140 likes | 244 Views
Cookies, Spyware, and Your Privacy. Presented by Darren Jaggi. What is a Cookie?. A cookie is a message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server.
E N D
Cookies, Spyware, and Your Privacy Presented by Darren Jaggi
What is a Cookie? A cookie is a message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server.
Why do we have Cookies? The main purpose of cookies is to identify users and possibly prepare customized Web pages for them. When you enter a Web site using cookies, you may be asked to fill out a form providing such information as your name and interests. This information is packaged into a cookie and sent to your Web browser which stores it for later use. The next time you go to the same Web site, your browser will send the cookie to the Web server. The server can use this information to present you with custom Web pages. So, for example, instead of seeing just a generic welcome page you might see a welcome page with your name on it.
Etymology of Cookie The name cookie derives from UNIX objects called magic cookies. These are tokens that are attached to a user or program and change depending on the areas entered by the user or program • Source - http://www.webopedia.com/TERM/c/cookie.html
Persistent vs. Session Cookies Cookies are either stored in memory (session cookies) or placed on your hard disk (persistent cookies). Persistent cookies are written to the Cookies folder. The Temporary Internet Files index is updated with pointers to the actual cookies files. • Source - http://support.microsoft.com/?kbid=260971
More about Cookies Persistent cookies are stored for a length of time that is set by the Web server when it passes the cookie to Internet Explorer. These cookies are used to store state information between visits to a site.Per-session cookies are used to store state information only within a session. These cookies are cached only while a user is visiting the Web server issuing the per-session cookie and are deleted from the cache when the user closes the session.Per-session cookies are frequently used by Active Server Pages (ASP) running on Microsoft Internet Information Server 3.0 or later. These cookies store session information as the user navigates to multiple ASP pages in a site. • Source - http://support.microsoft.com/default.aspx?scid=kb;EN-US;223799
First-Party and Third-Party Cookies First-party cookies are cookies that are associated with the host domain. Third-party cookies are cookies from any other domain. For example, suppose that you visit www.yahoo.com by typing the URL in the address bar, and chat.yahoo.com, www.netflix.com, and www.ebay.com have banner ads on this page. If these sites all set cookies, the cookies from www.yahoo.com and chat.yahoo.com are in a first-party context, and the cookies from www. netflix.com and www.ebay.com are in a third-party context.NOTE: If you visit www.yahoo.com over a secure connection by using Secure Hypertext Transfer Protocol (HTTPS), content on the page that is not using HTTPS is considered third-party content. Also note that if you gain access to a site that uses cookies by using a frameset, or portal, on another site, those cookies are considered third-party content.Cookies are uniquely assigned to your user profile, and can only be read by the host domain that issues the cookie to you.
So what's the big deal…? It's just a Cookie, right? • Well that depends on if you understand how things really work. These 3rd party Cookies are generated by companies that get paid to obtain as much information as possible about your viewing habits, preferences, computer settings, etc. • Now you multiply this times the amount of ads on the page supplied by 3rd parties ..... This doesn't take into account the other tricks they use such as web bugs - single pixel images, hidden hit counters, page trackers, and other undefined javascripts. Getting the idea…? And that's just on one page! Then you find an interesting link to another page and the process starts all over again (ugh!) So the next time someone states that Cookies are safe, be very cautious about the information you are divulging. Never assume that these characters are playing by the rules either! • Disabling all cookies does not make you anonymous or prevent Web sites from tracking your browsing habits. HTTP requests still include information about where you came from (HTTP Referer), your IP address, browser version, operating system, and other information.
Cookie Examples • MSN - mhMSNImsn.com/1024247119180831107852145049324829638337*MC1V=3&GUID=188ac0341f1a470791f09ff422d5a90fmsn.com/102413082419230914898258180056029633140*SITESERVERID=UID=188ac0341f1a470791f09ff422d5a90fmsn.com/102464285900831887777318445846429633191*theme101msn.com/102426804492829644632147283324829638337*MSNADSUM=AQQAunKuAdO4AdO7AVi3Abomsn.com/102466600140830955877250539060829635677*speedBmsn.com/102415582309122963882819859644829636012* • Double-click - id800000397fee162doubleclick.net/102418641388802985809515955257629637819* • Advertising -ACIDee440010850474380011!advertising.com/102454006451230005353340763040029638225*BASERKM2wza28HWuO8nGVYtH/MYLoPwxrZQHbKsklw2IeEGdpeTr+6EAq9wIbkIENrKGEwsYz0B!advertising.com/1024131503552030005505407869140829638377*ROLLZIAFF6IWJ+e1Mo/Z6MHwgRqdCBT3ODZqW0YRBfPyw1+G4ENFQ71r7yo7/ijY6GJ/8CkI38I!advertising.com/1024131503552030005505407869140829638377* • Gator - GatorWebPdpCookie_WUIDQK18VQr7BpgAAD5QsoMgator.com/1024251812057629650444277529329629638374*GatorWebPdpCookie_MSG613%3A18%3A1%3A40ad7c55%7C390%3A3%3A1%3A40ad81c1gator.com/1024351321868829650447377526140829638377*GatorWebPdpCookie_PLCMNT475%3A267%3A1%3A40ad7c55%3A1%7C579%3A207%3A1%3A40ad81c1%3A1gator.com/1024351321868829650447377706140829638377* • Google - PREFID=3a4ee7cb3b6ce26f:FF=4:TB=2:LD=en:NR=10:TM=1082863300:LM=1082974754:S=3TyyFoBt4ZKL3f02google.com/1536261887833632111634398146089629633399*
Cookies in Internet Explorer 6 Internet Explorer 6 implements advanced cookie filtering that is based on the Platform for Privacy Preferences (P3P) specification. By default, Internet Explorer 6 blocks third-party cookies that do not have a compact policy (a condensed computer-readable privacy statement) or third-party cookies that have a compact policy which specifies that personally identifiable information is used without your implicit consent. First-party cookies that have a compact policy which specifies that personally identifiable information is used without implicit consent are downgraded (deleted when you close Internet Explorer). First-party cookies that do not have a compact policy are leashed (restricted so that they can only be read in the first-party context).
What is Spyware? • It is any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else.
Why is Spyware so Bad? Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.
More about Spyware Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. • Source - http://www.webopedia.com/TERM/s/spyware.html
Lavasoft’s Ad-aware • Lavasoft is the industry leader and most respected provider of anti Trackware solutions. They have developed Ad-aware as a means to keep your computer free of these compromising and intrusive threats to your privacy. • With its ability to comprehensively scan your memory, registry, hard, removable and optical drives for known datamining, aggressive advertising, and tracking components, Ad-aware will provide the user with the confidence to surf the Internet knowing that their privacy will remain intact. • Source – http://www.lavasoftusa.com