Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 115: COMPUTING FOR The Socio-Techno Web

Published byこうご たにしき Modified over 6 years ago

Similar presentations

Presentation on theme: "CS 115: COMPUTING FOR The Socio-Techno Web"— Presentation transcript:

1 CS 115: COMPUTING FOR The Socio-Techno Web
image source: twitter.com tweeted/ CS 115: COMPUTING FOR The Socio-Techno Web Technologies for Private (and not-so- private) Communications

2 Browser Chatter

3 Browser Chatter Browsers chatter about
IP address, domain name, organization, Referring page Platform: O/S, browser What information is requested URLs and search terms To anyone who might be listening End servers System administrators Internet Service Providers Other third parties Advertising networks Anyone who might subpoena log files later Cookies

4 Cookies 101 Cookies can be useful
Used like a staple to attach multiple parts of a form together Used to identify you when you return to a web site so you don’t have to remember a password Used to help web sites understand how people use them Cookies can do unexpected things Used to profile users and track their activities, especially across web sites More about how to set cookies in your site:

5 Shopping carts Want to remember “state”or history
Because new service depends on previous

6 Like a coat check

7 Please store cookie xyzzy
Here is cookie xyzzy site browser site browser Browser sends a request to the server. Since the user has never visited that site before, there are no cookies, so none are sent. The server notices that there are no cookies, so it assumes that this is a new visitor, and it generates a new ID for the user and includes that ID as a cookie in the reply. The reply might even be tailored for new visitors. The browser later (minutes or months later, but before the cookie expires) makes another request at that site and sends back the cookie it got in step 2. The server gets the request with the cookie, realizes this is a returning visitor, and can generate a customized reply. First visit to site Later visits

8 How cookies work – the basics
A cookie stores a small string of characters A web site asks your browser to “set” a cookie Whenever you return to that site your browser sends the cookie back automatically Please store cookie xyzzy browser site Here is cookie xyzzy Later visits site browser First visit to site

9 HTTP request that sets a Cookie
Web Site which uses Cookies Web Page Request Header Web Page Response Header

10 HTTP request after the cookie is set
Web Site which uses Cookies Request Header after cookie is set

11 What’s in our cookie jar?
Firefox->Preferences->Privacy Chrome -> Preferences (Show advanced settings) -> Privacy Chrome, settings> advanced settings>privacy>content setting>All cookies and site data A cookie consists of the following components: <<show session cookie (wellesley)>> 1. Name 2. Value 3. Zero or more attributes (name/value pairs). Attributes store information such as the cookie’s expiration, domain, and flags (such as Secure and HttpOnly). For all page requests (in other words, every time you visit a web page), your browser (the client) compares the web page's URL to the cookies in the cookie jar and sends all the unexpired cookies that match the domain and path.

12 How cookies work – advanced
Cookies are only sent back to the “site” that set them – but this may be any host in domain Sites setting cookies indicate path, domain, and expiration for cookies Cookies can store user info or a database key that is used to look up user info Send me with any request to x.com until 2008 Send me with requests for index.html on y.x.com for this session only Database Users … Visits … User=Joe = x.com Visits=13 User=

13 Cookie terminology Cookie Replay – sending a cookie back to a site
Session cookie – cookie replayed only during current browsing session Persistent cookie – cookie replayed until expiration date First-party cookie – cookie associated with the site the user requested Third-party cookie – cookie associated with an image, ad, frame, or other content from a site with a different domain name that is embedded in the site the user requested Browser interprets third-party cookie based on domain name, even if both domains are owned by the same company

14 Third party cookies search for medical information buy CD set cookie
replay cookie Random Ad Medical Ad Search Service CD Store

15 Behavioral Targeting Ad network Advertisers Publishers

16 “Web bugs” Invisible “images” (1-by-1 pixels, transparent) embedded in web pages and cause referrer info and cookies to be transferred Also called web beacons, clear gifs, tracker gifs,etc. Work just like banner ads from ad networks, but you can’t see them unless you look at the page source Also embedded in HTML formatted messages, MS Word documents, etc.

17 What ad networks may know…
Personal data: address Full name Mailing address (street, city, state, and Zip code) Phone number Transactional data: Details of plane trips Search phrases used at search engines Health conditions Profiling from epic.org: Richard M smith’s Testimony to Congress 106shrg82146.htm The possibility of building a profile of users is a privacy threat, especially when tracking is done across multiple domains using third-party cookies. For this reason, some countries have legislation about cookies. Richard M. Smith, Chief Technology Officer of the Privacy Foundation, discusses the ways emerging technology infringes consumer privacy on the Internet “It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers.” – Richard M. Smith

18 Google Adsense

19 Video by Google: https://www.youtube.com/watch?v=ZPaJPxhPq_g

20 Do Not Track Specify opt-out preference with an HTTP header
Support provided by your browser Again Firefox->Preferences->Privacy Chrome->Preferences->setting->advanced->privacy privacy/do-not-track

21 Click on hyperlink

22 Super-Cookie The meanest of them all
A supercookie is a cookie with an origin of a top-level domain (such as .com) or a public suffix (such as .co.uk). Typically they are blocked by the browser. Supercookies can be a potential security concern and are therefore often blocked by web browsers. For example, a supercookie with an origin of .com, could maliciously affect a request made to example.com, even if the cookie did not originate from example.com. This can be used to fake logins or change user information. A supercookie is a cookie with an origin of a top-level domain (such as .com) or a public suffix (such as .co.uk). Ordinary cookies, by contrast, have an origin of a specific domain name, such as example.com. A zombie cookie is an HTTP cookie that returns to life automatically after being deleted by the user. Zombie cookies are recreated using a technology called Quantcast, which creates flash cookies to trace users on the Internet. The flash cookies are then used to recreate browser cookies, becoming zombie cookies that never die.

23 California enacted a new law (AB 370) requiring many websites to disclose more information about how they track users. Websites that collect personal information about their users must disclose (1) how they respond to a web browser's "do not track" (DNT) signal, and (2) if third parties can collect personal information across a network of sites. The law doesn't require websites to honor browser DNT signals or block third party tracking; it simply tries to increase transparency about the website's practices.

Download ppt "CS 115: COMPUTING FOR The Socio-Techno Web"

Similar presentations

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns.

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Behavior Tracking Dhaval Patel.

Behavior Tracking Dhaval Patel.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Online Privacy Concerns.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Online Privacy Concerns.
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.

Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
INTERNET PRIVACY Marketing companies www.doubleclick.net The cookie leak security hole in the HTML Email messages The Web Bug Can we trust the privacy.

INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.

XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
JavaScript, Fourth Edition

JavaScript, Fourth Edition
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.

Similar presentations

Ads by Google