<p> ECE4112 Internetwork Security Tracking Cookies Group Number: ______Member Names: ______</p><p>Date Assigned: Date Due: Last Edited: December 3, 2007 Lab by: Phillip Shatzman and Jeff Magee</p><p>Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in the Answer Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the Date Due.</p><p>Goal: The goal of this lab is to introduce you to the concepts and theory behind what tracking cookies are, what they can do, and how they work.</p><p>Summary: You will be given a background on what tracking cookies are and how they work. You will then see these concepts in action as you visit a series of web pages. This will be followed by analysis of the JavaScript code which reads and sets cookies. The lab concludes with ways to prevent tracking cookies from getting on your computer and how to remove them once on there.</p><p>Setup: This lab requires apache to be setup on the RedHat WS 4.0 machine. Instructions for this can be found in the Web Security lab, Section 0. This lab also requires the use of the Windows XP virtual machine in Section 4. Background and Theory:</p><p>Tracking Cookies In web security there is a type of cookie known as a tracking cookie. These cookies typically track your internet browsing for various reasons. Most of these reasons are for marketing purposes, such as an online retailer looking into a tracking cookie on your computer and seeing what type of products you have been viewing. The website can then look into its inventory and prominently display the types of products you like. Obviously, the reason above is non-malicious, and many people feel like the internet is enriched because of this. There are some companies that use the data for reasons that may not be as nice as pure marketing. A tracking cookie may track your internet habits and then be compiled in a database where your habits can be viewed by companies that </p><p>1 want to know this information. This is a serious breach of privacy. There are several ways to deal with these cookies outlined during the lab. </p><p>Websites can also store more than one cookie on your computer. For example, if you are to visit one of the major tracking cookie websites (e.g. a company such as Link4Ads), you will notice that many different companies tracking cookies are on your computer. </p><p>Tracking cookies do not necessarily have to come from the website you are currently visiting either. If you are browsing the web and a pop-up banner appears, there is a good chance that a “third-party” cookie was added. Most of the serious tracking cookie companies use these type of ads to spread these cookies around (for example, DoubleClick). Whenever you are surfing the web it is nice to have the piece of mind that all of your actions are not being compiled for some company to use for its own profit. </p><p>Prelab Questions: None.</p><p>2 Download the file cookie_webpages.tar.gz from the server and unzip them in to your apache2/htdocs/4112/ directory. When unzipped you should have four new folders (ads, casino, florida, retire) created in your 4112 directory. Each of these folders acts as a separate domain.</p><p>Section 1: Cookies in action</p><p>In this section you will visit several websites made to demonstrate how advertisers might use cookies to track and target advertisements to people. The websites are as follows (where <your IP address> is replaced with the IP of your Redhat WS 4.0 machine):</p><p> http://<your IP address>/ece4112/florida/index.html A mock website about Florida.  http://<your IP address>/ece4112/casino/index.html A mock website about casinos.  http://<your IP address>/ece4112/retire/index.html A mock website about retirement.</p><p>You may want to bookmark these webpages as you will be visiting them frequently in this lab (in Firefox, Ctrl+D).</p><p>Depending on which webpages you visit and in which order, advertisements will change such that they correspond with past websites you have visited.</p><p>Visiting the webpages:</p><p>Open up Mozilla and in the address bar go to: http://<your IP address>/ece4112/florida/index.html</p><p>The webpage will contain three frames. The top will be a welcome message with the topic of the webpage. The middle will contain an advertisement. The bottom will contain random information about the topic of interest.</p><p>Question 1.1: What is the advertisement you see about? (It is underlined.)</p><p>Now go to http://<your IP address>>/ece4112/casino/index.html</p><p>Question 1.2: What is the advertisement you see about?</p><p>Clear the cookie set by the webpage from Mozilla.</p><p> In Mozilla, click on Edit  Preferences</p><p>3  In the top menu bar with all the icons, click on the image of the Lock (Privacy)  Click on the “Cookies” tab  Click the “View Cookies” button  Under the “Site” column, find localhost and click on the folder  Click the Remove Cookie button at the bottom of the window  Click “Close” twice to return to browser window.</p><p>Close and re-open Mozilla. Now go back to the casino website: http://<your IP address>/ece4112/casino/index.html</p><p>Question 1.3: Is the advertisement the same as before? Why or Why not? (see text below for hints)</p><p>Feel free to browse each of the websites in any order you want. Each time you visit a website, information is stored, via cookie, to note where you have been. Eventually, after visiting all three websites, you will see the same advertisement no matter where you go until you clear the cookie.