1 cookies prof. sheizaf rafaeli electronic commerce
Post on 25-Dec-2015
212 Views
Preview:
TRANSCRIPT
1Prof. Sheizaf Rafaeli – E-Business
CookiesCookies
Prof. Sheizaf RafaeliProf. Sheizaf RafaeliElectronic commerceElectronic commerce
2Prof. Sheizaf Rafaeli – E-Business
C is for CookieC is for Cookie
Now what starts with the letter C? Cookie starts with C Let's think of other things That starts with C Oh, who cares about the other things?
C is for cookie, that's good enough for me C is for cookie, that's good enough for me C is for cookie, that's good enough for me Oh, cookie, cookie, cookie starts with C
3Prof. Sheizaf Rafaeli – E-Business
Advantages of maintaining stateAdvantages of maintaining state
Shopping cart applicationsShopping cart applications Customizing and personalizing contentCustomizing and personalizing content Tracking navigation patternsTracking navigation patterns Creating “subscriber” statusCreating “subscriber” status Remembering pesky passwordsRemembering pesky passwords Rewarding frequent or return visitsRewarding frequent or return visits Changing banners and bookmarksChanging banners and bookmarks Games: remembering scores, high scores, skill levelsGames: remembering scores, high scores, skill levels
4Prof. Sheizaf Rafaeli – E-Business
““Maintaining state”Maintaining state”
Stored in Stored in cookiescookies Encoded in Encoded in URL linksURL links Sent in Sent in hidden form variableshidden form variables Stored in variables in other Stored in variables in other (hidden) frames(hidden) frames Stored Stored on the web serveron the web server ( (least desirable)least desirable)
5Prof. Sheizaf Rafaeli – E-Business
CookiesCookies
““Magic cookies” “Persistent client state HTTP Magic cookies” “Persistent client state HTTP cookies”cookies”
A cookie is a small amount of information that a Web site sends to your browser. When your browser receives a cookie, it saves the cookie on your hard drive for future use
When you re-visit a site, your browser checks for any pre-defined preferences (cookies) for that particular site.
6Prof. Sheizaf Rafaeli – E-Business
CookiesCookies
Enable storing information on the client’s Enable storing information on the client’s browser for later retrievalbrowser for later retrieval
Most powerful technique for maintaining Most powerful technique for maintaining state within a web sitestate within a web site
7Prof. Sheizaf Rafaeli – E-Business
Web sites use cookies in many Web sites use cookies in many different waysdifferent ways..
Sites can Sites can accurately determine how many people actually visit the site.accurately determine how many people actually visit the site. It It turns out that because of turns out that because of proxy serversproxy servers, , cachingcaching, , concentratorsconcentrators and so on, the and so on, the only way for a site to accurately count visitors is to set a cookie with a unique only way for a site to accurately count visitors is to set a cookie with a unique ID for each visitor. Using cookies, sites can determine: ID for each visitor. Using cookies, sites can determine:
– How many visitors arrive How many visitors arrive – How many are new vs. repeat visitors How many are new vs. repeat visitors – How often a visitor has visited How often a visitor has visited
The first time a visitor arrives, the site creates a new ID in the database and The first time a visitor arrives, the site creates a new ID in the database and sends the ID as a cookie. The next time the user comes back, the site can sends the ID as a cookie. The next time the user comes back, the site can increment a counter associated with that ID in the database.increment a counter associated with that ID in the database.
Sites can Sites can store user preferencesstore user preferences (often referred to as (often referred to as customizationcustomization).).
E-commerce sitesE-commerce sites can implement things like can implement things like shopping cartsshopping carts and and "quick "quick checkout" optionscheckout" options. It would be impossible to implement a convenient . It would be impossible to implement a convenient shopping mechanism without cookies or something like them. shopping mechanism without cookies or something like them.
TRY THIS: http://computer.howstuffworks.com/history.php
8Prof. Sheizaf Rafaeli – E-Business
9Prof. Sheizaf Rafaeli – E-Business
10Prof. Sheizaf Rafaeli – E-Business
11Prof. Sheizaf Rafaeli – E-Business
12Prof. Sheizaf Rafaeli – E-Business
13Prof. Sheizaf Rafaeli – E-Business
Are Are YOUYOU a voyeur? a voyeur?
VisitVisit– http://www.metaspy.com (http://www.metaspy.com (choose red)choose red)– http://voyeur.mckinley.com/cgi-bin/voyeur.cgihttp://voyeur.mckinley.com/cgi-bin/voyeur.cgi– http://aj.comhttp://aj.com
Was it interesting?Was it interesting?
