In what way could the use of “cookies” violate a person’s privacy?

A.
When they are used to tie together a set of unconnected requests for web pages to cause an
electronic map of where one has been.

B.
When they are used to keep logs of who is using an anonymizer to access a site instead of
their regular userid.

C.
When the e-mail addresses of users that have registered to access the web site are sold to
marketing firms.

Explanation:
Both A and C are correct in that they are true but from a CISSP viewpoint looking
into a PC the cookies show a map of where the user has been. Therefore I think A is the better
choice.
“Any web site that knows your identity and has cookie for you could set up procedures to
exchange their data with the companies that buy advertising space from them, synchronizing the
cookies they both have on your computer. This possibility means that once your identity becomes
known to a single company listed in your cookies file, any of the others might know who you are
every time you visit their sites.
The result is that a web site about gardening that you never told your name could sell not only
your name to mail-order companies, but also the fact that you spent a lot of time one Saturday
night last June reading about how to fertilize roses. More disturbing scenarios along the same
lines could be imagined.” http://www.junkbusters.com/cookies.html