1 / 21

Tracking Cookies

Tracking Cookies. ECE 4112 Final Project Phillip Shatzman and Jeff Magee December 4, 2007. Overview. Background Tracking Cookies in Action Code analysis Cookie Defense Spybot – Search & Destroy What students will learn / do. Background. Track web activity Marketing Online Retailer

hu-bowers
Download Presentation

Tracking Cookies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tracking Cookies ECE 4112 Final Project Phillip Shatzman and Jeff Magee December 4, 2007

  2. Overview • Background • Tracking Cookies in Action • Code analysis • Cookie Defense • Spybot – Search & Destroy • What students will learn / do

  3. Background • Track web activity • Marketing • Online Retailer • Privacy violations • Compiled in databases • Multiple cookies per website • e.g. Link4Ads • Third-party cookies • Pop-up banners

  4. Tracking Cookies in Action • Created 3 “domains” • Each uses the same ad service • Result: Each domain can target specific services based on users browsing habits

  5. Live Webpage Demo

  6. Index Webpage Code <html> <frameset rows="20%,15%,65%"> <frame src="welcome.html"> <frame src="c:\ece4112\ads\determineadcasino.html"> <frame src="info.html"> </frameset> </html> • Advertisement frame is different for each, but in the same domain (“ad”) • determineadflorida, determineadretire

  7. determinead Webpage Code <script language="Javascript"> function checkCookie(){ //Initialization of variables to be used var lf = "\n"; //character for next line var CookieString = document.cookie; var CookieSet = CookieString.split(';'); var SetSize = CookieSet.length; var CookiePieces; var ReturnValue=""; //set default empty return if no cookie found var x = 0; for (x = 0; ((x < SetSize) && (ReturnValue == "")); x++){ CookiePieces = CookieSet[x].split('=');

  8. determinead Code (cont.) if (CookiePieces[0].substring(0,1) == ' ' ){ CookiePieces[0] = CookiePieces[0].substring(1, CookiePieces[0].length); }//end if if (CookiePieces[0] == "ad1"){ ReturnValue = CookiePieces[1]; }//end if }//end for return ReturnValue; }//end checkCookie()

  9. determinead Code (cont.) function SetCookie(cookieName,cookieValue,nDays){ var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays ==1; expire.setTime(today.getTime() + 3600000*24*nDays); document.cookie = cookieName+"="+escape(cookieValue)+";expires="+expire.toGMTString(); }

  10. determinead Code (cont.) if (CookiePieces[0].substring(0,1) == ' ' ){ CookiePieces[0] = CookiePieces[0].substring(1, CookiePieces[0].length); }//end if if (CookiePieces[0] == "ad1"){ ReturnValue = CookiePieces[1]; }//end if }//end for return ReturnValue; }//end checkCookie()

  11. determinead Code (cont.) var returnval = checkCookie(); if (returnval == ""){ // no cookie found SetCookie("ad1","florida",100); returnval="florida";} if (returnval == "casino"){ SetCookie("ad1","floridacasino",100); window.location.href="floridacasino.html";} else if (returnval == "retire"){ SetCookie("ad1","floridaretire",100); window.location.href="floridaretire.html";} else if (returnval == "casinoretire"){ SetCookie("ad1","floridacasinoretire",100); window.location.href="floridacasinoretire.html";} else window.location.href=returnval+".html" </script>

  12. Several Methods • Delete Cookies on Close • “Learning” • Block all Cookies • Can do this in most any browser Cookie Defense

  13. Cookie Defense – Delete on Close • Delete cookies when exiting • Can still be tracked while browsing • On open, no website will know you • Pro: Past activity unknown to tracking websites since cookies are gone • Con: Legitimate websites with logins often use cookies to remember users

  14. Cookie Defense – “Learning” • Two options: Block bad or Allow good • Block Bad • Accept Cookies • See a bad cookie, delete and block source • Accept Good • Block All Cookies • When finding a legitimate website, allow • Pro: Very effective after a long time • Con: Takes a while and is a pain

  15. Cookie Defense – Block All • No cookies allowed on PC. • Pro: Most effective • Con: Many legitimate websites require cookies. • Alternative: Block all and allow individual • AKA, “Accept Good Learning” • More of a pain than “Block Bad Learning”

  16. Cookie Defense – Internet Explorer Settings • IE has similar settings to Firefox except it also has built-in, customizable security levels

  17. Spybot – Search and Destroy • Searches the computer for tracking cookies. • Uses a frequently updated list of known tracking cookies • Freeware • Can be used for many security issues on computers, such as Spyware

  18. Spybot – Tracking Cookie Scan

  19. Spybot – After Scan Actions • Immunize (see previous slides screenshot) • Add the domains found in Spybot to the blocked cookies list using the “learning” mode defense discussed earlier

  20. Students Will… • Gain a understanding of tracking cookies • See them in action by visiting mock pages • Analyze the code to see how it worked • Secure their browser against bad cookies • Use anti-spyware software to protect browser

  21. Questions?

More Related