Cookies, Spyware, and Your Privacy Presented by Darren Jaggi
What is a Cookie? A cookie is a message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server.
Why do we have Cookies? The main purpose of cookies is to identify users and possibly prepare customized Web pages for them. When you enter a Web site using cookies, you may be asked to fill out a form providing such information as your name and interests. This information is packaged into a cookie and sent to your Web browser which stores it for later use. The next time you go to the same Web site, your browser will send the cookie to the Web server. The server can use this information to present you with custom Web pages. So, for example, instead of seeing just a generic welcome page you might see a welcome page with your name on it.
Etymology of Cookie The name cookie derives from UNIX objects called magic cookies. These are tokens that are attached to a user or program and change depending on the areas entered by the user or program • Source - http://www.webopedia.com/TERM/c/cookie.html
Persistent vs. Session Cookies Cookies are either stored in memory (session cookies) or placed on your hard disk (persistent cookies). Persistent cookies are written to the Cookies folder. The Temporary Internet Files index is updated with pointers to the actual cookies files. • Source - http://support.microsoft.com/?kbid=260971
More about Cookies Persistent cookies are stored for a length of time that is set by the Web server when it passes the cookie to Internet Explorer. These cookies are used to store state information between visits to a site.Per-session cookies are used to store state information only within a session. These cookies are cached only while a user is visiting the Web server issuing the per-session cookie and are deleted from the cache when the user closes the session.Per-session cookies are frequently used by Active Server Pages (ASP) running on Microsoft Internet Information Server 3.0 or later. These cookies store session information as the user navigates to multiple ASP pages in a site. • Source - http://support.microsoft.com/default.aspx?scid=kb;EN-US;223799
Cookie Examples • MSN - mhMSNImsn.com/1024247119180831107852145049324829638337*MC1V=3&GUID=188ac0341f1a470791f09ff422d5a90fmsn.com/102413082419230914898258180056029633140*SITESERVERID=UID=188ac0341f1a470791f09ff422d5a90fmsn.com/102464285900831887777318445846429633191*theme101msn.com/102426804492829644632147283324829638337*MSNADSUM=AQQAunKuAdO4AdO7AVi3Abomsn.com/102466600140830955877250539060829635677*speedBmsn.com/102415582309122963882819859644829636012* • Double-click - id800000397fee162doubleclick.net/102418641388802985809515955257629637819* • Advertising -ACIDee440010850474380011!advertising.com/102454006451230005353340763040029638225*BASERKM2wza28HWuO8nGVYtH/MYLoPwxrZQHbKsklw2IeEGdpeTr+6EAq9wIbkIENrKGEwsYz0B!advertising.com/1024131503552030005505407869140829638377*ROLLZIAFF6IWJ+e1Mo/Z6MHwgRqdCBT3ODZqW0YRBfPyw1+G4ENFQ71r7yo7/ijY6GJ/8CkI38I!advertising.com/1024131503552030005505407869140829638377* • Gator - GatorWebPdpCookie_WUIDQK18VQr7BpgAAD5QsoMgator.com/1024251812057629650444277529329629638374*GatorWebPdpCookie_MSG613%3A18%3A1%3A40ad7c55%7C390%3A3%3A1%3A40ad81c1gator.com/1024351321868829650447377526140829638377*GatorWebPdpCookie_PLCMNT475%3A267%3A1%3A40ad7c55%3A1%7C579%3A207%3A1%3A40ad81c1%3A1gator.com/1024351321868829650447377706140829638377* • Google - PREFID=3a4ee7cb3b6ce26f:FF=4:TB=2:LD=en:NR=10:TM=1082863300:LM=1082974754:S=3TyyFoBt4ZKL3f02google.com/1536261887833632111634398146089629633399*
Cookies in Internet Explorer 6 Internet Explorer 6 implements advanced cookie filtering that is based on the Platform for Privacy Preferences (P3P) specification. By default, Internet Explorer 6 blocks third-party cookies that do not have a compact policy (a condensed computer-readable privacy statement) or third-party cookies that have a compact policy which specifies that personally identifiable information is used without your implicit consent. First-party cookies that have a compact policy which specifies that personally identifiable information is used without implicit consent are downgraded (deleted when you close Internet Explorer). First-party cookies that do not have a compact policy are leashed (restricted so that they can only be read in the first-party context).
What is Spyware? • It is any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else.
Why is Spyware so Bad? Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.
More about Spyware Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. • Source - http://www.webopedia.com/TERM/s/spyware.html
Lavasoft’s Ad-aware • Lavasoft is the industry leader and most respected provider of anti Trackware solutions. They have developed Ad-aware as a means to keep your computer free of these compromising and intrusive threats to your privacy. • With its ability to comprehensively scan your memory, registry, hard, removable and optical drives for known datamining, aggressive advertising, and tracking components, Ad-aware will provide the user with the confidence to surf the Internet knowing that their privacy will remain intact. • Source – http://www.lavasoftusa.com