cookies & privacy
TRANSCRIPT
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 1/27
Cookies & Privacy
Good Cookie or Bad Cookie?
By Ravi Pai Panandiker
November 21, 2002IST 497E/Giles
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 2/27
O verviewIntroductionWhat is a Cookie? Basic FactsCookies & Paranoia
Getting Creative with CookiesScope of CookiesCookie FixesCookie Taxonomy
Anatomy of a CookieWorking with Cookies: Code & DemoCookie based MarketingCookies, Privacy & LegislationConclusion
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 3/27
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 4/27
What is a Cookie?Short pieces of text generated duringweb activity and stored in the user¶s
machine for future referenceInstructions for reading and writingcookies are coded by website authorsand executed by user browsersDeveloped for user convenience toallow customization of sites withoutneed for repeating preferences
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 5/27
Cookie FactsMost Cookies store just 1 data value
A Cookie may not exceed 4 Kb in size
Browsers are preprogrammed to allow atotal of 300 Cookies, after whichautomatic deletion based on expiry date
and usageCookies have 3 key attributes: name,value and expiry date
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 6/27
Cookies & ParanoiaWhy are Cookies notorious?Most Cookie activity is transparent to the user
Most people do not understand what Cookiescan and cannot doPeople do not know how to protectthemselves from CookiesValid reason: There are organizations outthere using Cookies to track your activities(More later)
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 7/27
Darwinian Evolution: GettingCreative with Cookies
Basic cookie mechanism: Place a piece of information, retrieve it for customization onsubsequent visitsFunctions available: read, write, deleteCreative application1: Initialize a cookiecalled counter to 1. Every time user visits,retrieve counter, increment by 1 and re-write.Creative application2: When a user visits,write system date/time in a cookie. Next visitget cookie for last visit. O verwrite with currentdate/time.
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 8/27
Cookie Scope: Cannot DoHave automatic access to personalinformation like name, address, email
Read or write data to hard diskRead or write information in cookiesplaced by other sites
Run programs on your computer
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 9/27
Cookie Scope: Can DoStore and manipulate any informationyou explicitly provide to a site
Track your interaction with parent sitesuch as pages visited, time of visits,number of visits
Use any information available to webserver including: IP address, O peratingSystem, Browser Type
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 10/27
Cookie Fixes: Getting in ControlTurn up security level on your browser todisable cookies or prompt for cookieDelete the content of a cookie and then writeprotect itUse JavaScript command to display cookiesby current site/path:JavaScript:alert(document.cookie)
Use 3 rd party software: Cookie Pal,CookieMaster, CookieCrusher to monitor,browse and edit cookies.(Shareware/Freeware)
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 11/27
Cookie Types and TaxonomyBy Lifespan
- Session Cookies (RAM)
- Persistent Cookies (Disk)By Read-Write Mechanism
- Server-Side Cookies (HTTP Header)- Client-Side Cookies (JavaScript)
By Structure- Simple Cookies- Array Cookies
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 12/27
Anatomy of a (Simple) CookieString of text with these 6 attributes:
The domain and path for which the
cookie is validThe name of the cookieThe value of the cookie
The expiration date of the cookieWhether a secure connection neededto use the cookie
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 13/27
Working with CookiesThe domain and path are automaticallyhandled by the browser, script author has nocontrol
For a given domain and path, a script maycreate any number of cookies by specifying aname, value and expiry dateEach (simple) cookie is stored in a separate
text file in Temporary Internet Folder, buttagged to a specific domainCookies are handled by the browser as anO bject called document.cookie and
read/written using object dot notation
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 14/27
Cookie CodeCookies may be read/written byserver-side or client-side code
Server-side Cookies are executed bythe web server and instructions includedin HTTP header for the pageServer-side Cookie languages:Perl/CGI, ASP/VBScriptClient-side scripts: JavaScriptembedded in page HTML
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 15/27
A Typical Cookie AlgorithmStart:
O n page load
IsCookieempty?
Read Cookie
Write new Cookie.Prompt for info if
necessary.
Use Cookie info tocustomize/login etc
Update Cookie Continue loadingpage«
Y
N
© Ravi Pai Panandiker
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 16/27
Cookie Code: JavaScriptJavaScript code uses 3 standard functionsthat are defined in the HTML <head> tag:getCookie(cookieName)setCookie(cookieName, value, expDate)delCookie(cookieName)
All Cookie manipulation is performed using
these 3 functions and regular algorithmicconstructs All functions are automatically performed onthe cookie object of that domain/path
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 17/27
Cookie Demo: JavaScripthttp://www.personal.psu.edu/ryp105/cookies
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 18/27
Cookie Based MarketingWh at is it?User customized online advertising and
marketing system that uses Cookiesand databases to create, maintain andutilize consumer profiles and monitor their activity
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 19/27
Cookie based MarketingH ow does it work?Companies like DoubleClick.net,
adserver.com and adflow.com havedeveloped an innovative system (usingstandard technologies) for this purpose.They tie up with popular websites likeYahoo, Amazon to create an extensivedata and information sharing network
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 20/27
Cookie based MarketingH ow it works contd.Code developed by the company isplaced on these web sites.When you hit another such site, it sendsdata placed in your cookies toDoubleClick and retrieves marketinginformation about you enabling them tocustomize ads etcResult: O ne person may see ads for sports goods and another for babyclothes
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 21/27
C ookie based Marketing - Sc h ema
User C omputer
W eb Server Ad Server
GET- Cookie based info
- User ad server id- IP address
SEND- Regular page content
- Targeted advertising
GET - Consumer profile and/or - Targeted banner ad
SEND - User ad server id- IP address
© Ravi Pai Panandiker
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 22/27
Cookie Viruses?O n most platforms, Cookies are stored as textonly files. To cause damage the Cookie mustbe an executable
O n Windows, text files are non-executableand would open in a text editor if doubleclickedIn general, there are easier loopholes for a
hacker in ActiveX controls, O utlook ExpressetcThe threat from Cookies is not from what theycan do to your computer but what information
they may store and pass on
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 23/27
Cookies, Privacy and LegislationConcern about misuse from Governmentagencies and non-profit organizations likeInternet Engineering Task Force (IETF),
Electronic Privacy Information Center (EPIC)Study by govt.¶s Computer Incident AdvisoryCommittee (CIAC) in 1998Bulletin concluded that there was more hypethan hazard from Cookies.
Agreed that tracking people¶s browsing habitsmakes many users uncomfortable
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 24/27
Cookies, Privacy & LegislationNew proposal put forward by IETF together with Netscape and Microsoft to modify theCookie standard.
Proposal is being backed by leading non-profit organizationsProposal will limit persistence and makeCookie activity more transparent.
Key aspect of proposal is to disallow 3 rd partyserver access to cookies.Would destroy Cookie based marketing.
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 25/27
ConclusionCookies were originally created as harmlesspieces of text for user convenience
Along the way, some evil geniuses found away to exploit them for businessMost studies conclude are not harmful touser: Would you rather see an ad for aproduct that¶s relevant or one you¶d never
buy?The paranoia arises from the invisible natureof cookie transactions and inadequateinformation about their ability.
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 26/27
Sourceswww.cookiecentral.comwww.echoecho.com
www.wmlpulse.comwww.epic.orgwww.ciac.org
www.howstuffworks.comwww.webmonkey.comwww.ozemail.com.au
8/8/2019 Cookies & Privacy
http://slidepdf.com/reader/full/cookies-privacy 27/27