CLIAMS:1. A cookie management system (105) comprising:
processor (130); and
a policy implementation module (160) coupled to the processor (130), wherein, for each of a plurality of uniform resource locators (URLs) (210) accessed by a user, the policy implementation module (160):
identifies a URL currently being browsed by the user, wherein properties of the URL are characterized by URL features;
obtains a URL feature vector (225) corresponding to the current URL based on one or more URL feature values (215) of the URL features;
determines a user policy vector (230) corresponding to the user based on the one or more URL feature values of each URL amongst the plurality of URLs (210) and community feedback pertaining to each URL in the plurality of URLs (210); and
determines a cookie policy to be implemented based on the URL feature vector (225) and the user policy vector (230) for managing the cookies in accordance to the determined cookie policy.
2. The cookie management system (105) as claimed in claim 1, wherein the cookie management system (105) further comprises a policy configuration module (155) to:
compute, for each URL in the plurality of URLs (210), the URL feature vector using the one or more URL feature values (225), wherein the one or more URL feature values (215) are determined based on value computation parameters;
obtain the community feedback, for each URL in the plurality of URLs (210), wherein the community feedback refers to feedback provided by a plurality of users (205) for a URL;
determine, for each of the plurality of users (205), a corresponding user policy vector (230) based on URL feature values for each of the plurality of URLs (210) and the community feedback for each of the plurality of URLs (210); and
generate policy configuration data (170) including information pertaining to user policy vectors (230) and URL feature vectors (225).
3. The cookie management system (105) as claimed in claim 2, wherein the value computation parameters include feature scaling, normalization, and correlation between a URL feature and privacy.
4. The cookie management system (105) as claimed in claim 2, wherein the user policy vector (230) is determined using an optimization function.
5. The cookie management system (105) as claimed in claim 1, wherein the policy implementation module (160) further ascertains whether the user has activated a policy action mode, wherein the cookie policy to be implemented is determined, when the policy action mode is activated.
6. The cookie management system (105) as claimed in claim 1, wherein the cookie management system (105) further comprises a feedback module (150) executable by the processor (130) to:
ascertain whether the user has activated a feedback to community mode, wherein the feedback to community mode indicates that the user wishes to provide feedback for URLs accessed by the user; and
prompt the user to provide a feedback for the current URL, when the policy action mode is activated
7. The cookie management system (105) as claimed in claim 1, wherein the policy implementation module (160) further:
ascertains whether the cookie policy for the user for the current URL is to be obtained directly from policy configuration data (170), based on update criteria; and
obtains, when the update criteria is met, the cookie policy from the cookie configuration data (170).
8. The cookie management system (105) as claimed in claim 1, wherein the cookie policy indicates one of block all cookies, block few cookies, and allow all cookies.
9. The cookie management system (105) as claimed in claim 1, wherein, when the determined cookie policy indicates that few cookies are to be blocked, the policy implementation module (160):
compares the one or more URL feature values of the one or more URL features with corresponding threshold values; and
identifies one or more cookies to be blocked based on the comparison.
10. The cookie management system (105) as claimed in claim 1, wherein the one or more URL features include user-specific features, website content based features, absolute cookie property based features, and external web services based features.
11. The cookie management system (105) as claimed in claim 1, wherein the user policy vector (230) is based on base policy values.
12. A computer implemented method for managing cookies in a computing device (110) comprising:
identifying a URL currently being browsed by a user, wherein properties of the URL are characterized by URL features;
obtaining a URL feature vector (225) corresponding to the current URL based on one or more URL feature values (215) of the URL features;
further obtaining a user policy vector (230) corresponding to the user based on the one or more URL feature values of each URL in the plurality of URLs (210) and community feedback pertaining to each URL in the plurality of URLs (210); and
determining a cookie policy to be implemented based on the URL feature vector (225) and the user policy vector (230), wherein the cookies are managed in the computing device (110) in accordance with the determined cookie policy.
13. The method as claimed in claim 12, wherein the determining further comprises ascertaining whether the user has activated a policy action mode, wherein the cookie policy to be implemented is determined, when the policy action mode is activated.
14. The method as claimed in claim 12, wherein the method further comprises:
ascertaining whether the user has activated a feedback to community mode, wherein the feedback to community mode indicates that the user wishes to provide feedback for URLs accessed by the user; and
prompting the user to provide a feedback regarding the URL, when the policy action mode is activated.
15. The method as claimed in claim 13, wherein the method further comprises:
computing, for each URL in the plurality of URLs (210), a URL feature vector (225) using the one or more URL feature values (215),
obtaining the community feedback, for each URL in the plurality of URLs (210), wherein the community feedback refers to feedback provided by a plurality of users (205) for a URL;
determining, for each user from the plurality of users (205), a corresponding user policy vector (230) based on URL feature values (215) for each of the plurality of URLs (210) and the community feedback for each of the plurality of URLs (210); and
generating policy configuration data (170) including information pertaining to user policy vectors (230) and URL feature vectors (225).
16. The method as claimed in claim 15, wherein the computing further comprises:
determining, for each of the plurality of URLs (210), a URL feature value corresponding to each of the one or more URL features based on the value computation parameters; and
generating the URL feature vector (225), for each of the plurality of URLs (210), based on corresponding feature values.
17. The method as claimed in claim 16, wherein the value computation parameters include feature scaling, normalization, and correlation between a URL feature and privacy.
18. The method as claimed in claim 12, wherein the one or more URL features values (215) include user-specific features, website content based features, absolute cookie property based features, and external web services based features.
19. The method as claimed in claim 12, wherein the cookie policy indicates one of block all cookies, block few cookies, and allow all cookies.
20. The method as claimed in claim 12, wherein, when the determined cookie policy indicates that one or more cookies are to be blocked, the method comprises:
comparing the one or more feature values of the one or more URL features with corresponding threshold values; and
identifying one or more cookies to be blocked based on the comparison.