14Prof. Sheizaf Rafaeli – E-Business
Problems, Constraints and Problems, Constraints and Disadvantages (Disadvantages (realreal))
Cookie may not be persistentCookie may not be persistent May be deleted by accident or on purposeMay be deleted by accident or on purpose may be disallowed or frozenmay be disallowed or frozen Browser may impose limitations, distorting Browser may impose limitations, distorting
the informationthe information Unencrypted, may “give away” secretsUnencrypted, may “give away” secrets Made to sound scary (see myths)Made to sound scary (see myths)
15Prof. Sheizaf Rafaeli – E-Business
Where are cookies stored?Where are cookies stored?
By Netscape, as “cookies.txt” on Windows By Netscape, as “cookies.txt” on Windows machines or as “MagicCookies” (on Macs)machines or as “MagicCookies” (on Macs)
By Explorer in special directory named By Explorer in special directory named Windows/CookiesWindows/Cookies
By other browsers - wherever they wishBy other browsers - wherever they wish
16Prof. Sheizaf Rafaeli – E-Business
Cookie MythsCookie Myths ““The biggest problem seems psychological”The biggest problem seems psychological” Big brother violating privacy?Big brother violating privacy? Cookies seldom used for this purposeCookies seldom used for this purpose Cookies Cookies cannot be used to get data from your hard
drive, your email address or sensitive information about your person
HOWEVER: look at http://www.doubleclick.com– ““delivering targeted REAL TIME marketing”
17Prof. Sheizaf Rafaeli – E-Business
WebBugsWebBugs(doubleclick’s secret)(doubleclick’s secret)
A hidden active link <img src=“http://bug.com/1pix.gif” width=1height=1> </img>
http://mysite.com
http://yoursite.com
18Prof. Sheizaf Rafaeli – E-Business
Cookie Myths (2)Cookie Myths (2)
Early implementations of Java and JavaScript did allow awful things but for the most part these security leaks have been plugged.
Software limits total size of cookie file:Software limits total size of cookie file:– less than 1.2 MBless than 1.2 MB– no more than 80 KB per each web siteno more than 80 KB per each web site– each site can only access its owneach site can only access its own
19Prof. Sheizaf Rafaeli – E-Business
Cookie Myths (3)Cookie Myths (3)
A site can only access a cookie that has been set from its own domain, It cannot access any other cookies from your computer.
20Prof. Sheizaf Rafaeli – E-Business
Still… How do I stop’em? (1)Still… How do I stop’em? (1) Use the anonymizer service, atUse the anonymizer service, at
– http://www.anonymizer.com/http://www.anonymizer.com/
Use Cookie Central’s cookie web kit, at Use Cookie Central’s cookie web kit, at http://www.cookiecentral.comhttp://www.cookiecentral.com
21Prof. Sheizaf Rafaeli – E-Business
Still… How do I stop’em? (2)Still… How do I stop’em? (2)
Use Cookie Crusher, at:Use Cookie Crusher, at:– http://www.thelimitsoft.com/cookie.htmlhttp://www.thelimitsoft.com/cookie.html
Disable cookies. Disable cookies. – On Explorer use View-Internet options-AdvancedOn Explorer use View-Internet options-Advanced
– On Netscape: Network - Preferences - Protocol menuOn Netscape: Network - Preferences - Protocol menu
– delete cookies.txt (or magicCookies on Mac), replace delete cookies.txt (or magicCookies on Mac), replace with system, hidden, read-only, write protected, zero with system, hidden, read-only, write protected, zero
length filelength file Use Junkbuster, at http://www.junkbuster.comUse Junkbuster, at http://www.junkbuster.com
22Prof. Sheizaf Rafaeli – E-Business
Netscape’s original cookie specsNetscape’s original cookie specs
Netscape is the inventor of cookies. Netscape is the inventor of cookies. The original specs are available at:The original specs are available at:
– http://www.netscape.com/newsref/std/cookie_spec.htmlhttp://www.netscape.com/newsref/std/cookie_spec.html
23Prof. Sheizaf Rafaeli – E-Business
Using CookiesUsing Cookies
Cookies are stored in name=value pairsCookies are stored in name=value pairs The main functions necessary are:The main functions necessary are:
– GetcookieGetcookie– SetCookieSetCookie– ClearCookieClearCookie
Cookies save “expire”, “path”, “domain” Cookies save “expire”, “path”, “domain” and “secure” parameters.and “secure” parameters.
