How the Cookies Crumble
Much like the warm chocolate-chip cookies grandma makes, Internet cookies seemed like a great idea at first. But just like eating the entire batch gives you a stomachache, taking Internet cookies too far may have spoiled a good thing.
Industry News
Blogs
Briefing Room
advertisement
“Cookies were meant to be a way of storing shopping-cart information, but they quickly turned into an all-purpose surveillance mechanism,” said Jason Catlett, Junkbusters president (www.junkbusters.com). “The experience we have with cookies in the wired world serves as a strong warning for the wireless world.”
Current industry attitudes on wireless cookies are at polar opposites.
“One camp says it's not worth worrying about; forget it,” said Scott Wright, Netplex (www.netplexgroup.com) director of information security services. “The other camp says it's really important, and you ought to take time to find out what your policy should be.”
Most average consumers don't have a clue what cookies are, even though there is a substantial concern about Internet privacy. Consumers may become better educated about cookies as companies such as DoubleClick (www.doubleclick.com) continue to get heat for building and selling profiles based on cookie information. The question remains whether cookie-related fears will carry over as consumers migrate to the wireless side of the Internet.
Francesca Mabarak, Yankee Group (www.yankeegroup.com) senior analyst, wireless mobile, said they will, especially for the enterprise side, where wireless-cookie security is a major concern.
“The wireless part of it adds another layer of complexity,” she said. “If you happen to have an application open, and you lose your device, then all the information is decrypted right there. It may add more jitters to using cookies.”
Carriers may find that wireless is even more prone to Internet privacy concerns.
“There's no doubt that people's concerns about privacy are heightened on the mobile side versus the Internet side, only because the phone is a very personal device,” said Greg Santoro, Nextel (www.nextel.com) vice president of Internet and wireless services.
But wireless cookies have their sweet spots. Right now, cookies make it easy for customers to access sites without having to put in the same information repeatedly, Santoro said.
As wireless-Internet usage proliferates and awareness increases, wireless cookies could end up in a tug of war between their virtues and their perils.
No Cookie Control
Perhaps the most striking difference between wired and wireless cookies is that wireless users cannot access their cookies. Given the minimal memory capacity of handsets, placing cookies on the mobile-access gateway has been the traditional method for wireless-cookie storage. That allows cookies to be stored in excess and to contain more information than the handsets can handle. Roger Snyder, Openwave (www.openwave.com) director of product management, listed two other advantages to storing cookies on the network: They are more secure in the operator's network, and users' cookies can move with them as they upgrade devices.
Carriers have little more access to cookies than their subscribers do. If a subscriber wants his cookies removed, the carrier can purge them, but the carrier doesn't have the ability to view the cookies, Snyder said.
Mobileum (www.mobileum.com) offers cookie-control capabilities to its enterprise customers. For example, if a corporate CEO lost his PDA on the subway, he could later turn off the cookies for his stock-trading application via his wireless phone.
“Security (is) one of the things that consumers and our customers were telling us they were concerned about,” said Mitch Bishop, Mobileum vice president of marketing. “At the network level, there's a lot of security protocols built in, but we looked at the application level, what we could do to improve end-to-end security. That's where we came up with this idea of giving users direct access and control over cookies.”
Snyder said it would be easy for Openwave to add user-level cookie control to its browser, but it hasn't been at the top of operators' requests.
“We would add a little application on the gateway that the browser would contact,” he said.
Catlett said that carriers need, at least, to offer a cookie on/off button.
“I would want (cookies) to only be transmitted with the active knowledge and consent of the individual, and all the information associated with the cookie should be under the ongoing control of the user,” he said. “Now, that can be clumsy and difficult through a WAP phone, but you could have a companion Web site.”
Hand in the Cookie Jar
Application developers dictate what information cookies contain, ranging from the mundane name and address to the invaluable Social Security number and log-in passwords. Anyone with a wireless Web site can collect cookies simply by attracting visitors, Wright said.
Whatever information visitors provide then is stored in the cookie. However, the application developer cannot read the user's cookies from other wireless Web sites.
