In <[EMAIL PROTECTED]>, on 02/08/00
at 04:56 PM, Tom Vogt <[EMAIL PROTECTED]> said:
>I have done a bit of research on something that I believe is interesting
>to at least a few here.
>in short, this german company came up with a tracking mechanism that not
>only defeats proxies and forwarders (and anonymizer), but also allows
>tracking ACROSS SITES.
Hi,
I am not sure how this defeats proxies & anonymizers? While this technique
allows tracking within the website of a users movements it does nothing to
reveal who the user is. At best going through a anonymizer the web site
knows that anonymous user xxyz1 took 10 mins looking at the following
pages and then followed link x123 to 123.com.
Other sites using the Referer: tag to track between sites I find
interesting. I would imagine that anonymizers could be set up to delete
this tag or put bogus information in them but this may break some web
sites. I have seen the Referer: tag used to insure that a user views a
specific web page before they are allowed access to another. A good
example of this would be a software license page that would be viewed
before a user was allowed to download the software.
Have you done any testing to see if you change the tracking number in the
Location: tag if you can still view the web pages?
I am not sure how much of a privacy risk this really is. IIRC a similar
technique was documented in some of my CGI books for tracking users in
shopping cart applications without using cookies.
It should be noted that in some situations tracking of a user while on the
site is not a BadThing(tm). I think most peoples concerns is when this
information is cross referenced with metaworld data (name, address,
...ect) and then sold off to the marketing droids. By going through an
anonymizer service you should be able to prevent this
cyberworld<-->metaworld correlation (except by the operators of the
anonymizer service).
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting
Data Security & Cryptology Consulting
Programming, Networking, Analysis
PGP for OS/2: http://www.openpgp.net/pgp.html
---------------------------------------------------------------