24Prof. Sheizaf Rafaeli – E-Business
See exampleSee example
See example in cookie.favorites.html, at:See example in cookie.favorites.html, at:– http://www.umich.edu/~cisdept/Grad/CIS742/http://www.umich.edu/~cisdept/Grad/CIS742/
cookies.favorites.htmlcookies.favorites.html This program makes use of three different This program makes use of three different
cookies:cookies:– ViewAll toggles between different displaysViewAll toggles between different displays– ShowOptions allow setting the page up and ShowOptions allow setting the page up and
viewing in different modeviewing in different mode
25Prof. Sheizaf Rafaeli – E-Business
GetCookie functionGetCookie function//---------------------------------------------------------------// GetCookie - Returns the value of the specified cookie or null// if the cookie doesn't exist//---------------------------------------------------------------function GetCookie(name) { var result = null; var myCookie = " " + document.cookie + ";"; var searchName = " " + name + "="; var startOfCookie = myCookie.indexOf(searchName) var endOfCookie; if (startOfCookie != -1) { startOfCookie += searchName.length; // skip past cookie name endOfCookie = myCookie.indexOf(";", startOfCookie); result = unescape(myCookie.substring(startOfCookie, endOfCookie)); } return result;}//---------------------------------------------------------------
26Prof. Sheizaf Rafaeli – E-Business
Set Cookie functionSet Cookie function//---------------------------------------------------------------// SetCookie - Adds or replaces a cookie. Use null for parameters// that you don't care about//---------------------------------------------------------------function SetCookie(name, value, expires, path, domain, secure) { var expString = ((expires == null) ? "" : ("; expires=" + expires.toGMTString())) var pathString = ((path == null) ? "" : ("; path=" + path)) var domainString = ((domain == null) ? "" : ("; domain=" + domain)) var secureString = ((secure == true) ? "; secure" : "") document.cookie = name + "=" + escape(value) + expString + pathString + domainString + secureString;}
27Prof. Sheizaf Rafaeli – E-Business
Clear Cookie functionClear Cookie function
//---------------------------------------------------------------// ClearCookie - Removes a cookie by setting an expiration date// three days in the past//---------------------------------------------------------------function ClearCookie(name) { var ThreeDays = 3 * 24 * 60 * 60 * 1000; var expDate = new Date(); expDate.setTime (expDate.getTime() - ThreeDays); document.cookie = name + "=ImOutOfHere; expires=" + expDate.toGMTString();}
28Prof. Sheizaf Rafaeli – E-Business
Future of cookiesFuture of cookies
The Internet Engineering Task Force The Internet Engineering Task Force (IETF) committee (HTTP Working Group):(IETF) committee (HTTP Working Group):– Trust Mechanisms and “Proposed HTTP State Trust Mechanisms and “Proposed HTTP State
Management Mechanism”. Management Mechanism”. » http://www.ietf.cnri.reston.va.us/html.charters/http-http://www.ietf.cnri.reston.va.us/html.charters/http-
charter.htmlcharter.html
Draft specs resemble Netscape’s but more Draft specs resemble Netscape’s but more conservativeconservative
29Prof. Sheizaf Rafaeli – E-Business
The “DoubleClick Controversy”The “DoubleClick Controversy”
ProfilingProfiling
30Prof. Sheizaf Rafaeli – E-Business
DoubleClickDoubleClickPersonal data sent to DoubleClick servers includes:
My Email address
My full name
My mailing address (street, city, state, and Zip code)
My phone number
Transactional data sent to DoubleClick includes:
Names of VHS movies I am interested in buying
Details of a plane trip
Search phrases used at search engines
Health conditions See Richard Smith’s
http://users.rcn.com/rms2000/privacy/
31Prof. Sheizaf Rafaeli – E-Business
Double ClickDouble Click
AltaVista Yellow Pages -- Complete home address (Fixed January 2000)Banner ad URL: http://live.av.com/scripts/search.dll?ep=7&gca=address&orderby=distance&sstreet=172+mason+terr&scity=brookline&sstate=MA&szip=02446&scountry=USA&query=sinsa&qname=&sic=&ck=&userid=130782922&userpw=.&uh=130782922,0,&ccity=brookline&cstate=MA&ver=hb1.2.2Referring URL: http://ad.doubleclick.net/ad/my.av.com/findanything;sz=468x60;ord=8089440000
