18-05-2012, 03:17 PM
Cookies & Privacy
Cookies & Privacy.ppt (Size: 124 KB / Downloads: 93)
Overview
Introduction
What is a Cookie? Basic Facts
Cookies & Paranoia
Getting Creative with Cookies
Scope of Cookies
Cookie Fixes
Cookie Taxonomy
Anatomy of a Cookie
Working with Cookies: Code & Demo
Cookie based Marketing
Cookies, Privacy & Legislation
Conclusion
What is a Cookie?
Short pieces of text generated during web activity and stored in the user’s machine for future reference
Instructions for reading and writing cookies are coded by website authors and executed by user browsers
Developed for user convenience to allow customization of sites without need for repeating preferences
Cookie Facts
Most Cookies store just 1 data value
A Cookie may not exceed 4 Kb in size
Browsers are preprogrammed to allow a total of 300 Cookies, after which automatic deletion based on expiry date and usage
Cookies have 3 key attributes: name, value and expiry date
Cookies & Paranoia
Why are Cookies notorious?
Most Cookie activity is transparent to the user
Most people do not understand what Cookies can and cannot do
People do not know how to protect themselves from Cookies
Valid reason: There are organizations out there using Cookies to track your activities (More later)
Darwinian Evolution: Getting Creative with Cookies
Basic cookie mechanism: Place a piece of information, retrieve it for customization on subsequent visits
Functions available: read, write, delete
Creative application1: Initialize a cookie called counter to 1. Every time user visits, retrieve counter, increment by 1 and re-write.
Creative application2: When a user visits, write system date/time in a cookie. Next visit get cookie for last visit. Overwrite with current date/time.
Cookie Scope: Cannot Do
Have automatic access to personal information like name, address, email
Read or write data to hard disk
Read or write information in cookies placed by other sites
Run programs on your computer
Cookie Scope: Can Do
Store and manipulate any information you explicitly provide to a site
Track your interaction with parent site such as pages visited, time of visits, number of visits
Use any information available to web server including: IP address, Operating System, Browser Type
Cookie Fixes: Getting in Control
Turn up security level on your browser to disable cookies or prompt for cookie
Delete the content of a cookie and then write protect it
Use JavaScript command to display cookies by current site/path:JavaScript:alert(document.cookie)
Use 3rd party software: Cookie Pal, CookieMaster, CookieCrusher to monitor, browse and edit cookies. (Shareware/Freeware)
Cookie Types and Taxonomy
By Lifespan
- Session Cookies (RAM) - Persistent Cookies (Disk)
By Read-Write Mechanism
- Server-Side Cookies (HTTP Header)
- Client-Side Cookies (JavaScript)
By Structure
- Simple Cookies
- Array Cookies
Anatomy of a (Simple) Cookie
String of text with these 6 attributes:
The domain and path for which the cookie is valid
The name of the cookie
The value of the cookie
The expiration date of the cookie
Whether a secure connection needed to use the cookie
Working with Cookies
The domain and path are automatically handled by the browser, script author has no control
For a given domain and path, a script may create any number of cookies by specifying a name, value and expiry date
Each (simple) cookie is stored in a separate text file in Temporary Internet Folder, but tagged to a specific domain
Cookies are handled by the browser as an Object called document.cookie and read/written using object dot notation
Cookie Code
Cookies may be read/written by server-side or client-side code
Server-side Cookies are executed by the web server and instructions included in HTTP header for the page
Server-side Cookie languages: Perl/CGI, ASP/VBScript
Client-side scripts: JavaScript embedded in page HTML