W3C home > Mailing lists > Public > www-tag@w3.org > August 2011

Re: how does host B know that its visitor is the one that visited host A?

From: Jonathan Rees <jar@creativecommons.org>
Date: Mon, 15 Aug 2011 15:30:53 -0400
Message-ID: <CACHXnarh2VPULEEhs5TQ==ywgDwCFye00RR==HHTayWEJQXi7Q@mail.gmail.com>
To: Mukul Gandhi <gandhi.mukul@gmail.com>
Cc: www-tag@w3.org
On Sun, Aug 14, 2011 at 10:45 AM, Mukul Gandhi <gandhi.mukul@gmail.com> wrote:
> Hi Jonathan,
>
> On Fri, Aug 12, 2011 at 8:41 PM, Jonathan Rees <jar@creativecommons.org> wrote:
>> How does this work? I.e. what are browser instances doing that leaks
>> their identity to servers? Is it just a lucky guess based on
>> User-agent or something?
>
> I believe, that the "User-Agent" HTTP request header field is a
> reliable way for a server to know, that with which user agent (usually
> a web browser) it is sending response to.

It's possible that this is being used, but (a) Alan showed that there
is no need to check the User-agent header; what I saw can be done with
classical cookies and transclusion, (b) User-agent won't let the
advertisers tell browser instances apart, since you could have
multiple computers sending the same User-agent string on different
computers, all with the same IP address (thanks to NAT). If an
advertising service only checked User-agent it would have both
imprecise targeting (decreasing the value of the service) and a much
more serious privacy situation.

Jonathan
Received on Monday, 15 August 2011 19:31:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:39 GMT