21. A non-transitory computer-readable medium having embodied thereon a computer program for executing a method for authenticating a user, the method comprising:
identifying a URL currently being browsed by the user, wherein properties of the URL are characterized by URL features;
obtaining a URL feature vector (225) corresponding to the current URL based on one or more URL feature values (215) of one or more URL features of the current URL;
further obtaining a user policy vector (230) corresponding to the user based on URL feature values of each URL in the plurality of URLs (210) and community feedback pertaining to each URL in the plurality of URLs (210); and
determining a cookie policy to be implemented based on the URL feature vector (225) and the user policy vector (230), wherein the cookies are managed in accordance to the determined cookie policy.
,TagSPECI:

TECHNICAL FIELD
[0001] The present subject matter relates, in general, to computing networks and, in
particular, to managing cookies in computing devices.
BACKGROUND
[0002] A cookie is a small piece of data provided by a web server associated with a
website to a browser of a computing device. The browser stores the cookie on a corresponding
computing device, so that whenever a user visits the same website in future, the cookie can be
retrieved by the web server to get information pertaining to user’s previous interactions with the
website. Cookies provide a way for storing user preferences and information so that users do not
have to redo tasks, such as registering and providing preferences, every time they visit the
website. For example, a shopping application can store information about items selected for
purchase which may be retained even when the user opens multiple tabs or reopens the shopping
website at a later instance.
[0003] However, certain cookies, such as third party cookies, help online advertisers by
providing them information aggregated by them from various sources. Unlike first party cookies,
which have same domain as the one shown in the browser's address bar, the third-party cookies
are cookies set with a different domain name. Tracking users and recording their browsing habits
by these third party cookies may result in a privacy concern or in some cases may be used for
unauthorized access of user sensitive information. To ensure privacy and security of user
information, the users may choose to block all the cookies, which in turn may negatively impact
user experience during browsing. For example, certain advertisements are provided due to the
knowledge gained by third party sites might be useful. Therefore, for managing the cookies, a
user may define a policy, referred to as cookie policy, indicating whether the cookies are to be
blocked or are to be allowed.
BRIEF DESCRIPTION OF THE DRAWINGS
[0004] The detailed description is described with reference to the accompanying figures. In
the figures, the left-most digit(s) of a reference number identifies the figure in which the
3
reference number first appears. The same numbers are used throughout the drawings to reference
like features and components.
[0005] Fig. 1a and 1b illustrate a computing environment implementing a cookie
management system, in accordance with an embodiment of the present subject matter.
[0006] Fig. 2 illustrates an example of a policy matrix generated by the cookie
management system
[0007] Fig. 3 illustrates a method for configuring cookie policies, in accordance with an
implementation of the present subject matter.
[0008] Fig. 4 illustrates a method for identifying a cookie policy to be implemented, in
accordance with an implementation of the present subject matter.
DETAILED DESCRIPTION
[0009] Method(s) and a system(s) to manage cookies are described herein. The systems
and methods described herein can be implemented on computing devices, such as a server, a
desktop, a mobile device, a notebook or a portable computer.
[0010] Generally, cookies are created, as a data file, when a user's browser loads a
particular website. Every time the user goes back to the same website, the browser retrieves and
sends this data file to the website's server. Further, the cookies are used to store information
about a user's browsing preferences and history, which may enhance user experience and provide
for efficient operation of the websites.
[0011] The browsers typically accept all cookies as default; however to ensure privacy, the
users may configure the browsers to block all cookies. Certain cookies, such as, first party
cookies may be required for some websites to function properly and to make website user
friendly. Blocking all the cookies may hinder user experience and certain websites may not
function properly when the acceptance of cookies is disabled by the browser. Thus, the user may
have to choose among two extreme policies, i.e., either allow all cookies or block all cookies.
[0012] Further, once a cookie policy is set, users seldom make a change to the policy and
the cookie policy may not be updated with the changing preferences of the user. For example,
initially a user may allow the browser to store all the cookies for a given website; however at a
later stage he may not wish to do so for either the same website or a different website. In such
cases, a user may be required to update the cookie policy based on website he is currently
4
browsing, which may cause inconvenience to the user and negatively impact the user experience.
Thus, the existing methods of defining a cookie policy may either compromise on user
experience or on privacy.
[0013] According to an embodiment of the present subject matter, systems and methods
for managing cookies for a plurality of users in a community are explained. The community may
be understood as a set of users or individuals, who would like to gain benefits by sharing
information with each other to compute a cookie policy. For example, the users in an enterprise
may form a community. Further, the set of users may include one or more users. In an
implementation, for each of a plurality of uniform resource locators (URLs) information
pertaining to a predefined URL features may be obtained. A URL may be understood as a web
address that uniquely identifies a webpage. For the purpose of explanation, a URL may be
interchangeably referred to as website address. Further, each URL may have specific properties,
which may be characterized by URL features. The URL features may include, for example, user
specific features, website content based features, absolute cookie property features, and external
web services based features.
[0014] In an example, the information pertaining to the URL features may be obtained by
external sources. For example, publically available information, such as reputation of a URL,
rank of a URL, number of third party cookies, and owner of the URL may be gathered from
external sources. Upon obtaining the information pertaining to the URL features, a feature value
for each of the URL features may be computed using the information. The URL feature values
may be computed based on value computation parameters, such as feature scaling,
numericalization, and a correlation between the URL feature and user privacy. Further, for each
URL, a URL feature vector may be computed using the corresponding URL feature values. It
will be understood that since URL feature values for different URLs may be different, therefore
each user feature vector is specific for a URL. In an implementation, in addition to gathering
information pertaining to the URL features, feedback from the users in the community, also
referred to as community feedback, regarding a URL may also be gathered. The community
feedback may indicate that for a given URL all cookies are to be allowed, few cookies are to be
allowed, or no cookies are to be allowed. To assist a user in providing the feedback, the user may
be provided with information pertaining to URL features of that URL.
5
[0015] In an implementation, based on the community feedback and the URL feature
values for each of the URLs, user policy values are computed for each of the URLs and for each
user. Further, for each of the users, a user policy vector, which is a set of user policy values, may
be determined. Similar to URL feature vector, each user may have a specific user policy vector.
Thus, the user policy vector is based on the content of the webpage, such as sports page or news,
metadata related to the webpage, such as Alexa rank of the URL and where is the server for the
URL located, and cookies associated with the URL, such as number of third party cookie.
Further, the community feedback helps to determine an average policy of the community, which
is used fine tune user’s cookie policy.
