookie policy is a formal declaration which
states the purpose of the data tracked by cookies and how this data will be utilised
and where the information will be sent. These cookie policies should include infor-
mation on how a user can opt out of cookies or change their cookie preferences while
visiting a website. A number of websites have cookie policies as part of their privacy
policies. Because cookies can monitor, track, disclose, and store a user’s behaviour,
they pose a possible privacy risk. The privacy policies might be static but the cookies
that are stored on websites are dynamic in nature. As a result, proper cookie policies
must be updated on a regular basis to ensure that the data is correct [4].
Browser Cookies generally help us to authenticate quickly the next time we log in.
Every time we enter a website, new cookies are generated and stored. These cookies
are not considered as a hazard unless another individual uses your personal computer
for malicious purposes. Some of the cookies might be used to track the user’s behav-
iour which we will be discussing in the upcoming sections in this paper. The login
cookies are enabled when you select ‘remember me’, so that you need not re-enter
the credentials every time you log into a website. They are regular cookies designed
to store information for a shorter duration and are terminated. It is up to the user
to allow these login cookies depending on the usage or sharing of the personal com-
puter. First part cookies are those belonging to the current website we are on and it
does not track what we do on other websites. First-party cookies come in two vari-
eties. Session cookies and persistent cookies are the two types of cookies. A session
cookie stores the information in its temporary memory location that does not person-
ally identify the user and then delete the information once the session is terminated
or when the browser is closed. The term “session cookie” is also used to refer to a
“transient cookie”. Every time user clicks a link, the website will forget about your
last visit. For example, let us consider a user shopping online and he/she adds an item
to the shopping cart. If the user then views another item on another page, as soon as
the new page loads, the cart will be empty because it is not possible to track the pre-
vious action of the user. This is similar to how users select a language and the entire
 Cookie visualiser - Browser independent visualisation of cookies 337

page reloads all over again indicating a new session. Session cookies are not explicitly
regulated by the EU’s General Data Protection Regulation (GDPR). However, a prior
consent by the user when processing the legitimate interests of the person responsible
or a third party is required. The session cookie is generally considered to be one of
the most mandatory cookies for the functioning of Internet webpages. This implies,
regardless of web browsers such as Chrome, Firefox, Edge or Safari, session cookies
are browser independent and their usage need not be requested when visiting a web
page. Persistent cookies do not expire even when a browser is closed. It only ends
after a certain amount of time has passed. A persistent cookie’s lifetime is determined
by the user [5]. Every time a user views an online resource or the website itself,
the information will be sent to the website’s server. As a result, persistent cookies
are known as ‘Tracking Cookies,’ because they can be used by advertisers to collect
information for other legitimate purposes, such as keeping users logged into their
accounts on the corresponding websites so that they don’t have to re-type their user
credentials every time they visit.
Third-party cookies are also persistent in nature. They’re commonly used for
tracking user movements to obtain marketing or demographic data. Disabling the
third-party cookies will make it hard for the advertisers to capture information about
user online activities. Third-party cookies are sometimes blamed for its delay in load-
ing web pages. Some browsers, such as Safari and Firefox, block them by default.
Others let you opt-out in their settings menu. Flash cookies also known as Local
shared objects, are used to enhance user experience by storing user preferences, Flash
videos, save data from Flash games and a lot more. It is basically a text file that is
generated by the Adobe Flash plugin. They are just like browser cookies as they can
be used by websites to collect information about the users. They are set by the Flash
plugin. Flash cookies are saved in users’ local file system, the Flash storage, where
web browsers do not have any control. A Flash cookie does not have any effect if a
user has enables privacy settings of his/her browser such as automatic clearing the
history and browser cache. The fact that Flash cookies are stored on the client’s local
file system, makes it feasible for the cookie to monitor user’s independent of brows-
ers. When a website includes a Flash element, for example an advertisement banner, a
request is initiated by the client’s browser for this resource, and the text file (cookie)
is sent to the client. Flash elements can be embedded from third-parties also, allowing
the Flash cookie to trace user’s cross-site. When they are used for tracking purposes,
they contain a name and a value, where the value is unique for each user [6]. Flash
cookies are importantly used in web tracking often have the name or user ID and
contain 16–32-bit value.
Flash cookies are also used as a backup for the browser cookies. For instance, if
a website sets both Flash and browser cookies with the same name and value on a
user’s computer system and then the user deletes his/her browser cookie storage, flash
cookie still has the ability to respawn the browser cookie. This is very complicated
and a major privacy concern for users who prefer not to be traced and delete the
cookies saved in their computer browser, as they are still being captured by the Flash
cookie which retains the general browser cookies. Flash cookies were also known
to monitor users in Incognito or private browsing mode. All these concepts com-
bine together creates Flash cookie which is way more efficient than regular browser
cookies [7]. Zombie cookies are malicious cookies since they have the potential to
338 Proceedings Goel Institute of Technology and Management