</p><p>Section 2: Making Cookies (with computer code)</p><p>We know that cookies can only be read from domains with the same name. Yet here we are visiting three webpages with different “domains” (florida, casino, retire) and all are able to share data regarding where you have been. To try and figure out how this is accomplished, go to the Florida webpage:</p><p> http://<your IP address>/ece4112/florida/index.html</p><p>Since the middle frame is the advertisement frame, it would be logical to assume we can see how exactly the cookie process works by viewing the source of this frame. Inside the middle frame of the webpage:</p><p> Right Click the mouse  Click “This Frame”  Click “View Frame Source”</p><p>There appears to be no code in there which does anything other than display the text of the advertisement. This is because the webpage responsible for reading and storing cookie information redirects the user to a different location containing the advertisement.</p><p>You’ll notice that each frame has a separate webpage source. This is a common practice on many webpages, especially with advertisers. However, by using more complex functions, it is not as apparent as the three separate frames used here.</p><p>4 View the source of the florida/index.html webpage to answer the next question.</p><p>Question 2.1: What is the webpage that is responsible for carrying out the cookie operations and redirecting you?</p><p>Now that we know the actual webpage that is the “brains” behind the operation…</p><p>Question 2.2: How are all three webpages able to access the same cookie? (Hint: You may want to view the source of the other index.html pages and see what they have in common.)</p><p>To see how everything works lets take a look at code of the cookie management page which we found in the answer to Question 2.1. </p><p>Open Mozilla, type in the webpage to the address bar, and press enter.</p><p>You should have been redirected to the advertisement page automatically and now see the same thing which was in the middle frame of the index.html page. Viewing the source once again doesn’t give you any information. Anytime something “complex” like this is done, chances are it is because of some script language. In this case, javascript is used to redirect people who visit that webpage elsewhere.</p><p>While redirection is not always the case, it does present one complication in trying to decipher how webpages use cookies and how the code works. Fortunately for us, the webpage is stored on our hard drive (and is provided in Appendix B) so we can view the code easily using a text editor.</p><p>Question 2.3: If we didn’t have the webpage stored on our hard drive, how could we get around the automatic redirection so that we can view the webpage source?</p><p>The next few questions involve analyzing code located in Appendix B. This code may look familiar. It was used in the Web Security lab and has been modified to fit our purpose. Within the code there are comment lines to make it easy for you to find the sections of code the questions are referring to. The questions should step you through so that you can figure out exactly how the webpages are tracking you.</p><p>On a side note, it is often very helpful when debugging/deciphering code to display the values of variables to the screen. In javascript this can be done using the alert() function. For example, if you want to know the value of the variable foo, adding the line of code: alert(“Foo is “+foo); will display in a pop-up dialog box: “Foo is ” followed by the value of foo.</p><p>5 Question 2.4: What does the if statement “if (CookiePieces[0].substring(0,1) == ' ' )” do?</p><p>Question 2.5: What code/variable contains the name of the cookie? What is the cookie name used?</p><p>Question 2.6: What code/variable contains the value of the cookie?</p><p>Question 2.7: Assuming the if statements are not taken, what does the line “else window.location.href=returnval+".html"” do?</p><p>Question 2.8: Given what has been learned by answer the above questions, how are users tracked (by this method) when going from website to website? Include which cookie field is being manipulated and how the field is changed depending on the website visited.</p><p>Question 2.9: Would it be possible to track a user using a method other than manipulating the cookie field used in this example? If yes, how? If no, why not?</p><p>Section 3: Cookie Defenses</p><p>Firefox can be found at the following website: www.mozilla.com/ firefox /</p><p>Despite the fact that these particular types of cookies don’t do any real harm, it can easily be seen as an invasion of privacy and undesirable to have them on your computer. Below are several options on how to prevent tracking cookies from getting on your system and removing any that are already present.</p><p>The directions listed below can be performed on the RedHat WS 4.0 machine with Mozilla Firefox. The same methods of preventing / removing cookies should be available on most other browsers. For information on how to perform the methods listed below on Internet Explorer, see Appendix C.