“If you are an application developer, you only can get to the cookie that you deposited on our gateway; you can't get to any other information about what a subscriber does,” Snyder said.
Wright said that cookie information could be used for anything from marketing to blackmail. The most common way that information leaks out and is used to invade someone's privacy is when the user loses the device, Mabarak said. All of the information is neatly condensed and ready to use. A user's cookie information also can make it to the black market through second-party audit companies. Companies that are hired to verify m-commerce purchases with a text message or a phone call can leak the information through individual fraud or by selling information lists.
In the end, though, it doesn't matter whether consumers are able to delete their cookies or not. Once a cookie is created, it will never go away on the gateway side, Mabarak said. Information is immortal on the Internet, wired or wireless.
“It's kind of like your Social Security number; you can't get rid of it,” she said. “Once you've made a purchase, anyone can come to you and sell.”
Telemarketer's Dream
Regardless of whatever privacy issues cookie-related information may create, cookies are benign compared to what might have happened if an earlier ID method had not been revised. In the early days of the wireless Internet — even until a year ago in some instances — some carriers sent the user's MIN to wireless Web sites.
“Sprint PCS and AT&T Wireless actually sent the MIN, which contains the phone number,” said Jason Catlett, Junkbusters (www.junkbusters.com) president. “That's a telemarketer's dream and a consumer's nightmare.”
Roger Snyder, Openwave (www.openwave.com) director of product management, said that sending the MIN allowed the Web server to push content back to the handset.
Greg Santoro, Nextel (www.nextel.com) vice president of Internet and wireless services, said the carrier does not send the user's phone number.
“They get a subscriber ID, which is a randomly generated number that's allocated to the user,” he said. “That allows them to realize that the particular person using the phone needs to equate to a particular ID.”
Catlett, though, says that the constant single identifier is worse for consumer privacy than PC-based cookies.
“Cookies in the wired world are different for each Web site that you go to, so they don't become a unique global identifier,” he said. “It's possible for companies to determine name and address versus the MIN or other unique identifiers; you may be identified by looking up a table on a list of known people.”
Want to use this article? Click here for options!
© 2012 Penton Media Inc.
advertisement
Learning Library
Webcasts
Using Real-Time Offers, Alerts and Interactions To Improve the Mobile Broadband Experience
In this Webinar you will learn how to create a real-time relationship with your customers, how to proactively improve the customer experience, and how to successfully target and cross-sell services to boost incremental revenue.
- Megabytes to Megabucks, Bandwidth to Business Models: How 4G Is Changing Everything
- How to Unplug Your Redundant Telco Apps To Save Money and Improve Efficiency
- When IaaS Isn't Enough: Service Provider Business Models to Drive Growth and Build Margin
- How to Transform Your Aging Telco Voice Network to Drive New Profits and Revenue
- Creative Licensing Approaches for Telcos & Their Network Equipment Vendors
- Smart Home Opportunity: Balancing Customer Data & Privacy
White Papers
The Role of Diameter in All-IP, Service-Oriented Networks
This paper discusses the rise of Diameter and benefits of Diameter Protocol.
- Conducting The Orchestration – Order Management at the Speed of Business
- Toward a Converged Network Edge
- Beyond Spam – Email Security in the Age of Blended Threats
- 6 Important Steps to Evaluating a Web Filtering Solution
- The Expertise to Protect You from Botnet and DDoS Attacks
- Seeing is Believing – Bridging the Order Visibility Gap
Featured Content
A time and money saving approach to fiber deployment
Service providers are under tremendous pressure to turn up new services faster then before and, at the same time,
to do it at less expense - and intra-office fiber is one of the biggest challenges in terms of both cost and service
turn-up.
Stay Connected
of interest
The Latest
News
From the Blog
Briefingroom
Join the Discussion
advertisement
Resources
Get more out of Connected Planet by visiting our related resources below:
Connected Planet highlights the next generation of service providers, as well as how their customers use services in new ways.
Subscribe Now