reappear after being removed, independent of the browser. As a result, adversaries

seek for or create these types of cookies for nefarious and malevolent purposes. Super
cookies are also called as Zombie Cookies because they trace and collect informa-
tion about user’s online activities and history. They have the ability to restore already
deleted regular cookies that are no more stored on the computer system or on the
smartphone which makes them powerful privacy-invasive when compared to other
existing cookies [8].

Proposed Cookies Tracking Tools

Cookie Visualiser is a Firefox Plugin that enables users to see the cookies traffic
between websites and the users who use that website. Third party cookies are the effec-
tive means of capturing user activities to facilitate real-time bidding for display ads on
Web pages. Visualisation of cookies information will help the user in real time to be
aware about the third parties that are engaged in monitoring their online behaviour.
Fireebok Cookie Viewer is a cookie managing application for macOS, which helps
us to view all browser cookie data, other captured binary cookie files from multiple
applications, and add the websites to the whitelist and graylist, then manually or auto-
matically delete all cookie data present in graylist, or remove all cookie data that are
not in whitelist. It tells us how to remove the selected cookies from the browser cookie
data captured by this cookie monitoring tool. Run cookie viewer, choose Chrome or
Firefox or Safari cookie button to open browse cookie file. One can delete the cookies
depending on the user’s selection, graylist a website and manage them. Websites can be
added and removed from graylist depending on the user needs. Clearing up browser
data depends on the time interval that user specifies. It could be monthly clean up or
weekly or even daily. We can also run this application in the background while brows-
ing through different websites so as to keep track of cookies data.
Lightbeam is a Firefox plugin and also a visualisation tool that helps us to view
which websites follow you online. It enables user to detect third party websites that
derive your data, tracking the online browsing behaviour of the user for targeted
advertisements and other purposes. Figure 50.1 illustrates the visualisation offered
by the Firefox add-on. Every visited domain is visualised as a large triangle which is
built suing small triangles that indicates, been employed third party systems.
A Cookie crawler or cookie scanner is basically a browser which will visit websites
automatically. A scan is thus initiated which is used to determine the vendors that
present on the website and also the cookies that they have set. Based on the scan
report, cookies can be classified as one of the abovementioned types in section B
and also the purpose associated with each cookie. By doing this, we can inform the
website visitors and thus become GDPR Compliant. All that is required is you need
to register using an email id which will be saved for 30 days by the consent manager.
Website owners will be notified about the crawls, cookie consent and GDPR compli-
ance solutions. CookieMetrix is used for scanning the entire website, verifying user
requested URLs and providing information about their value of cookies, the domain
and the detailed result. A CookieMetrix webpage report gives a detailed information
to the user and also declares if the website is in compliance with the EU law.
Flash and Silverlight cookies, which we have discussed in the section B are com-
pletely browser independent. This implies, when you delete your browser data from
 Cookie visualiser - Browser independent visualisation of cookies 339