[0016] In an example, the user policy vector corresponding to each of the user and the
URL feature vector corresponding to each of the URLs may be stored in policy configuration
data. Alternatively, policy and feature vectors may be generated at run time. Further, the URL
feature values and the policy values generated during a configuration stage help identify a cookie
policy for a user, when a user visits a URL. The configuration stage may be understood as stage
where the policy configuration data is generated.
[0017] Additionally, the URL feature values and the user policy values may be updated
when a policy updation criterion is met. The policy update criteria maybe for example, whether a
predetermined time interval has elapsed since the last updation was performed or whether a
predetermined number of feedbacks have been received from the user. The regular updation of
the URL feature vectors and user policy vectors help capturing changing tastes of the users in the
community.
[0018] In an implementation, when a user visits a URL, a cookie policy to be
implemented on a computing device of the user may be determined based on the policy
configuration data. The policy configuration data includes information pertaining to the URL
feature vectors and the user policy vectors. Further, for the sake of explanation, this may be
referred to as implementation stage. To identify the cookie policy that is to be implemented, a
URL feature vector for the URL browsed by the user and the user policy vector corresponding to
the user are determined. In an example, to determine the URL feature vector and the user policy
vector, URL feature values corresponding to the visited URL and the user policy values
corresponding to the user may be obtained from the policy configuration data. Since, a URL
feature vector is specific to a URL and a user policy vector is specific to a user, a combination of
6
these two provide a User-URL specific cookie policy. The cookie policy may indicate that for
the URL, currently being browsed by the user, all, few, or no cookies are to be allowed.
[0019] Since, the present subject matter provides a provision where a user may not have
to select extreme cookie policies, i.e., block all or block none, the user may choose to allow
certain useful cookies while blocking the harmful ones. Thus, the privacy of the user may be
maintained without compromising on user experience or functioning of the website
corresponding to the URLs. Further, the cookie policy may be updated at regular intervals to
ensure that the cookie policy is updated in accordance with the preferences of the users.
Furthermore, a user may not be required to provide a feedback to implement the cookie policy
but he may still benefit from the community feedback, thereby making the described cookie
policies user-friendly and less obtrusive. Additionally, the user may override the identified
cookie policy by providing a user specific feedback, thereby making the described cookie
policies flexible yet robust. As described earlier, this feedback might be used by various other
users in the community to set up their cookie policy. Thus, the present subject matter provides an
application of collaborative filtering to determine cookie policies that are to be implemented by a
user on a corresponding computing device.
[0020] The above systems and methods are further described in conjunction with the
following. It should be noted that the description and figures merely illustrate the principles of
the present subject matter. It will thus be appreciated that various arrangements that embody the
principles of the present subject matter, although not explicitly described or shown herein, can be
devised from the description and are included within its scope. Moreover, all statements herein
reciting principles, aspects, and embodiments of the present subject matter, as well as specific
examples thereof, are intended to encompass equivalents thereof.
[0021] Fig. 1a illustrates a computing environment 100 implementing a cookie
management system 105, according to an embodiment of the present subject matter. In an
embodiment, the cookie management system 105 may be implemented as a computing device,
such as a computing device 110, which may be implemented as a central server, coupled to a
plurality of user devices 115-1, 115-2,..115-N via a network 120. The user devices 115-1, 115-
2,..115-N may be referred to as the user device(s) 115. Further, the user devices 115 may be
understood to form a community. The network 120 may be a wireless network, wired network or
a combination thereof. The network 120 can be implemented as one of the different types of
7
networks, such as intranet, local area network (LAN), wide area network (WAN), the internet,
and such. The network 120 may either be a dedicated network or a shared network, which
represents an association of the different types of networks that use a variety of protocols, for
example, Hypertext Transfer Protocol (HTTP), HTTP Secure (HTTPS), Transmission Control
Protocol/Internet Protocol (TCP/IP), etc., to communicate with each other.
[0022] The cookie management system 105 and the user devices 115 can be implemented
using computing devices that include, but are not limited to, desktop computers, hand-held
devices, such as mobile phones, smart phones, touch phones tablets and the like, multiprocessor
systems, personal digital assistants (PDAs), laptops, network computers, cloud servers,
minicomputers, mainframe computers, and the like.
[0023] In an implementation, the cookie management system 105 includes interface(s)
125 and one or more processor(s) 130. The interfaces 125 may include a variety of software and
hardware interfaces, for example, interfaces for peripheral device(s), such as a keyboard, a
mouse, a camera, a microphone, touch pad, and stylus. Further, the interfaces 125 may enable the
cookie management system 105, to communicate with other computing systems, such as web
servers, user devices 115, and external databases. The interfaces 125 can facilitate multiple
communications within a wide variety of networks, and protocol types, including wired
networks, for example, local area network (LAN), cable, etc., and wireless networks such as
Wireless LAN (WLAN), cellular, or satellite. For the purpose, the interfaces 125 may include
one or more ports for connecting a number of computing systems to each other or to another
server computer.
[0024] The processor 130 may be implemented as one or more microprocessors,
microcomputers, microcontrollers, digital signal processors, central processing units, state
machines, logic circuitries, and/or any devices that manipulate signals based on operational
instructions. Among other capabilities, the processor 130 is configured to fetch and execute
computer-readable instructions stored in a memory.
[0025] The functions of the various elements shown in the figure, including any
functional blocks labeled as “processor(s)”, may be provided through the use of dedicated
hardware as well as hardware capable of executing software in association with appropriate
software. When provided by a processor, the functions may be provided by a single dedicated
8
processor, by a single shared processor, or by a plurality of individual processors, some of which
may be shared.
[0026] In an implementation, the cookie management system 105 may include a memory
135. The memory 135 may be communicatively coupled to the processor 130. The memory 135
may include any non-transitory computer-readable medium known in the art including, for
example, volatile memory, such as static random access memory (SRAM) and dynamic random
access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM),
erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
[0027] Further, the cookie management system 105 may include module(s) 140 and data
145. The modules 140 and the data 145 may be coupled to the processor 130. The modules 140,
amongst other things, include routines, programs, objects, components, data structures, etc.,
which perform particular tasks or implement particular abstract data types. The modules 140 may
also be implemented as, signal processor(s), state machine(s), logic circuitries, and/or any other
device or component that manipulate signals based on operational instructions.
