COOKIES – How is web tracking done?

Cookies are small files stored in the users computer. Cookies are used for session management, authentication of visitors.

Basic Information:
Standard cookies cannot be more than 255 characters and not more than 4k in disk space. Cookies have 2 mandatory fields: name and value. Expiration time, requirements of secure connection, domain name and path for cookie are generally included in the cookie although they are not mandatory.

Zombie Cookies:Zombie cookies are a huge threat to security. They can create themselves via backup after being created. They can be stored online and as cookie on the machine. Standard cookies are confined to one particular website while Zombie cookies can track activities of multiple websites. They are also browser independent and can track the activities of multiple web browsers.

In terms of space, Zombie cookies can occupy 25 times more space as a standard cookie. Cookies are created using Adobe Local Shared Objects (LSOs). These cookies are managed by the flash plug-in.

Third party Cookies:

Suppose we visit a webpage and that webpage contains images/information from a third party website (some other website), then the cookies created for that third party website is called “third party cookies”. These cookies are sent to the third party sites during the next visit regardless of the context/ page as long as there is information being retrieved from 3 party.

Third parties can insert dummy undetectable images called “web bug” in web pages. So every time a user visits this page, third party cookie is sent back to the third party.

Other Cookies:

Persistent cookies (Tracking cookies): These are used to determine how a user reached a particular website. these cookies can be made permanent using the maxAge option. They are in charge of a lot of useful functionalities such as authentication, language, theme-preferences, in-site bookmarks and favorites.

Session cookies: These cookies expire at the end of each session and do not have any potential negative effects.

There are other cookies such as secure cookies, HttpOnly cookies.

Thank you reading this article on cookies. I am also learning about them along the way. Please feel free to let me know of any mistakes I may have made in the article. Feedback is most welcome!

Thanks

–R

References:

  1. http://resources.infosecinstitute.com/means-and-methods-of-web-tracking-its-effects-on-privacy-and-ways-to-avoid-getting-tracked/
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s