Figure 50.1: Light beam visualisation

the computer system using a third-party application such as CCleaner, the browser
independent cookies still remain in the system and are not deleted. Therefore, Flash
and Silverlight does not cause any issues but help you in quicker access to anything
they are related to. For instance, these cookies help you watch a TV series or watch
a movie online or play a game where you left it or resumed, without losing track of
your previous progression. Therefore, we can declare that Flash cookies are not dan-
gerous because, they provide us a quality user experience. However, there are chances
of exploitations for browser independent cookies as the cookies cannot be removed
that easily form the computer system. Let’s look at the drawbacks of cookie policies
and browser search history storage presently. Users are often influenced by getting
notifications about certain websites they have visited already or products they would
want to purchase. Lack of understanding of the cookies policies will put their per-
sonal data at a risk. Therefore, it is advised to understand the cookie policies before
entering a particular website. The evaluated data represents that most of them are
much aware of the consequences if their search history is revealed to organisations
and this will not influence their activities over the internet. According to the statistics,
4.45 for those under 30 years old and 4.71 for those over 30 years old. The age gap
between these two age groups is extremely narrow, implying that they are difficult to
govern. The second assertion, on the other hand, refers to the user’s perceptions of
others. They believe that others can be readily controlled if a third party or external
body has access to their search history (5.41 for those under 30 and 5.50 for those
over 30). It’s worth noting that everyone believes they can’t be duped. Other people,
on the other hand, are fairly certain that they will be exploited. Age does not matter
when the opinions are more or less the same.
Let us now understand the user’s attitude about intrusion in a private circle.
Internet is considered as a major factor which endlessly monitors user’s private lives
and is said to be unreliable. People tend to make decisions, but the decisions taken
varies from one user to another. Let us suppose users post, like or share something
on the internet there are situations when users feel highly obliged to post even more.
Preserving search histories can also help to derive such an opinion. Internet, mobile
devices which we use in our every day’s life play a very vital role, so it is hard to get
away from them. The routine proceedings include using the internet to balance social
340 Proceedings Goel Institute of Technology and Management

relationship, meeting job requirements, household responsibilities and education.

Therefore, People should seek a balance to protect their private life as well. When we
look at the above-mentioned statements in the table, it is noted that users are unhappy
when they are forced to accept website’s data protection policies when they need to
access desired websites. It is found that the first statement is same as regardless of age
category (6.22 for all age groups). Users find it uncomfortable, especially when they
need to agree with the terms and conditions of the cookie policies while visiting the
webpages. The average response for the second statement is likewise nearly compa-
rable (5.66 for persons under 30 and 5.70 for people over 30). Despite this, all of the
average findings for these concerns are over the curve, indicating that online domains
with such requirements on their websites should pay attention. At the same time, con-
sumers are forced and are under pressure, but if they had an option to choose from,
they will not be visiting these websites anymore, which could degrade the impact on
the performance of the online business in the long run. Consumers are coerced and
under pressure at the same time, but if they had a choice, they would not visit these
websites, which could have a negative impact on the internet business’s performance
in the long term. The statement about consumers’ readiness to allow their personal
data to be used in exchange for advantages received average values (3.53). There is
an average rating for both parties, indicating that interviewees are undecided about
whether they would prefer this option if confronted with this scenario.
Protection Measures: We have seen the different ways by which cookies intrude
our privacy by collecting valuable information about us. However, there are incon-
sistencies in the value of privacy as it completely dependent on the user. If we do not
want our movements to be tracked online, we can improve our privacy using the
below protection measure. Use Web Browser’s Private mode is a built-in private surf-
ing option is available in the most recent web browsers for desktops and cell phones.
In Google Chrome, this is referred to as incognito mode, and in Internet Explorer, it is
referred to as In Private. This function will not save your browsing history or Internet
cookies. If you use your computer with others, adopting the privacy mode on your
web browser becomes much more important. Private browsing removes third-party
toolbars and click trackers that trace a user’s movements throughout the internet in
many circumstances.
Use a Privacy-Friendly Search Engine is strongly advised that you switch from
Google to a more privacy-conscious search engine. There are several such search
engines namely, DuckDuckGo, Startpage, Swisscows and a lot more. It doesn’t keep
track of user data, store IP addresses, or use cookies to follow your movements. Clear
Browser Cookies can manually delete the browser cookies or adjust the browser’s
settings to automatically delete the browser cookies after every session. However,
we need to enter the credentials every time we log in to a website but on the positive
side, our online behaviour is well protected as it would not be exposed to different
advertisers, marketers or adversaries. Virtual Private Network will help to establish
a secured internet connection while using public networks for communication. They
encrypt our internet traffic to prevent man-in-the-middle attacks. This will make it
difficult for the third parties to monitor our activities online and thus prevent data
theft. There are several anonymous VPN services that help us prevent our browsing
activities from being profiled on the basis of cookies stored in the user’s computer.
Moreover, our IP addresses are also exposed to the outside world. This implies that
 Cookie visualiser - Browser independent visualisation of cookies 341

