Illustration of "Web tracking"

HTTP is stateless. How to maintain connection, accounts, form with steps, etc. ?

  • user auth
  • hidden fields
  • url rewriting
  • cookies

HTTP is stateless. How to maintain connection, accounts, form with steps, etc. ?

  • user auth
  • hidden fields
  • url rewriting
  • cookies

HTTP basic auth, Session, Cookies, ...

HTTP has headers for authentication. Requires to register. Data can be stored on the client (browser) with cookies and local storage Sessions are stored in the server side (PHP also add it on the client side with a hashed cookie). Cookies are effective for states: only the user (... or the attacker ...) have it, and it is kept after closing the session. User don't need action, almost no overheat, ...

Ads

  • Old ads = no tracking (pop-up, annoying, ...)
  • New ads = smart (track the user to know what he is interested in

User preferences

It is required for ads to choose good target = Know what they want. Cookies = track an unique user (3rd party cookies, installed from script from other domains like google stats etc.). Also use ETAG (cache control measure, that can be diverted) for user tracking. Also possible to fingerprint the browser (display, fonts, plugins, lang, time, webgl, history, battery, canvas, ...).