- From: Alan Ruttenberg <alanruttenberg@gmail.com>
- Date: Fri, 12 Aug 2011 14:40:15 -0400
- To: Jonathan Rees <jar@creativecommons.org>
- Cc: www-tag@w3.org
A and B are in cohoots. A creates an id in their cookie. (aid) They embed a link to B that includes their id in the name. B's server responds to the link no matter what the id is B sets their cookie. on the server end, they associated their id (bid), with aid, and using the referrer information, record where you were when. C and B are in cohoots. C creates an id in their cookie. (cid) They embed a link to B that includes their id in the name. B's server responds to the link no matter what the id is B sets their cookie. on the server end, they associated their id, with cid and using the referrer information, record where you were when. C asks B where the person known by cid has been. B can respond that the person has been at A and when because it can compose the relations cid->bid o bid->aid and then look up the events. Tools such as Ghostery attempt to block this by blocking connections to organizations like B. See also http://blogs.wsj.com/wtk/ -Alan On Fri, Aug 12, 2011 at 11:11 AM, Jonathan Rees <jar@creativecommons.org> wrote: > Probably everyone knows this but me... > > I shop at expedia.com (or somewhere) for a London hotel room. Later I > visit guardian.co.uk and see an Expedia ad for London hotel rooms. > > I visit guardian.co.uk in a different browser (same computer & IP > address but Safari instead of Chrome) and instead get an ad for > magazine subscriptions. Apparently the Guardian can tell my two > browsers apart somehow - it's using more than just my IP address to > decide what ads to show me. > > How does this work? I.e. what are browser instances doing that leaks > their identity to servers? Is it just a lucky guess based on > User-agent or something? > > (a propos our privacy & tracking discussions) > > Thanks > Jonathan > >
Received on Friday, 12 August 2011 18:41:07 UTC