Since cookies have been kind of a theme recently, it seems appropriate to post this long essay on the history of cookie development (which includes a link to a contrarian argument about cookies and privacy that’s quite thought provoking). It’s quite technical and completely worth it — a step-by-step tour of the RFCs, browser development, and gradual mission creep that made cookies into the weird complicated mess they are today. It’s a great values-in-design study (without coming from an explicit ViD background) that traces a legacy of “rapid deployment of poorly specified features, or leaving essential security considerations as ‘out of scope'” and how it expresses itself in code, corporate practice, and outcomes for us, the users.