[2443] in WWW Security List Archive
Re:- cookies and privacy
daemon@ATHENA.MIT.EDU (Rob Hartill)
Wed Jul 17 21:07:52 1996
From: Rob Hartill <hartill@ooo.lanl.gov>
To: jpp@software.net
Date: Wed, 17 Jul 96 16:47:05 MDT
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <2.2.32.19960717222356.014c42a8@mail.software.net>; from "John Pettitt" at Jul 17, 96 3:23 pm
Reply-To: hartill@lanl.gov
Errors-To: owner-www-security@ns2.rutgers.edu
> >They use URLs to do this. The URLs (can) contain random numbers that
> >tie an ad GIF to an advertiser. Look at some doubleclick advertising
> >sites and you'll see (e.g. a subset of us.imdb.com's ads are doubleclick)
> >
> Wrong it uses cookie - I just got a cookie when I hit one of their ads ...
> ad.doubleclick.net FALSE / FALSE 942191940 IAF 8cfe3
ack they do send *a* cookie. Seems to be a 1 off user identifier.
I believe that the random numbers in the URLs are used to tie ads
to advertisers, since they cannot use this one off cookie to determine
which ad you are currently looking at,
e.g
I visit page 1 with random number ad 1234
I visit page 2 with random number ad 2345
I hit the back button and then ad 1234
I'm sent to ad 1234's advertisers page, not 2345's.
(I just tried it and this is the case)
No cookies are sent during this unless page 1 is my first encounter
with doubleclick. Page 2 and subsequent pages do not set cookies...
I'm in their database and the URLs now tell them which advertiser
I should visit if I click on a gif.
> >> When you click the image your browser returns the cookie and they use
> >> it to figure which ad you saw and where to send you.
I suspect they use the one off cookie to track what you've seen. A one
off cookie can't track what you're currently looking at though.
rob
--
Java ... the world's first machine independent virus.
