Can Tracking Cookies break Anonymity?

Discussion in 'privacy problems' started by Cutting_Edgetech, May 8, 2012.

Thread Status:
Not open for further replies.
  1. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,371
    Location:
    West Yorkshire, UK
    This is a topic I am familiar with as a web developer as we actually check ip addresses do not change to reduce fraudulent/hijacked/automated registrations and it has been know to break with AOL users even as recent as 2011.

    You need to transmit your IP address to a website initially before the server sends any information back (how else will it know where to send the return data), so a tracking cookie only needs to hold a unique id and everytime that cookie is read you can be associated with your current ip address.

    If you changed your connection whilst in the SAME browsing session, the session will not automatically change (unless the server is coded to match session and IP addresses) and as a result your different IP addresses will be transmitted to the webserver, no tracking cookie needed and be associated as the same user because the session has not changed.
    And note you can track session from cookie OR using querystring appended to the end of the URL (like Wilderssecurity does for unauthenticated users).

    The only safe way is to destroy active browsing sessions and cookies when changing IP address.

    Cheers, Nick.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.