Скачать презентацию Cookies Prof Sheizaf Rafaeli Electronic commerce 1 Скачать презентацию Cookies Prof Sheizaf Rafaeli Electronic commerce 1

1bac978f15b8c733f1b950596f84b78c.ppt

  • Количество слайдов: 37

Cookies Prof. Sheizaf Rafaeli Electronic commerce 1 Cookies Prof. Sheizaf Rafaeli Electronic commerce 1

C is for Cookie Now what starts with the letter C? Cookie starts with C is for Cookie Now what starts with the letter C? Cookie starts with C Let's think of other things That starts with C Oh, who cares about the other things? C is for cookie, that's good enough for me Oh, cookie, cookie starts with C Prof. Sheizaf Rafaeli – E-Business 2

Advantages of maintaining state n n n n Shopping cart applications Customizing and personalizing Advantages of maintaining state n n n n Shopping cart applications Customizing and personalizing content Tracking navigation patterns Creating “subscriber” status Remembering pesky passwords Rewarding frequent or return visits Changing banners and bookmarks Games: remembering scores, high scores, skill levels Prof. Sheizaf Rafaeli – E-Business 3

“Maintaining state” Stored in cookies n Encoded in URL links n Sent in hidden “Maintaining state” Stored in cookies n Encoded in URL links n Sent in hidden form variables n Stored in variables in other (hidden) frames n Stored on the web server (least desirable) n Prof. Sheizaf Rafaeli – E-Business 4

Cookies n n n “Magic cookies” “Persistent client state HTTP cookies” A cookie is Cookies n n n “Magic cookies” “Persistent client state HTTP cookies” A cookie is a small amount of information that a Web site sends to your browser. When your browser receives a cookie, it saves the cookie on your hard drive for future use When you re-visit a site, your browser checks for any pre-defined preferences (cookies) for that particular site. Prof. Sheizaf Rafaeli – E-Business 5

Cookies Enable storing information on the client’s browser for later retrieval n Most powerful Cookies Enable storing information on the client’s browser for later retrieval n Most powerful technique for maintaining state within a web site n Prof. Sheizaf Rafaeli – E-Business 6

Web sites use cookies in many different ways. n Sites can accurately determine how Web sites use cookies in many different ways. n Sites can accurately determine how many people actually visit the site. It turns out that because of proxy servers, caching, concentrators and so on, the only way for a site to accurately count visitors is to set a cookie with a unique ID for each visitor. Using cookies, sites can determine: – How many visitors arrive – How many are new vs. repeat visitors – How often a visitor has visited n n n The first time a visitor arrives, the site creates a new ID in the database and sends the ID as a cookie. The next time the user comes back, the site can increment a counter associated with that ID in the database. Sites can store user preferences (often referred to as customization). E-commerce sites can implement things like shopping carts and "quick checkout" options. It would be impossible to implement a convenient shopping mechanism without cookies or something like them. TRY THIS: http//: computer. howstuffworks. com/history. php Prof. Sheizaf Rafaeli – E-Business 7

Prof. Sheizaf Rafaeli – E-Business 8 Prof. Sheizaf Rafaeli – E-Business 8

Prof. Sheizaf Rafaeli – E-Business 9 Prof. Sheizaf Rafaeli – E-Business 9

Prof. Sheizaf Rafaeli – E-Business 10 Prof. Sheizaf Rafaeli – E-Business 10

Prof. Sheizaf Rafaeli – E-Business 11 Prof. Sheizaf Rafaeli – E-Business 11

Prof. Sheizaf Rafaeli – E-Business 12 Prof. Sheizaf Rafaeli – E-Business 12

Are YOU a voyeur? n Visit – http: //www. metaspy. com (choose red) – Are YOU a voyeur? n Visit – http: //www. metaspy. com (choose red) – http: //voyeur. mckinley. com/cgi-bin/voyeur. cgi – http: //aj. com n Was it interesting? Prof. Sheizaf Rafaeli – E-Business 13

Problems, Constraints and Disadvantages (real) Cookie may not be persistent n May be deleted Problems, Constraints and Disadvantages (real) Cookie may not be persistent n May be deleted by accident or on purpose n may be disallowed or frozen n Browser may impose limitations, distorting the information n Unencrypted, may “give away” secrets n Made to sound scary (see myths) n Prof. Sheizaf Rafaeli – E-Business 14