[0028] The modules 140 can be implemented in hardware, instructions executed by a
processing unit, or by a combination thereof. The processing unit can comprise a computer, a
processor, a state machine, a logic array or any other suitable devices capable of processing
instructions. The processing unit can be a general-purpose processor which executes instructions
to cause the general-purpose processor to perform the required tasks or, the processing unit can
be dedicated to perform the required functions.
[0029] In another aspect of the present subject matter, the modules 140 may be machinereadable
instructions which, when executed by a processor/processing unit, perform any of the
described functionalities. The machine-readable instructions may be stored on an electronic
memory device, hard disk, optical disk or other machine-readable storage medium or nontransitory
medium. In one implementation, the machine-readable instructions can be also be
downloaded to the storage medium via a network connection.
[0030] Further, the data 145 serves, amongst other things, as a repository for storing data
processed, received, and generated by one or more of the modules 140. The modules 140 further
include, for example, a feedback module 150, a policy configuration module 155, a policy
implementation module 160, and other module(s) 165. The other modules 165 may include
programs that supplement applications on the cookie management system 105, for example,
9
programs in the operating system. The data 145 includes, for example, policy configuration data
170, user specific data 175, community specific data 180, and other data (not shown in figures).
The policy configuration data 170 may further include feedback data 185 and URL feature data
190 and User policy data 195. The other data may include data generated as a result of the
execution of one or more modules in the other modules 165. It will be understood that the certain
modules and data may be provided on separate devices, which in combination may form the
cookie management system 105. For example, as illustrated in Fig. 1b, the community specific
data 180 may be provided in the computing device 110, while rest of the modules and data may
be provided in the user devices 115.
[0031] For the ease of explanation and not as limitation, the systems and the methods
described herein may be understood to operate in two stages, namely, a configuration stage and
an implementation stage. The configuration stage may be understood as a stage where user
policy vectors and URL feature vectors are generated and updated. The implementation stage
may be understood as a stage where a cookie policy to be implemented for a user in the
community for a given URL is computed based on the user policy vector and the URL feature
vector generated during the configuration stage. The operation of the cookie management system
105 with respect to the two stages is explained in detail in subsequent paragraphs.
Configuration Stage
[0032] As mentioned earlier, the user devices 115 may be understood to form a
community and the cookie policy may be generated for the community. In the configuration
stage, the policy configuration module 155 generates policy configuration data 170, based on
which cookie policies that are to be implemented for the users browsing different URLs, are
computed. The policy configuration data 170 includes policy related information each associated
with a plurality of users and a plurality of URLs. In an implementation, initially, a base cookie
policy may be set and may be stored in the policy configuration data 170. In an example, the
base cookie policy may be randomly initialized, for example, using Gaussian randomization, by
the policy configuration module 155. Alternatively, the base cookie policy may be pre-defined
by an individual; for example, an IT administrator. Further, the base cookie policy may be same
for all the users in the community and may serve as a starting point for setting up the User-URL
10
specific cookie policies. Thus, initially the cookie policy for all the users may be same and this
cookie policy may be updated with time to develop specific User-URL cookie policies.
[0033] To build on the base cookie policy, the policy configuration module 155, for each
of the plurality of URLs, may obtain information pertaining to predefined URL features. The
URL features may be for example, user specific, website content based, absolute cookie
property, and external web services based features. The user specific features may include, for
example, a maximum percentage of browsing history of a particular user known to a cookie or a
combination of cookies corresponding to a URL. Consider a first user who browses a URL
having three cookies and then moves to the next URL. Further, consider a case where one of the
three cookies corresponding to the first URL is also used by the second URL. Thus, when the
first user visits the second URL, the common cookie would already have information pertaining
to the first user when he browsed the first URL. Similarly, consider a case where a second user
does not browse the first URL but only visits the second one, in this case information pertaining
to the second user would not be known to the common cookie. Therefore, the maximum
percentage of browsing history known to one or more cookies, or a URL, may vary from user to
user. Further, information pertaining to the user specific URL features may be stored in the user
specific data 175.
[0034] The website content based features may identify a category to which content of
the URLs relates to, for example, sports, banking, news, and shopping. The absolute cookie
property based features may be understood as features that are specific to a URL, for example,
number of third party cookies. The external web services based features may include information
gathered pertaining the URL from external web sources, such as SiteAdvisorSM, AlexaSM,
GeoToolSM, and WhoisSM. The external web services based features may include rank of a URL,
whether the URL is whitelisted or blacklisted, reputation of the URL, owner of the URL,
location of the server corresponding to the URL, vendor of the URL, etc. The information
regarding website content based, absolute cookie property, and external web services based
features may be stored in the community specific data 180.
[0035] As per another implementation, the policy configuration module 155 may
interface with the external web sources to gather the information pertaining to the URL features.
In another example, the policy configuration module 155 may employ various techniques, such
as text mining techniques or web page classification techniques to gather information pertaining
11
to the URL features, such as the content associated with a URL. Additionally, some information,
such as number of cookies corresponding to a URL, may be gathered from a user’s browser.
Further, based on the gathered information, a feature value for each of the URL features may be
determined. Since, the information gathered regarding the URL features may be in varying
formats, such as Boolean, integer, and list based, the information may be processed, based on
value computation parameters, to obtain URL feature values in a uniform format. Thus, the URL
feature values are indicative of the information pertaining to the URL in a given format and the
value computation parameters provide for obtaining the URL feature values in the given format.
Examples of the value computation parameters include, but are not limited to, feature scaling,
numericalization, and a correlation between a URL feature and privacy. Further, the format in
which URL feature values are to be computed may be pre-defined.
[0036] It will be appreciated that the URL features used for generating the policy
configuration data 170 may vary based on preferences of a user or community. For example, an
enterprise may generate the policy configuration data 170 based on ranks, browsing history,
number of third party cookies, while another enterprise may use browsing history, content,
number of third party cookies, and location of a server corresponding to a URL to generate the
policy configuration data 170.
