User Tracking
Spyware and adware can track data on individual users, to build
profile for each user. User data can then be used to target advertising
particular user, for example. Perhaps the most important mechanism for monitoring users
is the use of cookies. This is the subject of the next section, which deals
as cookies and other data sources can be used to profile users.
Cookies
Of all the things that anti-spyware detects not lend itself to low cost
jokes as much as the cookies. A browser cookie - or a cookie for short - is not executable
code, but a small piece of persistent data to store the user's Web browser.
browsers to send cookies to the remote Web server, and therefore they can be used
track user activity using the methods described below. Cookies are sometimes confused
with spyware as such, and when the breath of stories about spyware-infested
machines are, it is unclear if the "spyware" that report is that
Cookies detected by anti-spyware.
Cookies are designed to correct the constitutional problem with the HTTP protocol
that web browsers use to communicate with web sites, namely the lack of sustained
state. For example, consider the following situations:
1. Alice connects to your account on a website.
2. She checks her account balance.
It ensures that third address is correct.
4th Alice disconnects.
and
Bob first visited a site with an online store.
2. It adds an item to the shopping cart.
3. He believes a second destination.
He added that another fourth item on the shopping cart.
5. Bob clicks the "checkout now" to purchase items.
Each step in these scenarios involves a transition between web pages. In addition,
Web browser can retrieve all Web pages by opening a TCP connection
Web server, and implement an HTTP transaction to a web page and then close
TCP connection. The server can then see a number of different connections, and somehow
must determine which links are connected to the account of Alice, and
shopping cart that is Bob.
One approach would be that the server is trying to keep Alice and Bob separated
Your machines IP 'addresses. The server can easily determine
IP address where a TCP connection from the computer and if Alice's IP address
Address 10.0.0.42 and Bob 10.0.0.1 for the server to distinguish them. This
not focus on a number of cases in common, however, when the IP address is
not separate, or may become the center of everything. Alice and Bob can share the same physical
computer and has only one IP address for that reason. Alice and Bob can
different computers, but both computers are behind a firewall, which makes
It seems that the connections from the same IP address. Alice's computer may
have a dynamically assigned IP address which can legitimately change. Bob laptoptoting
ways may allow some of its purchases through local coffeeshops
wireless Internet with an IP address, and the rest to work
different IP address.
Another approach would be to the state information is encoded on the URL
Web pages, for example by using a parameter added to a URL in a query
string:
https://www.example.com/account_balance.html?user=alice
It also has disadvantages. Information is easily exposed to the user, making
trivially vulnerable to accidental or intentional changes. Normal functions of the browser
can have unexpected results, if Bob purchases are encoded in the URL, then use
browser "Back" button will make things jump out of his basket, a
that can be described as unintuitive at best.
Cookies 113
Let the cookies. A cookie is a small amount of stored data using a web browser
can be set by the web server, the browser sends a cookie to the server
the server for each HTTP request the browser makes.
process.
The cookie contains the following information:
Name
The name of the cookie. It may be a number of cookies, web site, which is
another name.
Value
The value of data associated with a cookie.
Path
The road is a constraint that can be specified, cookies are not sent if the cookie
path does not match the beginning of the path in the HTTP request. This prevents
cookies are sent to the wrong place. For example, if example.com is a
ISPs offering a business service Foo, Inc. and Bar, Inc., with their respective
Websites are under
https://www.example.com/foo/
and
https://www.example.com/bar/
Foo and would set its cookies "path / foo to prevent them being sent to the bar.
Domain
The domain is another obstacle to send cookies, this time applied to
domain name in a URL. As with the above, says ISP example.com
confirmed the company subdomain foo.example.com Foo, Inc.
bar.example.com Bar, Inc. - the domain part of a cookie can be set to
ensure that witnesses of both companies are not sent to the wrong server.
Last
The final ("end" is also known as the "max-age") tells the browser that can be
delete the cookie. In practice, it is only advisory, and the browser can be deleted
cookie before or after that time. If the due date is specified, the default is
the cookie will disappear when the browser closes. A value of zero to advise
browser to delete the cookie immediately (useful when a user connects from a
site).
A browser sends cookies to the server by adding a cookie: a head
HTTP request. The server can send a Set-Cookie: header in its response
to set a new cookie, or modify an existing cookie. If the server does not send a
Set-Cookie: cookies when the browser will remain unchanged, ie the server does not
not have to constantly transmit the cookie values.
a browser in the first game is no cookie to send, receive an HTTP response
then continues to send the cookie with subsequent requests, even if the server
do not send it.
Unless the path and domain constraints, the cookie is sent is usually only
The Web site set a cookie in the first place. This allows the above scenarios can be treated, Alice and Bob to keep separate log Basketball. The
also to avoid some problems, such as the vagaries of IP addresses and objects magically
disappearing carriages.
(Note that all problems are resolved by the cookie. Although not as easy to do,
cookies can still be changed by users. A site stupid enough to save the price
and a cookie can not say that the user has changed the price to give a fair
discount. These attacks are called cookie poisoning.)
Confidentiality problem with cookies is the ability of others to follow
user's Internet usage. Cookies aside, it is easy to convince the browser
to download content from various websites.
content of the applications have an embedded image as an advertisement, which
the image is the site for advertising.
Now combine with cookies, a web browser to send
cookies of the site content for the site content and advertising only site
Cookies from advertising alone. The cookies are called third site advertising
cookies as they are added by a third party, the user can directly access
Website. This is not very useful until the idea has grown.
there are now several sites content user visits, but each
references to the banner on the website itself. Suppose Advertisement
The site identifies the requests come from the image of the flag of each content
site, you can do (for example), encoding each image URL query strings
how? source = site1, and? source = site2. Then, when the advertising site
Cookies are sent with your browser request for an image of the banner, it detects that the user has visited a particular content. While the precise identity of the user is not
directly detected in this way allows the browsing habits of a user to track through different websites.