Tracking Cookies ECE 4112 Final Project Phillip Shatzman
- Slides: 21
Tracking Cookies ECE 4112 Final Project Phillip Shatzman and Jeff Magee December 4, 2007
Overview • • • Background Tracking Cookies in Action Code analysis Cookie Defense Spybot – Search & Destroy What students will learn / do
Background • Track web activity – Marketing • Online Retailer • Privacy violations – Compiled in databases • Multiple cookies per website – e. g. Link 4 Ads • Third-party cookies – Pop-up banners
Tracking Cookies in Action • Created 3 “domains” • Each uses the same ad service • Result: Each domain can target specific services based on users browsing habits
Live Webpage Demo
Index Webpage Code <html> <frameset rows="20%, 15%, 65%"> <frame src="welcome. html"> <frame src="c: ece 4112adsdetermineadcasino. html"> <frame src="info. html"> </frameset> </html> • Advertisement frame is different for each, but in the same domain (“ad”) – determineadflorida, determineadretire
determinead Webpage Code <script language="Javascript"> function check. Cookie(){ //Initialization of variables to be used var lf = "n"; //character for next line var Cookie. String = document. cookie; var Cookie. Set = Cookie. String. split('; '); var Set. Size = Cookie. Set. length; var Cookie. Pieces; var Return. Value=""; //set default empty return if no cookie found var x = 0; for (x = 0; ((x < Set. Size) && (Return. Value == "")); x++){ Cookie. Pieces = Cookie. Set[x]. split('=');
determinead Code (cont. ) if (Cookie. Pieces[0]. substring(0, 1) == ' ' ){ Cookie. Pieces[0] = Cookie. Pieces[0]. substring(1, Cookie. Pieces[0]. length); }//end if if (Cookie. Pieces[0] == "ad 1"){ Return. Value = Cookie. Pieces[1]; }//end if }//end for return Return. Value; }//end check. Cookie()
determinead Code (cont. ) function Set. Cookie(cookie. Name, cookie. Value, n. Days){ var today = new Date(); var expire = new Date(); if (n. Days==null || n. Days==0) n. Days ==1; expire. set. Time(today. get. Time() + 3600000*24*n. Days); document. cookie = cookie. Name+"="+escape(cookie. Value)+"; expires="+expire. t o. GMTString(); }
determinead Code (cont. ) if (Cookie. Pieces[0]. substring(0, 1) == ' ' ){ Cookie. Pieces[0] = Cookie. Pieces[0]. substring(1, Cookie. Pieces[0]. length); }//end if if (Cookie. Pieces[0] == "ad 1"){ Return. Value = Cookie. Pieces[1]; }//end if }//end for return Return. Value; }//end check. Cookie()
determinead Code (cont. ) var returnval = check. Cookie(); if (returnval == ""){ // no cookie found Set. Cookie("ad 1", "florida", 100); returnval="florida"; } if (returnval == "casino"){ Set. Cookie("ad 1", "floridacasino", 100); window. location. href="floridacasino. html"; } else if (returnval == "retire"){ Set. Cookie("ad 1", "floridaretire", 100); window. location. href="floridaretire. html"; } else if (returnval == "casinoretire"){ Set. Cookie("ad 1", "floridacasinoretire", 100); window. location. href="floridacasinoretire. html"; } else window. location. href=returnval+". html" </script>
Cookie Defense • Several Methods – Delete Cookies on Close – “Learning” – Block all Cookies • Can do this in most any browser
Cookie Defense – Delete on Close • Delete cookies when exiting • Can still be tracked while browsing • On open, no website will know you – Pro: Past activity unknown to tracking websites since cookies are gone – Con: Legitimate websites with logins often use cookies to remember users
Cookie Defense – “Learning” • Two options: Block bad or Allow good • Block Bad – Accept Cookies – See a bad cookie, delete and block source • Accept Good – Block All Cookies – When finding a legitimate website, allow • Pro: Very effective after a long time • Con: Takes a while and is a pain
Cookie Defense – Block All • No cookies allowed on PC. – Pro: Most effective – Con: Many legitimate websites require cookies. • Alternative: Block all and allow individual – AKA, “Accept Good Learning” – More of a pain than “Block Bad Learning”
Cookie Defense – Internet Explorer Settings • IE has similar settings to Firefox except it also has built-in, customizable security levels
Spybot – Search and Destroy • Searches the computer for tracking cookies. – Uses a frequently updated list of known tracking cookies • Freeware • Can be used for many security issues on computers, such as Spyware
Spybot – Tracking Cookie Scan
Spybot – After Scan Actions • Immunize (see previous slides screenshot) • Add the domains found in Spybot to the blocked cookies list using the “learning” mode defense discussed earlier
Students Will… • • • Gain a understanding of tracking cookies See them in action by visiting mock pages Analyze the code to see how it worked Secure their browser against bad cookies Use anti-spyware software to protect browser
Questions?
- Cs flowchart wpi
- King phillip came over for good soup
- Phylogenetic tree of a dog
- Dear king phillip came over
- Kingdom chart
- Dear king phillip came over
- King philip kingdom phylum
- Philip bayard crosby
- Phillip gilley
- Common protists examples
- Deacon & phillip
- King phillip acronym
- Dear king phillip came over
- Dear king phillip came over for good spaghetti
- King phillip came over from great spain
- The levels of classification
- Bufonaria borisbeckeri
- Alexander the great's timeline
- Dr phillip williams
- Philip larkin mom and dad
- J donald phillips
- Phillip a. scherrer