[0037] For the purpose of explanation and not as a limitation, determination of the URL
feature values may be understood with the help of following table:
Feature name Type Feature
Format Correlation Numericalization Feature
Scaling
# of cookies ACP Integer -ve Not needed
Divide by the
max number
of cookies
found in a site
Alexa rank EWS Integer +ve/-ve Not needed
Divide by a
maximum
Alexa number
or a predefined
value)
IsPageNews WSC Boolean +ve/-ve 0, 1 values Not needed
IsPageSports WSC Boolean +ve/-ve 0, 1 values Not needed
%BrowsingOne USP Percentage -ve Not needed Divide by 100
12
%BrowsingTwo USP Percentage -ve Not needed Divide by 100
SiteAdvisor EWS List based
Depends on
the type of
list
0, 0.5, 1 values Not needed
WhoIs EWS List based
Depends on
the type of
list
0, 0.5, 1 values Not needed
[0038] In the above mentioned table, ‘feature name’ indicates the name of the URL
features and ‘type’ indicates type of the URL feature. As mentioned before, the URL features
may be of various types and are indicated as ACP, EWS, WSC, and USP in the table. ACP refers
to absolute cookie property based URL features, EWS refers to external web services based URL
features, WSC refers to website content based URL features, and USP refers user specific URL
features. Further, ‘feature format’ indicate what is the type, for example, Boolean, integer, list
based, and percentage, is value of the URL feature; ‘correlation’ indicates a correlation between
a URL feature and privacy; ‘numericalization’ indicates whether numericalization is required
and if required then in what format they are to be provided; and ‘feature scaling’ indicates how
scaling is to be performed for the corresponding URL features. The above mentioned table may
be understood with the help of the following examples.
[0039] For example, in case the received information is not in number form,
numericalization may be performed. For instance, if the URL feature indicates the owner of the
URL, it will be understood that the URL feature would be in a string form and not number form,
therefore numericalization may be performed. In said case, if the owner of the URL is from a
white list containing certain trusted set of owners a particular numeric value may be associated
with it, say, 1, if the owner of the URL is from a black list containing certain unreliable set of
owners then the numeric value that is associated with the URL feature may be 0; and if the
owner is neither mentioned in the trusted set of owners nor unreliable set of owners, then the
numeric value that is associated with the URL feature may be 0.5.
[0040] Further, it may be determined whether feature scaling is required. Feature scaling
may be performed to normalize the numeric values. The URL feature values may be configured
to have a value within a predefined range, say, 0 to 1. Thus, accordingly, the obtained numeric
values may be normalized. For example, browsing history of a user may be 65% and it may be
13
required to normalize the same. In said example, though the information pertaining to the URL
feature may not require numericalization but feature scaling may be performed. Considering that
the predefined range for the feature value is 0 to 1, the numeric value corresponding to the
browsing history may be normalized using following equation:
Normalized feature value = ( 1- numeric value/100)
Likewise, if the URL feature is number of third party cookies, then feature value may be
computed based on following equation:
Normalized feature value = (1-numeric value corresponding to number of third party
cookies / maximum number of third party cookies or a predefined value)
[0041] Additionally, correlation between URL feature and user privacy may also be
analyzed. For example, higher the numeric value for browsing history lower is the privacy of the
user, thus it may be understood that there is a negative correlation between browsing history and
the privacy. Similarly, higher the rank of a URL, it may be determined more trusted it is and
there may be a positive correlation between the numeric value corresponding to the rank and the
privacy. If the URL feature is rank of the URL and there is a positive correlation between the
URL feature and the privacy, the feature value may be computed based on following equation:
Feature value = numeric value of the rank / maximum rank or a predefined value
However, a higher rank of a URL may indicate that the URL is visited by a large number of
users, which may be considered to be unsafe and it may be determined rank, as a URL feature,
has a negative correlation with privacy. In said case, the feature value may be computed using
following equation:
Feature value = 1- (numeric value of the rank / maximum rank or a predefined value)
[0042] Thus, the URL feature values are computed based the value computation features,
such as numericalization, feature scaling, and correlation. Further, the URL feature values
obtained for the plurality of URLs may be stored in the URL feature data 190. Additionally, for
each of the plurality of URLs, using the corresponding feature values, a URL feature vector may
be computed. The URL feature vector may be understood to be a combination or an array of the
various features values and is indicative of the various URL features of a URL. The generated
URL feature vectors may also be stored in the URL feature data 190.
[0043] Further, for the sake of explanation, it may be understood that for each user, a
user policy value may be determined for each URL feature. For example, in case there are three
14
predefined URL features, then for each user, there may be a user policy value corresponding to
each of three URL features. Based on the user policy values, a corresponding user policy vector
may be determined. Since, the user policy vector is based on the URL feature values for all the
URLs and the feedback provided by the users for the URLs, the user policy vector may be
indicative of combined impact of all the URLs on the user’s privacy.
[0044] In an implementation, the user policy values may be determined based on the
URL feature values and the community feedback for each of the URLs. The community
feedback may be gathered by the feedback module 150. The community feedback may be
gathered in the configuration stage and may also be collected in the implementation stage to
update the feedback data 185. The feedback module 150 may ascertain whether a feedback to
community mode is activated by a user. For instance, the feedback to community mode can be
turned ‘ON’ or ‘OFF’ by the user. The feedback to community mode in ‘ON’ state indicates that
the user wishes to provide a feedback for a URL, while the policy action mode in ‘OFF’ state
indicates that the user does not want provide a feedback for the URL.
[0045] In case it is determined that the user has activated the feedback to the community
mode, i.e., the feedback to the community is set ‘ON’, the feedback module 150 may prompt the
user to provide a feedback regarding the URL. To collect the feedback, browser employed on the
user devices 115 may be provided with a plug-in to collect feedback. In an example, in case a
user wishes to provide a feedback regarding a URL, he may do so by triggering plug-in and
providing an appropriate response. In another example, the user may be provided with a pop-up
window, when the user browses the URL, to request the user to provide the feedback. To assist
the user in providing the feedback, the feedback module 150 may provide information pertaining
to one or more URL features, such as number of third party cookies, whether the website address
is blacklisted, and percentage of browsing history of the URL. The feedback module 150 may
obtain such information from the URL feature data 190. Further, the feedback may be block all
cookies, block few cookies, or block none. The user feedback may be stored in the feedback data
185. Further, the feedback data 185 may store the information pertaining to whether a user
provided a feedback for a URL or not and what was the feedback provided by the user. In an
example, the feedback data 185 may store the relevant information in the form of a matrix as will
be explained in detail with reference to description of Fig. 2.