our online behaviour is traced by advertisers, Internet service providers and many
other departments. Everything is quite transparent and thus needs a protection mea-
sure. If we want to be anonymous online, it is encouraged to go for anonymous VPN.
A good VPN system will not just provide a whitelisted IP address, but also secure the
data being transmitted through end-end encryption.
People seem to be more sceptical and concerned about their online activities being
monitored. There are so many drawbacks associated with the browser independent
cookies stored on your computer which reveals sensitive personal data that can be
connected the user´s real world identity. Awareness on online tracking is overall,
greatly non-existent. This is one of the common reasons for these fears. In this paper,
we have discussed methods to track and manage the cookies stored on your com-
puter. Apparently, a cookie visualisation tool is yet to be invented. On the other hand,
educating the users is not an easy task simple and such an approach can still led to
great rejection of fears or tracking. Therefore, we can still secure our privacy by man-
aging the cookies stored on our local machine. This can be done by managing the
browser settings by following the below simple steps. Navigate to settings, advanced
settings, select privacy and security option, click on cookies and site data. Toggle
“Block third-party cookies” on to disable third-party cookies. To disable all cookies,
turn off the “Allow sites to save and read cookie data” option. Another possibility to
manage cookies, by clearing the browsing history which prevents user online activ-
ity tracing. This can be fulfilled by checking the options like browsing history, saved
passwords, cookies and site data, cached images and files. This will certainly prevent
us from behavioural profiling by adversaries or third-party vendors.

Conclusions
Cookies are text files which contains small segments of data that are used to identify
users based on their browsing activities. They are especially used to enhance a web-
site’s overall browsing experience. They tend to collect information about websites,
users and thereby potentially using them for profiling users and deliver various types
of targeted advertising marketing. The EU’s major goal is to assist users in protecting
their data, so it requires that websites include a notice that informs users on how these
cookies are used. In this paper, we have seen the various browser independent cookies
and their functioning. We have also discussed the different types of cookies tracking
tools that helps us understand the types of cookies stored in our computer. However,
these cookies are also responsible for invading user’s privacy. Thus, to overcome such
situations, protection measures are described which could be implemented to protect
our privacy. Online privacy continues to be a major concern for consumers, online
organisations, and policy makers. Ultimately, our findings mainly reflect the views of
the different aspects to protect our identity from being revealed by inventing a cookie
visualisation tool in the nearer future.

References
[1] Kora´c, D., Boris, D., Dejan, S. (2020). Information security in M-learning systems:
Challenges and threats of using cookies. 19th International Symposium INFOTEH-
JAHORINA. IEEE.
342 Proceedings Goel Institute of Technology and Management

[2] Pelau, C., Miruna, N., Mihaela, S. (2020). Consumers’ perception on the advantages and
disadvantages of cookies and browsing history. Proc Int Conf Business Excell. 14(1).
[3] G. K. J, G. S, Rajendran, S., Vimali, J. S., Jabez, J., Srininvasulu, S. (2021). Identification of
cyber threats and parsing of data. 5th International Conference on Trends in Electronics
and Informatics (ICOEI). pp. 556–564. doi: 10.1109/ICOEI51242.2021.9452925.
[4] Gowri, S., Srinivasulu, S., Jabez, J., Vimali, J. S., Sivasangari, A. (2021). Discovery of local-
ized malicious attack in wireless networks. Smart Innov Sys Technol. 225:207–216.
[5] Tamilvizhi, T., Surendran, R. (2020). Time and cost-effective recovery mechanism for
unhealthy resources in proactive fault tolerance framework. 3rd Smart Cities Symposium
(SCS 2020). pp. 444–449. doi: 10.1049/icp.2021.0756.
[6] Kulyk, O., et al. (2018). This website uses cookies: Users’ perceptions and reactions to the
cookie disclaimer. European Workshop on Usable Security (EuroUSEC).
[7] Eric, G. (2021). How to Control and Delete Cookies on Your Browser, Online: https://
uk.pcmag.com/how-to/40872/ how-to-control-and-delete-cookies-on-your-browser,
(accessed in 03.2021).
[8] Surendran, R., Tamilvizhi, T. (2020). Cloud of medical things (CoMT) based smart health-
care framework for resource allocation. 3rd Smart Cities Symposium (SCS 2020). pp.
29–34. doi: 10.1049/icp.2021.0855.