Hi there,
Andrew Bruno wrote the following about [netconnect] A question about cookies.:
> I guess it is a bit off topic but here goes anyway:
>
> Cookies.
Yum! I do hope you're going to talk about the biscuity kind...
> Out of curiosity, I would like to know what info cookies can give the
> sender.
... sigh. Ah well. ;) Quick start: A cookie is a file which is
stored locally on your computer. The cookie is related to a
particular domain, so let's say you visit a page and tell it you want
to browse with frames off. The page will 'set' a Cookie on your
machine. The Cookie has 3 bits of information: The domain, the type
of data and the data itself. Obviously the Cookie can only have
information which the website knows about you, eg if you typed your
date of birth into a form, the website could store it on your computer
and use the information later.
Critical Point 1: The Cookie is _sent_ by your computer to the server
whenever you visit that domain again. If you go to a domain which has
a Cookie set on your machine, the Cookie is sent as part of the HTTP
request header (which also included which browser you are using, which
domain referred you, and about 20 other things. I use these in my own
cgi tracker program) So, if you enter information on, say, Hotmail's
webpage and visit Aminet, the Aminet page CAN NOT see the Cookie.
Absolutely, 100% not. So far, so good...
Now the bad bit.
Critical Point 2: A webpage is made up of a lot of components.
Text, graphics and scripts. These do NOT have to be all on the one
server. Advert banners, for example, are usually stored on the
advertisers' server, or on a central server. Of course, the ad banner
is loaded by HTTP, so it can set/receive Cookies. Let's say you enter
some info on Hotmail's page (eg "I like sports", and a sneaky little
ad banner sets that information as a Cookie.) Now you visit another
page later, with an ad banner on the same server (not Hotmail's page,
but one of their sponsors). You are now looking at www.yahoo.com, but
the ad banner has grabbed your Cookie information, so it knows that
you've been to Hotmail, and also that you like sports. Nasty, eh?
> Well, I helped a person set up his system. Voyager only accepts temp
> cookies.
Temp cookies can still be a hazard, as if you were visiting a lot of
sites with ad banners in one session, they can still get a hold of
your surfing habits. Organisations like doubleclick.com rely on this
method, but are running against legislative problems in the US, due to
the fact that under-16s can have Cookies set, and in US law (wait for
it) they have to have their parents'/guardian's permission to have
information about themselves stored! This could put a lid on this
kind of thing completely.
> We went off surfing and noticed that he was getting (days after) SPAM.
After all that...
It's 99% unlikely that this is due to Cookies. Yes, they can be used
to follow your surfing habits over a single session (temporary
Cookies) or a long period (permanent Cookies), but you are unlikely to
enter your email address on "that kind of site", ie one full of ad
banners.
> There was nothing we did where *I* can see the e-mail address was aquired so
> I am curious how this happened.
Usenet (News) is the cause of a huge amount of SPAM. Spambots (small
programs which strip email addresses from Usenet postings) are still
prevalent, and getting smarter all the time. I know someone who
changed her email address due to SPAM, and immediately used a NOSPAM
entry in her reply address on her new pop account (eg
[EMAIL PROTECTED]), but was inundated with SPAM within a week.
> Cookies?
Unlikely. Really. The other (less likely) cause is through having
your email address in V� set up as a password for anonymous FTP. Some
sites now have an inline FTP:// link, and use server-side scripts to
steal your email address. Not very likely, but possible.
> Anyone please.
I realise this is a huge response, but it follows from 3 separate
Usenet conversations I had earlier this year, so hopefully I've
covered all I know. I'm sure that others can add to it.
Totty <8^)
--
Totty has an Amiga A1200, with 68060/50 and 603e/200 PPC.
32Mb RAM. 8x ATAPI CD. 1.7Gb HD. ShapeShifter V3.10 + OS 7.5.5
_____________________________________________________________
NetConnect mailing list. To unsubscribe, send an 'unsubcribe'
message to <[EMAIL PROTECTED]>
