This is old hat to most, but it can be useful to know what web sites know about you (without even logging in to an existing account). For example, the number of items in the history of your current browser window or tab, and your main monitor resolution, are:
height="400" width="400" frameborder="0" scrolling="no">
Sorry, your browser doesn't understand IFrames.
The web page that referred you to a given page is also easily obtainable. Web sites also routinely detect browser plugins, usually so that they can make decisions about how to present content:
height="200" width="400" frameborder="0" scrolling="no">
Sorry, your browser doesn't understand IFrames.
That's the most basic information that very simple HTML and JavaScript can produce. Additional server-side code can expose your IP address, your User Agent (essentially your platform and browser version), and your (not very useful) outgoing port. The combination of just my typical User Agent and monitor resolution, for example, probably puts me in a narrow grouping of something on the order of 1/10 of a percent of surfers on a given site.
These simple features of the HTTP protocol just scratch the surface of what happens daily, and what is ultimately possible. On top of those there are cookies, with a whole spectrum of opinions about whether they are evil or not. Most sites rely on cookies to store login information, session information, etc. Cookies can be a convenience, but do allow silent and uninformed collection of your browsing history at a site, potentially over a long period of time. I suspect that, if informed, most people would presumably choose to at least disable 3rd-party cookies (such as those from ad servers), though surprisingly this is not a standard option in Firefox.
I was also a bit annoyed recently to discover that some sites use your IP address to track a session. I recently tried to re-enter a particular site with a clean slate by clearing my cookies, but the site still reflected earlier choices I had made. It took me a bit to realize that I had to change my IP address to get around it. This is a very bad practice if only because an IP address may often be shared by a number of computers.
Beyond those basics, sharing data across sites has the potential to fingerprint users and computers and track broad behavior, despite good basic practices such as:
• regularly clearing cookies and caches
• regularly changing IP addresses
• blocking images in emails from untrusted sources
• turning off ActiveX (Windows)
• making cautious use of Java and JavaScript
There's usually a trade-off between security and convenience, but the sad bottom line is, as Wired blog 27B Stroke 6 reports today: Internet Doomed. Close Your Browser Now.
Related Posts:
Geolocation
