IP: The Cookie Leak Security Hole in HTML Email messages

[Dave Farber <farber () cis upenn edu>]

> From: "Bill Burgos" <onomrbil () gol com>
> Organization: White Bear
> To: Dave Farber <farber () cis upenn edu>
> Date: Sat, 4 Dec 1999 23:16:20 +0900
>
>
>
> Richard M. Smith (smiths () tiac net)
> November 30, 1999
>
> Since the invention of Web browser cookies by Netscape, the claim has always
> been made that they are
> anonymous and cannot be associated with any personal information unless
> someone provides this
> information.
>
> In this write-up, I will present a technique in which browser cookies can be
> matched to Email addresses
> without people's knowledge. The technique relies on a security hole that is
> present in both Microsoft's
> Internet Explorer browser and Netscape's Navigator browser. This technique
> can be used, for example, to
> allow a banner ad company to associate an Email address with a "anonymous"
> profile that has been created
> for a person as they surf the Web. Once a banner ad company has an Email
> address tied to a profile, they
> can provide a service to advertisers of customized ads in "junk" Email
> message. These ads can be based on
> profiles previously created from Web site visits. In addition, banner ad
> companies can offer the service of
> sending out "junk" Email messages to people who visit a particular Web site.
> This last service makes Web
> surfing much less private.
>
>
> <snip>
>
>
> http://www.tiac.net/users/smiths/privacy/cookleak.htm
>
> Bill
> onomrbil () gol com
> mailto:onomrbil () gol com