Cookies and Privacy Demonstration

This demonstration will inform the user about cookies and the privacy issues that come along with them.

 

1. Finding the cookies:

a. Hit the start button 

b. Go to search

c. Click on For Files and Folders

d. Search for file or folder titled "cookies" in the C drive (if you browse with Internet Explorer you will get a folder with many individual cookie files in it, with Netscape you will receive a file with all the cookies in it)

 

2. Viewing cookies:

a. (With Netscape) To view the cookies just click on the file titled cookies.  (With Internet Explorer) Click on the folder titled cookies, and the their will be many  files each representing a single cookie.  Click on a cookie that you would like to view.

 

Here is and example cookie from Hotmail in IE

 

    HMP1|1|hotmail.msn.com/|0|1715191808|32107852|3511491552|29421613|*|

3. Example of a cookie

Keep the cookie folder open.  Open the web browser.  Go to the following site:

 

http://eon.harvard.law/ilaw/Privacy/cookies_demo.html

 

Fill the form out and click Send Data.  How do you know I got your cookies.  Go to the web page:

 

http://cyber.law.harvard.edu/cgi-bin/ilaw/test_cookie

 

Now go and look at your cookie folder.  You should see a good number of cookies.  If you look, you should see the one that was just sent to you (it will have "ilaw" in the filename and it will be easier to find if you arrange the icons by date).

 

4.  First-party vs. Third-party 

Not all sites you visit will give you a cookie.  Cookies usually are given by commercial sites in order to keep track of your information when you visit their sites.  When you visit a site and it gives you a cookie, it is called a "first-party" cookie.  But some sites you don't visit will give you a cookie.  When you visit a site, some of the ads you see originate from a different server, and these servers can potentially give you cookies. These are called "third party" cookies. Third party sites may also place a web bug, which is an invisible (to the eye) graphic that allows another server to send you cookies.  This allows advertising firms to trace your browsing behavior without you ever knowing it. Many companies are starting to draft privacy statements to tell their customers what is happening (but who reads them?).

 

5.  Where are these third-party cookies?

To see an example of a third-party cookie, we can change the prompt option in the browser options.  Set your browser to prompt cookies by:

 

(for IE)

a. Hit the tools button

b. Go to internet options

c. Click on the security tab

d. Click on the Custom level

e. Scroll down to cookies and Prompt both stored cookies and per session cookies

 

(for Netscape 4.0 or higher)

 

a. Hit the edit button

b. Go to preferences

c. Double Click on the advanced button

d. Check the warn me about accepting cookies

Now open a new browser and go to www.hotmail.com.  A prompt will come up telling you that this site is going to send you cookies.  If, you click More Info it will tell you who is putting the cookie on your computer.  If, when you click More_Info and the party is hotmail, msn or passport then these are examples of first-party cookies.  If you keep going, login as webbugexample and password cookiedemo. Then sign out at the top right.  Eventually you will come to a third-party cookie.  The two that I have noticed on hotmail.com are popup.com and avenuea.com.  You cannot see these servers on your page, but if you view the source and search for the one that sent you a cookie, you will find it.  If you are familiar with HTML, you will see that they post it up using a invisible image.

6. Protecting yourself vs. cookies with browser options

The browser allows you to protect your privacy by disabling cookies.  To see this:

(for IE)

a. Hit the tools button

b. Go to internet options

c. Click on the security tab

d. Click on the Custom level

e. Scroll down to cookies and Disable both stored cookies and per session cookies

 

(for Netscape 4.0 or higher)

 

a. Hit the edit button

b. Go to preferences

c. Double Click on the advanced button

d. Click on the Disable cookies

Now go back to the web page:

 

cyber.law.harvard.edu/cgi-bin/ilaw/test_cookie

 

You should notice that it did not post any of your data.  This is because the server does not have permission to access your cookies. A disadvantage of this can be seen if you go to www.hotmail.com. Login in as webbugexample with password cookiedemo.  It does not allow you to log in because cookies are disabled.  Some sites require that you enable your cookies or do not let you use their site.  Internet Explore 6.0 will allow a user even more options, which will include differentiating first-party and third-party cookies.  The details can be read here.  

 

7. Protecting yourself vs. cookies with an outside service

There are services that are out there that provide protection for users.  An example of this service is www.anonymizer.com .  We can see that this service works by following the instructions above, but this time enable cookies instead.  After this, go to the following site:

 

www.anonymizer.com

 

Now enter the URL http:\\eon.harvard.law\cgi-bin\ilaw\test_cookie into the Anonymous Web Surfing text box on the anonytmizer web page. Follow the instructions like before. You can see that when you type your information and hit the link, the page does not display it.  The anonymizer has blocked cookies from being sent to you and received from you.  If you subscribe to this service, it will also allow a user to go to site that require cookies, like www.hotmail.com, and still keep you protected.  It does this by encrypting cookies that the website sends to the user.  Anonymizer.com also has other services that can be read here.

 

 

 

 

 

If you have any questions please email Brian Wells