User Tracking

15/07/2011 10:27

Spyware and adware can track data on individual users, to build

profile for each user. User data can then be used to target advertising

particular user, for example. Perhaps the most important mechanism for monitoring users

is the use of cookies. This is the subject of the next section, which deals

as cookies and other data sources can be used to profile users.


Of all the things that anti-spyware detects not lend itself to low cost

jokes as much as the cookies. A browser cookie - or a cookie for short - is not executable

code, but a small piece of persistent data to store the user's Web browser.

browsers to send cookies to the remote Web server, and therefore they can be used

track user activity using the methods described below. Cookies are sometimes confused

with spyware as such, and when the breath of stories about spyware-infested

machines are, it is unclear if the "spyware" that report is that

Cookies detected by anti-spyware.

Cookies are designed to correct the constitutional problem with the HTTP protocol

that web browsers use to communicate with web sites, namely the lack of sustained

state. For example, consider the following situations:

1. Alice connects to your account on a website.

2. She checks her account balance.

It ensures that third address is correct.

4th Alice disconnects.


Bob first visited a site with an online store.

2. It adds an item to the shopping cart.

3. He believes a second destination.

He added that another fourth item on the shopping cart.

5. Bob clicks the "checkout now" to purchase items.

Each step in these scenarios involves a transition between web pages. In addition,

Web browser can retrieve all Web pages by opening a TCP connection

Web server, and implement an HTTP transaction to a web page and then close

TCP connection. The server can then see a number of different connections, and somehow

must determine which links are connected to the account of Alice, and

shopping cart that is Bob.

One approach would be that the server is trying to keep Alice and Bob separated

Your machines IP 'addresses. The server can easily determine

IP address where a TCP connection from the computer and if Alice's IP address

Address and Bob for the server to distinguish them. This

not focus on a number of cases in common, however, when the IP address is

not separate, or may become the center of everything. Alice and Bob can share the same physical

computer and has only one IP address for that reason. Alice and Bob can

different computers, but both computers are behind a firewall, which makes

It seems that the connections from the same IP address. Alice's computer may

have a dynamically assigned IP address which can legitimately change. Bob laptoptoting

ways may allow some of its purchases through local coffeeshops

wireless Internet with an IP address, and the rest to work

different IP address.

Another approach would be to the state information is encoded on the URL

Web pages, for example by using a parameter added to a URL in a query


It also has disadvantages. Information is easily exposed to the user, making

trivially vulnerable to accidental or intentional changes. Normal functions of the browser

can have unexpected results, if Bob purchases are encoded in the URL, then use

browser "Back" button will make things jump out of his basket, a

that can be described as unintuitive at best.

Cookies 113

Let the cookies. A cookie is a small amount of stored data using a web browser

can be set by the web server, the browser sends a cookie to the server

the server for each HTTP request the browser makes.


The cookie contains the following information:


The name of the cookie. It may be a number of cookies, web site, which is

another name.


The value of data associated with a cookie.


The road is a constraint that can be specified, cookies are not sent if the cookie

path does not match the beginning of the path in the HTTP request. This prevents

cookies are sent to the wrong place. For example, if is a

ISPs offering a business service Foo, Inc. and Bar, Inc., with their respective

Websites are under


Foo and would set its cookies "path / foo to prevent them being sent to the bar.


The domain is another obstacle to send cookies, this time applied to

domain name in a URL. As with the above, says ISP

confirmed the company subdomain Foo, Inc. Bar, Inc. - the domain part of a cookie can be set to

ensure that witnesses of both companies are not sent to the wrong server.


The final ("end" is also known as the "max-age") tells the browser that can be

delete the cookie. In practice, it is only advisory, and the browser can be deleted

cookie before or after that time. If the due date is specified, the default is

the cookie will disappear when the browser closes. A value of zero to advise

browser to delete the cookie immediately (useful when a user connects from a


A browser sends cookies to the server by adding a cookie: a head

HTTP request. The server can send a Set-Cookie: header in its response

to set a new cookie, or modify an existing cookie. If the server does not send a

Set-Cookie: cookies when the browser will remain unchanged, ie the server does not

not have to constantly transmit the cookie values.

a browser in the first game is no cookie to send, receive an HTTP response

then continues to send the cookie with subsequent requests, even if the server

do not send it.

Unless the path and domain constraints, the cookie is sent is usually only

The Web site set a cookie in the first place. This allows the above scenarios can be treated, Alice and Bob to keep separate log Basketball. The

also to avoid some problems, such as the vagaries of IP addresses and objects magically

disappearing carriages.

(Note that all problems are resolved by the cookie. Although not as easy to do,

cookies can still be changed by users. A site stupid enough to save the price

and a cookie can not say that the user has changed the price to give a fair

discount. These attacks are called cookie poisoning.)

Confidentiality problem with cookies is the ability of others to follow

user's Internet usage. Cookies aside, it is easy to convince the browser

to download content from various websites.

content of the applications have an embedded image as an advertisement, which

the image is the site for advertising.

Now combine with cookies, a web browser to send

cookies of the site content for the site content and advertising only site

Cookies from advertising alone. The cookies are called third site advertising

cookies as they are added by a third party, the user can directly access

Website. This is not very useful until the idea has grown.

there are now several sites content user visits, but each

references to the banner on the website itself. Suppose Advertisement

The site identifies the requests come from the image of the flag of each content

site, you can do (for example), encoding each image URL query strings

how? source = site1, and? source = site2. Then, when the advertising site

Cookies are sent with your browser request for an image of the banner, it detects that the user has visited a particular content. While the precise identity of the user is not

directly detected in this way allows the browsing habits of a user to track through different websites.