How Cookies Work


How Cookies Work

Cookies are pieces of data placed on a computer's hard drive by a web server; they can be used for a variety of purposes. They can store usernames and passwords, for example, so that people don't have to continually log on to a site that requires registration; or they can enable people to fill electronic shopping carts with goods they want to buy. Cookies also store the name of the site that placed the cookie. Only that site can read the cookie information, so information from one site can't be shared with information from another site. Cookie information is put into a special file on a hard disk. The location and files vary according to the type of computer and the browser. On PCs using Netscape, for example, the information is put into a file called COOKIES.TXT. That single text file holds all the cookies, and each cookie is one line of data in the file.



 


How Websites Track Your Activities

Websites track your activities in a number of different ways, most frequently using special software to watch what you're doing. Frequently, a sniffer sits on the Internet and analyzes traffic to the site. This sniffer is a computer that runs software that examines all the TCP/IP packets coming in and out of the website.



 


How Web Bugs Can Invade Your Privacy

A web bug is a piece of HTML code placed on web pages or in email messages that can be used to silently gather information about people, track their Internet travels, and even allow the creator of the bug to secretly read a person's email. In this illustration we'll look at web bugs used in email. Email web bugs can be placed only in HTML email, so the person creating the bug must create an HTML-based email message.



 


How Internet Passports Work

Internet passports are designed to let people decide what personal information they will allow to be released to websites. A variety of technologies are involved with Internet passports, including the Platform for Privacy Preferences (P3P), the Internet Content and Exchange standard (ICE), and the Open Profiling Standard (OPS). The passport lives inside a web browser. A user fills out a profile in the browser, determining what information can be made available to websites, such as name, address, occupation, username and password, and age. The user also decides which type of information about his surfing habits can be shared among websitesand which can't. In this instance, the person has decided that information about what news stories he reads can be shared, but not information about what products he buys.



 


Chapter 49. The Dangers of Spyware and Phishing

These days, possibly the biggest danger you face when you go onto the Internet is spywarea type of malicious software that can invade your privacy and wreak havoc on your PC. Spyware is a relatively new phenomenon; it does not have a long history as do viruses, Trojans, and worms.

Spyware is an umbrella name for many different types of malicious programs. But these kinds of programs have several things in common. First, all of them, one way or another, spy on your behavior. They may watch what web pages you visit, and report that information to a server or person, or may track your web searches. They may allow people to record every keystroke you make. They may open up a "back door" into your computer so that hackers can later take control of your PC when they want.

The second thing they have in common is that they install without your knowledge, or by tricking you. One common way they get on your PC is when you install a piece of software, such as file-sharing software. When you install that software, spyware often comes along for a ride, and installs itself without your knowledge, or misleads you about what the program actually does.

Unlike many viruses, spyware is not created for malicious reasonsit is there to generate cash. One kind of spyware swarms your PC with dozens of pop-up ads, and you most likely click some of them to close them. But every time you click, the spyware purveyor makes money, because he has a business arrangement with a merchant or website to drive traffic to it.

Another kind of lucrative Internet attacks is so-called "phishing"attacks in which you're sent an email from what appears to be a bank, financial institution, or commerce site such as PayPal, Amazon, or eBay, but in fact are forged sites.

The emails warn that you must log on to your account, perhaps to verify information, or perhaps to be sure your account does not expire. You're told to click a link to get to the site. When you get to the site, it looks like the real thing, but it's a spoof. Log on, and all your information is stolen.

Why has phishing become so widespread? Because it pays offbig-time. Fraudsters can make massive amounts of revenue by draining bank accounts and participating in identity theft.

While phishing fraud is widespread, it's actually not that difficult to protect against. Spam filters catch most phishing attempts, and some email programs, such as Outlook, now include built-in anti-phishing tools. Additionally, browsers include anti-phishing tools that warn you when you're about to go to a website that is most likely a spoof. Additionally, there are browser add-ins that you can install that fight spoofs and phishing as well.

But the best protection is the simplest: Never click a link in an email that claims to be from a financial institution, no matter how legitimate the email seems.

Because there is money to be made from surfing, phishing attacks and spyware aren't going away any time soon. But as you'll see in this chapter, anti-spyware can combat them, so there are ways to keep yourself safe, and protect your privacy.