W3C home > Mailing lists > Public > www-tag@w3.org > August 2011

Re: how does host B know that its visitor is the one that visited host A?

From: Alan Ruttenberg <alanruttenberg@gmail.com>
Date: Fri, 12 Aug 2011 14:40:15 -0400
Message-ID: <CAFKQJ8=WLri6jKqMi8Rvn+y85MiXPHf=Bs9s65BnaHAhW4n+xA@mail.gmail.com>
To: Jonathan Rees <jar@creativecommons.org>
Cc: www-tag@w3.org
A and B are in cohoots.
A creates an id in their cookie. (aid)
They embed a link to B that includes their id in the name. B's server
responds to the link no matter what the id is
B sets their cookie. on the server end, they associated their id
(bid), with aid, and using the referrer information, record where
you were when.

C and B are in cohoots.
C creates an id in their cookie. (cid)
They embed a link to B that includes their id in the name. B's server
responds to the link no matter what the id is
B sets their cookie. on the server end, they associated their id, with
cid and using the referrer information, record where you were when.

C asks B where the person known by cid has been. B can respond that
the person has been at A and when because it can compose the relations
cid->bid o bid->aid and then look up the events.

Tools such as Ghostery attempt to block this by blocking connections
to organizations like B.
See also http://blogs.wsj.com/wtk/

-Alan

On Fri, Aug 12, 2011 at 11:11 AM, Jonathan Rees <jar@creativecommons.org> wrote:
> Probably everyone knows this but me...
>
> I shop at expedia.com (or somewhere) for a London hotel room. Later I
> visit guardian.co.uk and see an Expedia ad for London hotel rooms.
>
> I visit guardian.co.uk in a different browser (same computer & IP
> address but Safari instead of Chrome) and instead get an ad for
> magazine subscriptions. Apparently the Guardian can tell my two
> browsers apart somehow - it's using more than just my IP address to
> decide what ads to show me.
>
> How does this work? I.e. what are browser instances doing that leaks
> their identity to servers? Is it just a lucky guess based on
> User-agent or something?
>
> (a propos our privacy & tracking discussions)
>
> Thanks
> Jonathan
>
>
Received on Friday, 12 August 2011 18:41:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:39 GMT