RealNetworks -- Registration information (Fixed December 1999)Banner ad URL: http://ad.doubleclick.net/ad/real.networks/banner;sect=download;sz=468x60;ord=4296?Referring URL: http://proforma.real.com/real/player/player.html?RApromo=&language=English&s=1&dc=161514&src=000103realhome%2Cnav%2C991228choice&first_name=Richard&last_name=Smith&email=smiths@tiac.net&country=US&product=&platform=Windows+98&speed=Pentium&connection=256+kbps+xDSL%2FCable¬ices=Yes
32Prof. Sheizaf Rafaeli – E-Business
Double Click Double Click AltaVista -- Search string
Banner ad URL: http://ad.doubleclick.net/adi/altavista.digital.com/result_front;kw=sports+cars;cat=stext;ord=203730346Referring URL: http://www.altavista.com/cgi-bin/query?pg=q&sc=on&hl=on&q=sports+cars&kl=XX&stype=stext&search.x=39&search.y=11
Travelocity -- Plane trip informationBanner ad URL: http://ad.doubleclick.net/ad/travelocity.TRAVELOCITY.com/aircairline;orig=BOS;dest=LASReferring URL: http://dps1.travelocity.com:80/lognguest.ctl?SEQ=950480201958005
Buy.com -- Movie titleBanner ad URL: http://ad.doubleclick.net/ad/buy.videos.sm/videos-search;kw=enemy+of+the+state;cat=videos-search;sz=120x90;title=1;num=123456?Referring URL: http://www.buy.com/videos/searchresults.asp?searchtype=1&format=1&qu=enemy+of+the+state
drkoop.com -- Health condition informationBanner ad URL: http://ad.doubleclick.net/ad/dr.koop.dart/diabetes;sz=120x60;ord=870204?Referring URL: http://www.drkoop.com/conditions/diabetes/
Amazon/Internet Moive Database (IMDb) -- Movie SKUBanner ad URL: http://ad.doubleclick.net/ad/www.imdb.com/Title;p=Title;sz=468x60;kw=76759;g=Sci;g=Act;g=Adv;ord=145171Referring URL: http://us.imdb.com/Title?0076759
33Prof. Sheizaf Rafaeli – E-Business
Double ClickDouble Click
HealthCentral -- Email addressBanner ad URL: http://ad.doubleclick.net/adi/www.healthcentral.com/newsletters/main;cat=healthcat=health;;ord=13065Referring URL: http://www.healthcentral.com/newsletters/newsletters.cfm?primaryemail=smiths@tiac.net&NewsLetterType=Specific&Subscription=Dr.+Dean+Digest&x=37&y=12
Amazon/Internet Moive Database (IMDb) -- BirthdayBanner ad URL: http://ad.doubleclick.net/ad/www.imdb.com/OnThisDay;p=OnThisDay;sz=468x60;ord=142577Referring URL: http://us.imdb.com/OnThisDay?day=28&month=November
Travelocity -- Email addressBanner ad URL: http://m.doubleclick.net/viewad/59705-295964options_old.gifReferring URL: http://dps1.travelocity.com/promoptout.ctl?email=smiths@TIAC.NET
34Prof. Sheizaf Rafaeli – E-Business
Doubleclick, 24/7, Doubleclick, 24/7, Link Exchange, EngageLink Exchange, Engage
Hundreds of publishers and dozens of networksHundreds of publishers and dozens of networks DART-- direct ad serving technology, Closed DART-- direct ad serving technology, Closed
loop, Local, international, “boomerang”loop, Local, international, “boomerang” “can break profiles down into as many as 800
different interest categories. “
Merging with other databases?Merging with other databases? Stalking suit? Stalking suit?
35Prof. Sheizaf Rafaeli – E-Business
More cookie informationMore cookie information
Andy’s Cookie pages, at:Andy’s Cookie pages, at:– http://www.illuminatus.com/cookie.fcgihttp://www.illuminatus.com/cookie.fcgi
Cookie CentralCookie Central– http://www.cookiecentral.comhttp://www.cookiecentral.com
Alternative browsers’ support for cookies, Alternative browsers’ support for cookies, at:at:– http://www.research.digital.com/nsl/formtest/http://www.research.digital.com/nsl/formtest/
stats-by-test/NetscapeCookie.htmlstats-by-test/NetscapeCookie.html
36Prof. Sheizaf Rafaeli – E-Business
And even more...And even more... http://www.cnet.com/Content/Voices/Barr/042996/index.htmlhttp://www.cnet.com/Content/Voices/Barr/042996/index.html
TheTruth about cookies (from C|Net).TheTruth about cookies (from C|Net). http://www.jasmin.com/cook0696.htmlhttp://www.jasmin.com/cook0696.html
Jasmin:Making it Personal with CookiesJasmin:Making it Personal with Cookies http://www.emf.net/~mal/cookiesinfo.htmlhttp://www.emf.net/~mal/cookiesinfo.html
Malcolm's Guide to Persistent Cookies resourcesMalcolm's Guide to Persistent Cookies resources http://www.cam.org/~githerr/privacy.htmhttp://www.cam.org/~githerr/privacy.htm
Privacy and protection on the InternetPrivacy and protection on the Internet http://www.anonymizer.com/http://www.anonymizer.com/
Anonymous SurfingAnonymous Surfing
37Prof. Sheizaf Rafaeli – E-Business
More resourcesMore resources
See Junkbusters:See Junkbusters:http://www.junkbusters.com/ht/en/ijbfaq.htmlhttp://www.junkbusters.com/ht/en/ijbfaq.html
Privacy FoundationPrivacy Foundationhttp://www.privacyfoundation.org/index.cfmhttp://www.privacyfoundation.org/index.cfm
top related