1997-08-08 - Re: Query on cookies

Header Data

From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
To: cypherpunks@toad.com
Message Hash: 2c427a26d4088edcc137b7f6804ce908647b57c7f917ec5e4f74dcc89c246864
Message ID: <R5u3ae3w165w@bwalk.dm.com>
Reply To: <Pine.GSO.3.95.970807093112.4169A-100000@well.com>
UTC Datetime: 1997-08-08 07:59:20 UTC
Raw Date: Fri, 8 Aug 1997 15:59:20 +0800

Raw message

From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 8 Aug 1997 15:59:20 +0800
To: cypherpunks@toad.com
Subject: Re: Query on cookies
In-Reply-To: <Pine.GSO.3.95.970807093112.4169A-100000@well.com>
Message-ID: <R5u3ae3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain



Declan McCullagh <declan@well.com> writes:

> Thanks for the help, folks. This is for an article on privacy I was
> working on, and I found the info I needed. For instance, Netscape's
> explanation of the protocol left me wondering about whether cookies from
> acme.com could be requested by competitor.com.
The answer is YES, although it requires a little work.

Suppose that you point your browser at http://www.A.com/index.html.

Suppose that file contains an <img src="http://www.B.com/X.cgi">.
The CGI file displays a little picture, and also gets or sets a cookie.

Suppose you next browse http://www.C.com/index.html, and it too
contains the same <img src...>.  Since the cookie is "owned" by B.com,
not A.com or C.com, the cgi file can track your movement from A.Com to
B.Com.


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps






Thread