HTTP cookies have been widely used for maintaining session states, personalizing, authenticating, and tracking user behaviors. Despite their importance and usefulness, cookies have raised public concerns on Internet privacy because they can be exploited by third-parties to track user behaviors and build user profiles. In addition, stolen cookies may also incur severe security problems. However, current Web browsers lack secure and convenient mechanisms for cookie management. A cookie management scheme, which is easy-to-use and has minimal privacy risk, is in great demand; but designing such a scheme is a challenge. In this paper, we conduct a large scale HTTP cookie measurement and introduce Cookie Picker, a system that can automatically validate the usefulness of cookies from a Web site and set the cookie usage permission on behalf of users. Cookie Picker helps users achieve the maximum benefit brought by cookies, while minimizing the possible privacy and security risks. We implement Cookie Picker as an extension to Firefox Web browser, and obtain promising results in the experiments.

• 出版日期2010-9-15