In what way could the use of “cookies” violate a person’s privacy?

A.
When they are used to tie together a set of unconnected requests for web pages to cause an
electronic map of where one has been.

B.
When they are used to keep logs of who is using an anonymizer to access a site instead of their
regular userid.

C.
When the e-mail addresses of users that have registered to access the web site are sold to
marketing firms.

Explanation:
Both A and C are correct in that they are true but from a CISSP viewpoint looking into a PC the
cookies show a map of where the user has been. Therefore I think A is the better choice. “Any web
site that knows your identity and has cookie for you could set up procedures to exchange their data
with the companies that buy advertising space from them, synchronizing the cookies they both have
on your computer. This possibility means that once your identity becomes known to a single
company listed in your cookies file, any of the others might know who you are every time you visit
their sites. The result is that a web site about gardening that you never told your name could sell not
only your name to mail-order companies, but also the fact that you spent a lot of time one Saturday
night last June reading about how to fertilize roses. More disturbing scenarios along the same lines
could be imagined.” http://www.junkbusters.com/cookies.html