15
[0046] In an implementation, the feedback module 150 may generate a temporal
feedback adjuster, which may be represented by way of a matrix. The dimension of temporal
feedback adjuster matrix may be same as that of a matrix corresponding to feedback data 185.
Every element of the temporal feedback adjuster matrix, say m(i,j), may be a function of the
timestamp, i.e., when a particular feedback, say, y(i,j), was provided by the jth user for the ith URL.
Further, the frequency of updation of the values present in a temporal feedback adjuster matrix
may be continuous basis as the values are time-variant. Also, the value of each of these elements
may range from 0 to 1, based on the feedback provided by the user.
[0047] Based on the community feedback and the temporal feedback adjuster, the policy
configuration data 170 may be updated. For example, when a threshold number of feedback are
received for a URL in a given time period, or after predetermined time interval, the gathered
feedback may be analyzed and the URL feature data 190 and the feedback data 185 may be
updated. The configuration stage may also be triggered, for example, an IT administrator.
Additionally, the number of users and the URLs may be updated as the community grows or as
information pertaining to new URLs is gathered. In an example, instead of starting with the base
cookie policy, cookie policies may be generated based on the community feedback.
[0048] Further, as more and more users provide feedback, community preferences with
respect to the URL may be determined. Also, the users who although did not provide a feedback
may still be able to make use of feedback provided by other users in the community.
[0049] In an example, based on the community feedback and the URL feature values, a
user policy value corresponding to each of the feature value may be determined. Further, a
combination or an array of the policy values may be indicated by way of a user policy vector. In
an example, the policy values, or to say, the user policy vector, may be determined using an
optimization function. The optimization function, such as a minimization function provides
optimal policy values that minimize the difference between the predicted value and the actual
feedback. For instance, the user policy vector of users, θ(1), θ(2) , ….. θ( u n ) may be obtained using
following equation:
2
1
( )
1
2
: ( , ) 1
( ) ( ) ( , ) ( , )
... 1
( )
2
(( ) )
2
min 1 (1)    
   
  
n
k
j
k
n
i r i j j
j T i i j i j
n
j
u u
nu x m y 


  (1)
16
where n is total number of URL features, nu is total number of users, r(i,j) is 1 if jth user
has rated the ith URL, else 0, y(i,j) is rating by jth user for ith URL. , x(i) is URL feature vector for
ith URL, θ(j) is user policy vector for jth user , and λ is a constant, which may vary from
application to application. In an example, y(i,j) = 1 indicates accept all, 0.5 indicates block few
and 0 indicates block all.
[0050] As it can be observed from equation (1), the user policy vector is computed based
on the community feedback and the URL feature vectors, which in turn is based on the URL
feature values. Thus, for a given URL and a given user, each policy value in a user policy vector
corresponds to a feature value in URL feature vector. Further, a user policy vector may also be
computed based on base policy value. The base policy value may be a policy value, which is
currently available in User policy data 195. For example, the base policy value may a policy
value that was set initially while generating the base cookie policy. In another example, the base
policy value may be a policy value available in the URL-user policy data 195 after last updation.
Based on the policy values, a user policy vector corresponding to each of the user may be
determined. The user policy vector may be of the same dimensions as that of the URL feature
vector, say, one dimensional vector. In an example, the user policy vector may have a value
between 0 and 1. Further, the user policy vector serves as a multiplying factor while determining
cookie policy, for example, during an implementation stage.
[0051] Thus, the policy configuration data 170 may include one or more of the
community feedback, the feature values, feature vectors, the policy values, and user policy
vectors. Further, based on the policy configuration data 170, a cookie policy that is to be
implemented for a given user and a given URL may be identified in a policy implementation
stage.
Implementation Stage
[0052] In an implementation, each of the users may have selected a mode to indicate
their preferences regarding implementation of a cookie policy. Examples of the modes may
include a policy action mode and a feedback to community mode. The policy action mode can be
turned ‘ON’ or ‘OFF’ by a user. The policy action mode in ‘ON’ state indicates that the user
wishes to implement a cookie policy based on community feedback, while the policy action
mode in ‘OFF’ state indicates that the user does not want implement a cookie policy based on the
community feedback. As mentioned earlier, the feedback to community mode can be turned
17
‘ON’ or ‘OFF’ by the user. Accordingly, the feedback module (150) may obtain feedbacks from
the users.
[0053] Thus, a user may select one of the four combinations, while configuring cookie
settings. In an example, the user may turn ‘ON’ the policy action mode but turn ‘OFF’ the
feedback to community mode. In said example, the cookie policy for the user may be selected
based on the community feedback, URL feature vectors and user policy vectors; however the
user may not be providing a feedback regarding the browsed URLs. In another example, the user
may turn both the policy action mode and feedback to community mode ‘ON’, thereby not only
benefitting from the community but also providing a feedback regarding the URLs. Thus, the
cookie policy to be implemented is determined based on the modes activated by the user.
[0054] Based on a policy action mode selected by a user, the policy implementation
module 160 may identify a cookie policy for a user visiting a URL from the plurality of URLs.
The policy implementation module 160 may analyze the policy configuration data 170 to
identify the cookie policy to be implemented. In an implementation, the policy implementation
module 160 may identify a URL visited by the user and the mode selected by the user. In case
the user has the policy implementation mode ‘ON’, the policy implementation module 160 may
gather URL feature values for the URL features corresponding to the identified URL from the
URL feature data 190 and user policy values, corresponding to the user, from the user policy data
195. Based on the gathered URL feature values, corresponding URL feature vector may be
determined and based on the gathered URL policy values user policy vector may be determined.
