Re: how does host B know that its visitor is the one that visited host A?

On Sun, Aug 14, 2011 at 10:45 AM, Mukul Gandhi <> wrote:
> Hi Jonathan,
> On Fri, Aug 12, 2011 at 8:41 PM, Jonathan Rees <> wrote:
>> How does this work? I.e. what are browser instances doing that leaks
>> their identity to servers? Is it just a lucky guess based on
>> User-agent or something?
> I believe, that the "User-Agent" HTTP request header field is a
> reliable way for a server to know, that with which user agent (usually
> a web browser) it is sending response to.

It's possible that this is being used, but (a) Alan showed that there
is no need to check the User-agent header; what I saw can be done with
classical cookies and transclusion, (b) User-agent won't let the
advertisers tell browser instances apart, since you could have
multiple computers sending the same User-agent string on different
computers, all with the same IP address (thanks to NAT). If an
advertising service only checked User-agent it would have both
imprecise targeting (decreasing the value of the service) and a much
more serious privacy situation.


Received on Monday, 15 August 2011 19:31:19 UTC