|
Sam Eldin - IT Profile |
|---|
| Home | CV - Resume | Tools 4 Sharing | Architects 2 Show | Big Data Presentation | Android Training | Java-Unix Code Templates | Interviews QA & Code |
|---|---|---|---|---|---|---|---|
|
|
|
Cookies Replacement - R.I.P (Linkedin Post) 
|
|---|
|
We are presenting the following issues and answers: • What is a Cookie? • Misuse of Cookies • Issues with Cookies? • Cookies, Security and Services • Browser Vendors • Our Cookies Replacement What is a Cookie? An HTTP cookie is a small piece of data (string) sent from a site (web server) to a user's web browser. Every time the user visits the site, the browser sends the cookie back to the server to notify the user's previous activity. In a nutshell, a cookie is a string of information that a site's web server stores on the browser's side and gets it back when the user visits the site. Misuse of Cookies: Cookies' developers have been loading cookies with data to make their tasks easier. Sadly loaded cookies with data can be used by hackers to gain information about users and site servers. Third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories; which is a potential privacy concern. Third-party tracking cookies are shared by different vendors for personalizing and customizing web pages. Issues with Cookies? The problem is cookies are being misused and mobile vendors are restricting the number of cookies and usage on mobile platforms. Not to mention Apple and Google have their own unique approach, Apple has Universal Device Identifiers (UDID) and Google has an identifier all of its own. Cookies, Security and Services: Cookies can be used as a security parameter(s) on web, mobile or any new technologies. They also can help with the personalization and customization of web pages. Vendors can share cookies to service their common clients. Browser Vendors: Browser vendors have the biggest role in keeping or eliminating cookies. They can make life easier for security and web architects and developers. Sadly there is no standardization of cookie handling and developers are developing different code for different browsers. Our Cookies Replacement To address all these cookies issues and the future of cookies, we have an alternative approach. We believe we need to create an "ID Address" (IDA) similar to an IP Address. IDA will be used to identify the customer and would be stored on the browser/mobile. It will be a string of 16 bytes and consists of the following two sections: • Public substring (8 bytes - 2 set of 4 bytes string) • Private substring (8 bytes - 2 set of 4 bytes string) 
One of these Bit Flags can be used in combo to set multiple options. For example, if we use two bits as a combo we have four options for one browser's setting as follows: 00 = no time expiration date or use the browser expiration setting 01 = use the included timestamp as the expiration date 10 = other option such as end of month expiration 11 = expire on exist Sharing IDA by Vendors: 4 or more bits (in the second public substring - Browser's On/Off settings) can be used as a password or a Group ID for vendors to share IDA. This means that the browser would include the IDA for this IP vendor plus all the IDA which have the same bit password or Group ID in "HttpServletRequest". As for mobile, it would return a comma separated string with all the IDA with the same Group ID or password. Visitor's ID Usage: Not only can the 4 bytes (32 bits) be used as an ID but also as a setting to compile long-term records of an individuals' browsing histories. Such history would be hashed into turning bits On/Off as is currently done with browser settings. As a security measure, these hashed bits would be only known to the group or vendors sharing the common IDA. We are planning on releasing a template of our java code, displaying our approach to 16 bytes IDA (cookies replacement). |
|---|