Further, the policy implementation module 160 may identify a cookie policy for the URL, based
on the user policy vector and the URL features vector. Alternatively, the URL feature vector and
the policy vector may be directly obtained from the URL feature policy data 190 and the user
policy data 195, respectively. Based on the policy vector and the URL feature vector, and
accordingly cookies may be managed. In an example, the cookie policy, Pij,to be implemented
for jth user for ith URL may be computed using following equation:
P ( ( ) ) ( ( ( ) ))
ij
  j T f x i (2)
where θ(j) is user policy vector for jth user and (f (x(i))) is a function of URL feature vector ith
URL. The user policy vector and the URL feature vector may be obtained from the URL feature
data 190 and user policy data 195.
18
[0055] In an implementation, the cookie policy or to say, Pij, value for a user and for a
given URL may be stored in the policy configuration data 170. In said implementation, the
cookie policy may not be recomputed every time the user visits the same URL, thereby saving on
computational time and resources. For instance, the policy implementation module 160 may
ascertain whether the cookie policy for the user regarding the URL is to be directly obtained
from the policy configuration data 170, based on update criteria. The update criteria may be to
check whether the policy configuration data 170 was updated since the last time user visited the
URL. Further, in case it is determined that the policy configuration data 170 was not updated
then the cookie policy may be obtained directly from the policy configuration data 170.
However, if the policy configuration data 170 was updated, then the cookie policy may not be
directly obtained therefrom. Alternately, the update criteria may include a check to determine
whether the policy configuration data 170 has been updated greater than a threshold number of
times in a given time period. In case the policy configuration data 170 has not been updated more
than threshold number of times, the policy implementation module 160 may not recompute the
cookie policy to be implemented and fetch the cookie policy from the policy configuration data
170.
[0056] However, the cookie policy may be recomputed or deleted from the policy
configuration data 170, when the policy configuration data 170 is updated based on the
community feedback. Thus, when a user browses a URL, it may be determined whether the
cookie policy is already available in the policy configuration data 170.
[0057] Based on the value of Pij, the way cookies are to be managed may be determined.
For the purpose, the values that Pij may take may be divided into a predetermined number of
ranges. For example, the values of Pij may take may be divided into three predetermined ranges,
namely, a first predetermined range, a second predetermined range, and a third predetermined
range. For example, if it is determined that the Pij value is within the first predetermined range,
say, 0 to 0.33, it may be determined that all the cookies are to be blocked. Similarly, if it is
determined that the Pij value is within the second predetermined range, say, 0.34 to 0.66, it may
be determined that few cookies are to be blocked. Further, if it is determined that the Pij value is
within the third predetermined range, say, 0.67 to 1, it may be determined that all the cookies are
to be allowed, i.e., no cookie shall be blocked.
19
[0058] In case the cookie policy indicates that few cookies are to be blocked, the policy
implementation module 160 may identify the cookies that are to be blocked. In an example, the
policy implementation module 160 may randomly block a few cookies. In another example,
threshold URL feature values for certain URL features may be defined by each of the users and
may be stored in the user specific data 175. Alternately, default threshold URL feature values
may be stored in the community specific data 180. To identify the cookies to be blocked, the
features values for the URL features may be compared with a threshold feature values. For
example, the URL feature may be browsing history and the cookie that gathers browsing history
of the user over a threshold value may be identified and blocked. Referring to one of the
examples mentioned earlier, the cookies that may be common for multiple URLs may be
identified and blocked.
[0059] Referring to Fig. 1b, the computing environment 100 including the cookie
management system 105 having policy related data stored in a distributed manner is illustrated,
according to an embodiment of the present subject matter. As illustrated, in said embodiment,
cookie management system 105 may be provided on each of the user devices 115 and the
community specific data 180 may be centrally located in the computing device 110. Additionally
or alternately, the computing device 110 may store other information as well, for example, the
feedback data 185 and the URL feature data 190 may also be stored at the computing device 110.
Since, all the information related to the cookie polices of the users are not stored in one place, in
case of a security attack, the privacy of the users may still be maintained.
[0060] In said embodiment, for each of the user devices 115, a corresponding policy
configuration module 155 may generate the cookie policy data as described above as described
above. For the purpose, the policy configuration module 155 may gather the required
information, such as community specific data 180, from the computing device 110. Further,
when a user browses a URL, a corresponding the policy implementation module 160 may
determine a cookie policy to be implemented. As mentioned earlier, the URL feature vector for
the URL may be determined. Based on the URL feature vector , a user policy vector of the URL
corresponding to user may determined using following equation:
20
2
1
2 ( )
: ( , ) 1
( ) ( ) ( , ) ( , ) ( )
2
(( ) )
2
min 1 ( )  
 
  
n
k
j
k
i r i j
j T x i m i j y i j j



 (2)
where n is total number of URL features, r(i,j) is 1 if jth user has rated the ith URL, else 0,
y(i,j) is rating by jth user for ith URL, x(i) is URL feature vector for ith URL, θ(j) is user policy
vector for jth user , and λ is a constant, which may vary from application to application.
[0061] As described above, based on the URL feature vector and the user policy vector a
cookie policy to be implemented is determined. Thus, in said embodiment, the cookie policy to
be implemented is determined locally for each user and the user specific information may be
available on the user device 115 corresponding to the user.
[0062] Fig. 2 illustrates an example of the feedback data 185, the URL feature data 190,
and the user policy data 195, generated using the cookie management system 105. In an
implementation, the feedback data 185, the URL feature data 190, and the user policy data 195
may combine to form the policy configuration data 170. Further, the feedback data 185, the URL
feature data 190, and the user policy data 195, are illustrated by way of a matrix. However it will
be understood that the feedback data 185, the URL feature data 190, and the user policy data 195
may be stored in any other format as well.
[0063] As illustrated, various users 205, such as Alice, Bob, and Carol are indicated in
the top row of the feedback data 185 and various URLs 210, such as www.google.com,
www.facebook.com, and www.tcs.com, are indicated in the first column of the feedback data
185. Additionally, feedback corresponding to each of the URLs 210 is indicated in the feedback
data 185. Various values may be used indicate the feedback, for example, ‘0’ may be used to
indicate block all cookies, ‘0.5’ may be used to indicate block few cookies, ‘1’ may be used to
indicate block none, and ‘?’ may be used to indicate that user had not provided any response and
a cookie policy that is to be implemented for this user is to be determined.