Where are cookies stored? By Netscape, as “cookies. txt” on Windows machines or as Where are cookies stored? By Netscape, as “cookies. txt” on Windows machines or as “Magic. Cookies” (on Macs) n By Explorer in special directory named Windows/Cookies n By other browsers - wherever they wish n Prof. Sheizaf Rafaeli – E-Business 15

Cookie Myths “The biggest problem seems psychological” n Big brother violating privacy? n Cookies Cookie Myths “The biggest problem seems psychological” n Big brother violating privacy? n Cookies seldom used for this purpose n Cookies cannot be used to get data from your hard drive, your email address or sensitive information about your person n HOWEVER: look at http: //www. doubleclick. com n – “delivering targeted REAL TIME marketing” Prof. Sheizaf Rafaeli – E-Business 16

Web. Bugs (doubleclick’s secret) A hidden active link <img src=“http: //bug. com/1 pix. gif” Web. Bugs (doubleclick’s secret) A hidden active link http: //mysite. com http: //yoursite. com Prof. Sheizaf Rafaeli – E-Business 17

Cookie Myths (2) n Early implementations of Java and Java. Script did allow awful Cookie Myths (2) n Early implementations of Java and Java. Script did allow awful things but for the most part these security leaks have been plugged. n Software limits total size of cookie file: – less than 1. 2 MB – no more than 80 KB per each web site – each site can only access its own Prof. Sheizaf Rafaeli – E-Business 18

Cookie Myths (3) n A site can only access a cookie that has been Cookie Myths (3) n A site can only access a cookie that has been set from its own domain, It cannot access any other cookies from your computer. Prof. Sheizaf Rafaeli – E-Business 19

Still… How do I stop’em? (1) n Use the anonymizer service, at – http: Still… How do I stop’em? (1) n Use the anonymizer service, at – http: //www. anonymizer. com/ n Use Cookie Central’s cookie web kit, at http: //www. cookiecentral. com Prof. Sheizaf Rafaeli – E-Business 20

Still… How do I stop’em? (2) n n Use Cookie Crusher, at: – http: Still… How do I stop’em? (2) n n Use Cookie Crusher, at: – http: //www. thelimitsoft. com/cookie. html Disable cookies. – – – n On Explorer use View-Internet options-Advanced On Netscape: Network - Preferences - Protocol menu delete cookies. txt (or magic. Cookies on Mac), replace with system, hidden, read-only, write protected, zero length file Use Junkbuster, at http: //www. junkbuster. com Prof. Sheizaf Rafaeli – E-Business 21

Netscape’s original cookie specs Netscape is the inventor of cookies. n The original specs Netscape’s original cookie specs Netscape is the inventor of cookies. n The original specs are available at: n – http: //www. netscape. com/newsref/std/cookie_spec. html Prof. Sheizaf Rafaeli – E-Business 22

Using Cookies are stored in name=value pairs n The main functions necessary are: n Using Cookies are stored in name=value pairs n The main functions necessary are: n – Getcookie – Set. Cookie – Clear. Cookie n Cookies save “expire”, “path”, “domain” and “secure” parameters. Prof. Sheizaf Rafaeli – E-Business 23

See example n See example in cookie. favorites. html, at: – http: //www. umich. See example n See example in cookie. favorites. html, at: – http: //www. umich. edu/~cisdept/Grad/CIS 742/c ookies. favorites. html n This program makes use of three different cookies: – View. All toggles between different displays – Show. Options allow setting the page up and viewing in different mode Prof. Sheizaf Rafaeli – E-Business 24

Get. Cookie function //-------------------------------// Get. Cookie - Returns the value of the specified cookie Get. Cookie function //-------------------------------// Get. Cookie - Returns the value of the specified cookie or null // if the cookie doesn't exist //-------------------------------function Get. Cookie(name) { var result = null; var my. Cookie = " " + document. cookie + "; "; var search. Name = " " + name + "="; var start. Of. Cookie = my. Cookie. index. Of(search. Name) var end. Of. Cookie; if (start. Of. Cookie != -1) { start. Of. Cookie += search. Name. length; // skip past cookie name end. Of. Cookie = my. Cookie. index. Of("; ", start. Of. Cookie); result = unescape(my. Cookie. substring(start. Of. Cookie, end. Of. Cookie)); } return result; } //-------------------------------Prof. Sheizaf Rafaeli – E-Business 25

