Content deleted Content added
Expires has wrong case (first letter has to be uppercase) (RCF) |
Pleasancoder (talk | contribs) →Terminologies: Put back in Super cookie. The original reference says it all, though in a terse technical language. The edit history shows much confusions among editors. |
||
Line 35:
For example: Suppose a user visits <code>www.example1.com</code>, which sets a cookie with the ___domain <code>ad.foxytracking.com</code>. When the user later visits <code>www.example2.com</code>, another cookie is set with the ___domain <code>ad.foxytracking.com</code>. Eventually, both of these cookies will be sent to the advertiser when loading their ads or visiting their website. The advertiser can then use these cookies to build up a browsing history of the user across all the websites this advertiser has footprints on.
=== Super cookie ===
A Super cookie is a cookie with a Public Suffix<ref name="publicsuffix">The Public Suffix List is an initiative of Mozilla, ...to Avoid privacy-damaging "supercookies" being set for high-level ___domain name suffixes... [http://publicsuffix.org/ Public Suffix List] Mozilla Foundation</ref> ___domain, like <code>.com</code>, <code>.co.uk</code> or <code>k12.ca.us</code>.[[Public Suffix List]]
Most browsers, by default, allow first-party cookies—a cookie with ___domain to be the same or sub-___domain of the requesting host. For example, a user visiting <code>www.example.com</code> can have a cookie set with ___domain <code>www.example.com</code> or <code>.example.com</code>, but not <code>.com</code> <ref name="bug252342">Fix cookie ___domain checks to not allow .co.uk [https://bugzilla.mozilla.org/show_bug.cgi?id=252342 Mozilla Bug 252342] Mozilla 2004</ref>. A super cookie with ___domain <code>.com</code> would be blocked by browsers; otherwise, a malicious website, like <code>attacker.com</code>, could set a super cookie with ___domain <code>.com</code> and potentially disrupt or impersonate legitimate user requests to <code>example.com</code>. Unfortunately, the Public Suffix List keeps changing. Older versions of browsers will not have the most up-to-date list, and will therefore be vulnerable to certain super cookies.
=== Zombie cookie ===
| |||