[0064] Further, URL feature values 215 corresponding to various URL features for the
URLs 210, such as whether the URL is an Indian webpage, rank of the URL, and number of
cookies, are indicated in the URL feature data 190. In said example, the URL feature values 215
are determined such that they have a value between 0 and 1. Based on the feature values, a URL
feature vector for each of the URLs 210 may be determined. The URL feature vector may a
vector represented as [ x1, x2,….xN ]. For example, for www.google.com a URL feature vector
21
225 may be determined based on the corresponding URL feature values. As indicated, the URL
feature vector 225 may be [ 0 0 1]. Further, policy values 220 corresponding to each of the URL
features for each of the users 205 are indicated in the user policy data 195. Based on the policy
values 220, a user policy vector for each of the user may be determined. Similar to the URL
feature vectors, user policy vectors may be represented as matrices. For instance, a user policy
vector 230 for Alice may be [ 0.4 0.4 0.2 ].
[0065] As can be observed, when Alice visits www.facebook.com all the cookies are to
be allowed, however the cookie policy to be implemented when Alice visits www.tcs.com and
www.google.com may not be identified. The cookie policy may be identified based on the URL
feature values 215 corresponding to www.facebook.com, the policy values 220 corresponding to
the Alice, and feedback provided by Bob and Carol for these two URLs. Thus, the policy
configuration data 170 may facilitate identification of a cookie policy that is to be implemented
for a user and for a given URL.
[0066] Fig. 3 and Fig. 4 illustrate a method for configuring cookie policies, according to
an embodiment of the present subject matter and a method for identifying a cookie policy
according to an embodiment of the present subject matter.
[0067] The methods may be described in the general context of computer executable
instructions. Generally, computer executable instructions can include routines, programs, objects,
components, data structures, procedures, modules, functions, etc., that perform particular
functions or implement particular abstract data types. The methods may also be practiced in a
distributed computing environment where functions are performed by remote processing devices
that are linked through a communications network. In a distributed computing environment,
computer executable instructions may be located in both local and remote computer storage
media, including memory storage devices.
[0068] The order in which the methods are described is not intended to be construed as a
limitation, and any number of the described method blocks can be combined in any order to
implement the method, or an alternative method. Additionally, individual blocks may be deleted
from the methods without departing from the spirit and scope of the subject matter described
herein. Furthermore, the methods can be implemented in any suitable hardware, software,
firmware, or combination thereof.
22
[0069] Referring to Fig. 3, the method 300 illustrating a configuration stage of a cookie
management system 105, such as the cookie management system 105 is described.
[0070] At block 305, information pertaining to a predefined number of URL features for
a plurality of URLs is obtained. The URL features may be user specific features, website content
based features, absolute cookie property based features, and external web services based
features. In an example, the policy configuration module 155 may obtain the information from
external web resources. Alternatively or additionally, the policy configuration module 155 may
determine the information regarding the URL features.
[0071] At block 310, a feature value corresponding to each of the URL features is
computed based on value computation parameters. Examples of value computation parameters
include, but are not limited to, numericalization, feature scaling, and correlation. In an example,
the policy configuration policy configuration module 155 may compute the feature values. The
URL feature values may be stored in the policy configuration data 170. In an implementation,
[0072] At block 315, community feedback corresponding to the plurality of URLs is
obtained. The community feedback includes response provided by one or more users regarding
cookie policy that they would wish to implement for a given URL. In an implementation the
feedback module 150 determines the feedback and makes it available for the policy
configuration policy configuration module 155. The community feedback may be stored in the
policy configuration data 170.
[0073] At block 320, a user policy vector, for each of the users, is computed. The user
policy vector includes a predetermined number of user policy values. The number of user policy
values may be same as that of the number of the feature values. In an example, the user policy
vectors are computed based on the community feedback and the feature values obtained for each
of the URLs. Additionally, the user policy vector may also be based on the base policy values.
The user policy vector may be stored in the policy configuration data 170.
[0074] Thus, based on the URL feature values and the community feedback, the cookie
policies may be configured. For instance, the user policy vectors may be computed using the
URL feature values and the community feedback. Further, based on the URL feature vectors and
user policy vectors, a cookie policy to be implemented may be identified in the policy
implementation stage. As will be explained in detail with reference to description of Fig. 4.
23
[0075] Referring to Fig. 4, the method 400 illustrating an implementation stage of a
cookie management system 105, such as the cookie management system 105 is described. The
method 400 may be performed by a policy implementation module, such as the policy
implementation module 160. Further, for the sake of brevity, the method 400 is described with
reference to a feedback override stage and a fresh policy stage.
[0076] Considering that a user wishes to implement a cookie policy identified based on
the policy configuration data generated in the configuration stage, at block 405, a URL being
browsed by a user is identified.
[0077] At block 410, it is ascertained whether the policy action mode is activated. In an
example, the user may have activated the policy action mode at the configuration stage, say, by
turning the policy action mode ‘ON’; and the same may be checked while implementing a cookie
policy for a user. In case it is ascertained the policy action mode is not activated the method 400
may branch to (‘No’ branch) block 415.
[0078] At block 415, a default action may be performed. The default action may be, for
example, not implementing any cookie policy or implementing any other default cookie policy
set by the user.
[0079] However, if at block 410, it is determined that the policy action mode is activated,
the method 400 may proceed to (‘Yes’ branch) block 420.
[0080] At block 420, a URL feature vector corresponding to the URL and a user policy
vector corresponding to the user may be obtained. In an example, the URL feature vector and the
user policy vector are obtained from the policy configuration data 170. In another example, the
URL feature vector and user policy vector may be computed based on the URL feature values
and policy values.
[0081] At block 425, the cookie policy to be implemented is identified based on the URL
feature vector and the user policy vector. In an alternate implementation, in case the cookie
policy is already available in the policy configuration data, such as the policy configuration data
170, the cookie policy may not be computed again and may be obtained from the policy
configuration data 170. The cookie policy may indicate that all cookies are to be blocked, some
cookies are to be blocked, or no cookies are to be blocked.
[0082] Although embodiments for managing cookies in a computing device have been
described in a language specific to the structural features and/or methods, it is understood that
the invention is not necessarily limited to the specific features or methods described. Rather, the
specific features and methods are disclosed as exemplary embodiments for managing cookies in
a computing device.