Set Cookie function //-------------------------------// Set. Cookie - Adds or replaces a cookie. Use null Set Cookie function //-------------------------------// Set. Cookie - Adds or replaces a cookie. Use null for parameters // that you don't care about //-------------------------------function Set. Cookie(name, value, expires, path, domain, secure) { var exp. String = ((expires == null) ? "" : ("; expires=" + expires. to. GMTString())) var path. String = ((path == null) ? "" : ("; path=" + path)) var domain. String = ((domain == null) ? "" : ("; domain=" + domain)) var secure. String = ((secure == true) ? "; secure" : "") document. cookie = name + "=" + escape(value) + exp. String + path. String + domain. String + secure. String; } Prof. Sheizaf Rafaeli – E-Business 26

Clear Cookie function //-------------------------------// Clear. Cookie - Removes a cookie by setting an expiration Clear Cookie function //-------------------------------// Clear. Cookie - Removes a cookie by setting an expiration date // three days in the past //-------------------------------function Clear. Cookie(name) { var Three. Days = 3 * 24 * 60 * 1000; var exp. Date = new Date(); exp. Date. set. Time (exp. Date. get. Time() - Three. Days); document. cookie = name + "=Im. Out. Of. Here; expires=" + exp. Date. to. GMTString(); } Prof. Sheizaf Rafaeli – E-Business 27

Future of cookies n The Internet Engineering Task Force (IETF) committee (HTTP Working Group): Future of cookies n The Internet Engineering Task Force (IETF) committee (HTTP Working Group): – Trust Mechanisms and “Proposed HTTP State Management Mechanism”. » http: //www. ietf. cnri. reston. va. us/html. charters/httpcharter. html n Draft specs resemble Netscape’s but more conservative Prof. Sheizaf Rafaeli – E-Business 28

The “Double. Click Controversy” Profiling Prof. Sheizaf Rafaeli – E-Business 29 The “Double. Click Controversy” Profiling Prof. Sheizaf Rafaeli – E-Business 29

Double. Click Personal data sent to Double. Click servers includes: ·My Email address ·My Double. Click Personal data sent to Double. Click servers includes: ·My Email address ·My full name ·My mailing address (street, city, state, and Zip code) ·My phone number Transactional data sent to Double. Click includes: ·Names of VHS movies I am interested in buying ·Details of a plane trip ·Search phrases used at search engines ·Health conditions See Richard Smith’s http: //users. rcn. com/rms 2000/privacy/ Prof. Sheizaf Rafaeli – E-Business 30

Double Click n Alta. Vista Yellow Pages -- Complete home address (Fixed January 2000) Double Click n Alta. Vista Yellow Pages -- Complete home address (Fixed January 2000) Banner ad URL: http: //live. av. com/scripts/search. dll? ep=7&gca=address&orderby=distance&sstreet=172 +mason+terr&scity=brookline&sstate=MA&szip=02446&scountry=USA&query=sins a&qname=&sic=&ck=&userid=130782922&userpw=. &uh=130782922, 0, &ccity=brook line&cstate=MA&ver=hb 1. 2. 2 Referring URL: http: //ad. doubleclick. net/ad/my. av. com/findanything; sz=468 x 60; ord=8089440000 n Real. Networks -- Registration information (Fixed December 1999) Banner ad URL: http: //ad. doubleclick. net/ad/real. networks/banner; sect=download; sz=468 x 60; ord=4296? Referring URL: http: //proforma. real. com/real/player. html? RApromo=&language=English&s=1& dc=161514&src=000103 realhome%2 Cnav%2 C 991228 choice&first_name=Richard&la st_name=Smith&email=smiths@tiac. net&country=US&product=&platform=Windows +98&speed=Pentium&connection=256+kbps+x. DSL%2 FCable¬ices=Yes Prof. Sheizaf Rafaeli – E-Business 31

