- From: Jonathan Rees <jar@creativecommons.org>
- Date: Mon, 15 Aug 2011 15:30:53 -0400
- To: Mukul Gandhi <gandhi.mukul@gmail.com>
- Cc: www-tag@w3.org
On Sun, Aug 14, 2011 at 10:45 AM, Mukul Gandhi <gandhi.mukul@gmail.com> wrote: > Hi Jonathan, > > On Fri, Aug 12, 2011 at 8:41 PM, Jonathan Rees <jar@creativecommons.org> wrote: >> How does this work? I.e. what are browser instances doing that leaks >> their identity to servers? Is it just a lucky guess based on >> User-agent or something? > > I believe, that the "User-Agent" HTTP request header field is a > reliable way for a server to know, that with which user agent (usually > a web browser) it is sending response to. It's possible that this is being used, but (a) Alan showed that there is no need to check the User-agent header; what I saw can be done with classical cookies and transclusion, (b) User-agent won't let the advertisers tell browser instances apart, since you could have multiple computers sending the same User-agent string on different computers, all with the same IP address (thanks to NAT). If an advertising service only checked User-agent it would have both imprecise targeting (decreasing the value of the service) and a much more serious privacy situation. Jonathan
Received on Monday, 15 August 2011 19:31:19 UTC