Double Click n Alta. Vista -- Search string Banner ad URL: http: //ad. doubleclick. Double Click n Alta. Vista -- Search string Banner ad URL: http: //ad. doubleclick. net/adi/altavista. digital. com/result_front; kw=sports+cars; cat=stext; ord=203730 346 Referring URL: http: //www. altavista. com/cgibin/query? pg=q&sc=on&hl=on&q=sports+cars&kl=XX&stype=stext&search. x=39&search. y=11 n Travelocity -- Plane trip information Banner ad URL: http: //ad. doubleclick. net/ad/travelocity. TRAVELOCITY. com/aircairline; orig=BOS; dest=LAS Referring URL: http: //dps 1. travelocity. com: 80/lognguest. ctl? SEQ=950480201958005 n Buy. com -- Movie title Banner ad URL: http: //ad. doubleclick. net/ad/buy. videos. sm/videossearch; kw=enemy+of+the+state; cat=videos-search; sz=120 x 90; title=1; num=123456? Referring URL: http: //www. buy. com/videos/searchresults. asp? searchtype=1&format=1&qu=enemy+of+the+state n drkoop. com -- Health condition information Banner ad URL: http: //ad. doubleclick. net/ad/dr. koop. dart/diabetes; sz=120 x 60; ord=870204? Referring URL: http: //www. drkoop. com/conditions/diabetes/ n Amazon/Internet Moive Database (IMDb) -- Movie SKU Banner ad URL: http: //ad. doubleclick. net/ad/www. imdb. com/Title; p=Title; sz=468 x 60; kw=76759; g=Sci; g=Act; g=Adv ; ord=145171 Prof. Sheizaf Rafaeli – E-Business 32 Referring URL: http: //us. imdb. com/Title? 0076759

Double Click n Health. Central -- Email address Banner ad URL: http: //ad. doubleclick. Double Click n Health. Central -- Email address Banner ad URL: http: //ad. doubleclick. net/adi/www. healthcentral. com/newsletters/main; cat=health; ; ord=130 65 Referring URL: http: //www. healthcentral. com/newsletters. cfm? primaryemail=smiths@tiac. net&News. Le tter. Type=Specific&Subscription=Dr. +Dean+Digest&x=37&y=12 n Amazon/Internet Moive Database (IMDb) -- Birthday Banner ad URL: http: //ad. doubleclick. net/ad/www. imdb. com/On. This. Day; p=On. This. Day; sz=468 x 60; ord=142577 Referring URL: http: //us. imdb. com/On. This. Day? day=28&month=November n Travelocity -- Email address Banner ad URL: http: //m. doubleclick. net/viewad/59705 -295964 options_old. gif Referring URL: http: //dps 1. travelocity. com/promoptout. ctl? email=smiths@TIAC. NET Prof. Sheizaf Rafaeli – E-Business 33

Doubleclick, 24/7, Link Exchange, Engage n n n Hundreds of publishers and dozens of Doubleclick, 24/7, Link Exchange, Engage n n n Hundreds of publishers and dozens of networks DART-- direct ad serving technology, Closed loop, Local, international, “boomerang” “can break profiles down into as many as 800 different interest categories. “ Merging with other databases? Stalking suit? Prof. Sheizaf Rafaeli – E-Business 34

More cookie information n Andy’s Cookie pages, at: – http: //www. illuminatus. com/cookie. fcgi More cookie information n Andy’s Cookie pages, at: – http: //www. illuminatus. com/cookie. fcgi n Cookie Central – http: //www. cookiecentral. com n Alternative browsers’ support for cookies, at: – http: //www. research. digital. com/nsl/formtest/st ats-by-test/Netscape. Cookie. html Prof. Sheizaf Rafaeli – E-Business 35

And even more. . . n n n http: //www. cnet. com/Content/Voices/Barr/042996 /index. html And even more. . . n n n http: //www. cnet. com/Content/Voices/Barr/042996 /index. html The. Truth about cookies (from C|Net). http: //www. jasmin. com/cook 0696. html Jasmin: Making it Personal with Cookies http: //www. emf. net/~mal/cookiesinfo. html Malcolm's Guide to Persistent Cookies resources http: //www. cam. org/~githerr/privacy. htm Privacy and protection on the Internet http: //www. anonymizer. com/ Anonymous Surfing Prof. Sheizaf Rafaeli – E-Business 36

More resources n See Junkbusters: n http: //www. junkbusters. com/ht/en/ijbfaq. html Privacy Foundation http: More resources n See Junkbusters: n http: //www. junkbusters. com/ht/en/ijbfaq. html Privacy Foundation http: //www. privacyfoundation. org/index. cfm Prof. Sheizaf Rafaeli – E-Business 37