</p><p>Delete all cookies on browser close For this method, while you are browsing the internet, cookies can be stored on your computer and you may be “tracked”. However, after closing, all websites will forget who you are. The positive is the next time you open your browser, no website will know where you have been previously, and you get a clean slate. The negative is that websites </p><p>6 which you may want to remember you (via username and password for example) won’t know who you are either, and you will need to re-enter your account information.</p><p>Visit the Florida webpage and then the casino webpage. It should show an ad about a casino in Florida or (if you also visited the retirement page recently) an ad about a casino retirement home in Florida.</p><p>To set the cookies so they clear upon closing.</p><p> In Mozilla, click on Edit  Preferences  In the top menu bar with all the icons, click on the image of the Lock (Privacy)  Towards the bottom of the window, click the “Settings…” button  Under Private Data, check the box next to “Cookies”  Under Settings, check the box next to “Clear private data when closing Firefox”  Click OK.  Click Close.</p><p>Now close Firefox. If the “Ask me before clearing private data” box was checked (default) it will prompt you to clear your private data. Click the box with the green check titled “Clear Private Data Now”.</p><p>Re-open Firefox and visit the casino webpage.</p><p>Question 3.1: Did clearing the cookies work? (Do you now see an ad only about casinos?)</p><p>If you now go to the Florida webpage, once again you will be “tracked” and the Florida casino add will appear.</p><p>Undo the changes to Firefox just made by un-checking the “Clear private data when closing Firefox” button.</p><p>“Learning” (aka, deal with it as they come) In reality, there is no “learning” done by this method, but rather manually blocking unwanted cookies as they appear on your system. Once a domain is blocked, it will be unable to store cookies on your computer.</p><p>Once again, visit the Florida and casino webpages. To block a domain.</p><p> In Mozilla, click on Edit  Preferences  In the top menu bar with all the icons, click on the image of the Lock (Privacy)  Click the “Cookies” tab</p><p>7 This first method of manually blocking domains is the most common way for most browsers to individually block cookies.</p><p> Click the “View Cookies” button  Look at the name of the site that set the cookie. Usually it will be <something>.com. After remembering the name of the site, click Close.  Click the exceptions button  Type the site name (localhost in our case) in the box titled “Address of web site:”.  Click “Block”. Click Close.</p><p>Visit the retirement website.</p><p>Question 3.2: Do you see a combined message ad (ex. Florida/casino/retirement) or a single purpose ad (just retirement)?</p><p>Question 3.3: Is the cookie that was previously stored still on the computer?</p><p>Alternatively you could have done the following:</p><p> In Mozilla, click on Edit  Preferences  In the top menu bar with all the icons, click on the image of the Lock (Privacy)  Click the “Cookies” tab  Check the box next to “unless I have removed cookies set by the site”  Click the “View Cookies” button  Click on the unwanted cookie.  Click the “Remove Cookie” button at the bottom. Click Close.</p><p>Firefox has now automatically removed the cookie and added it to the “blocked” list.</p><p>A reverse approach (learning which cookies to accept) can be done by blocking all cookies (see next section) and adding to the Exceptions list only those cookies you want on your computer.</p><p>Undo the changes done in Firefox by removing the domain “localhost” from the blocked list. Remove the localhost cookie if it is not already removed.</p><p>Block All Cookies This option is the most effective, but also the most extreme and thus, can cause the most headaches. Since cookies do have a valid purpose and many websites require them, this method can make surfing the web a large pain.</p><p> In Mozilla, click on Edit  Preferences</p><p>8  In the top menu bar with all the icons, click on the image of the Lock (Privacy)  Click the “Cookies” tab  Uncheck the box next to “Allow sites to set Cookies”  Click Close</p><p>Visit all three webpages.</p><p>Question 3.4: At any time did you see a combined message ad?</p><p>Question 3.5: Was the cookie ever able to make it on to the computer? </p><p>Section 4: Spybot – Search and Destroy (A Non- Browser Tracking Cookie Solution)</p><p>Web browsers only provide limited control over cookies, and most of the “control” is just blocking all of a certain type of cookie. Thankfully, most cookies on the internet are purely to provide services to the user. While there is the option to block all cookies, this severely limits the power of the internet. There is a third-party solution to help with this problem. This is a program known as “Spybot – Search and Destroy”, or simply just Spybot. Spybot is freeware, so costs are not an issue. For personal use, Spybot can be downloaded from http://www.safer-networking.org/. </p><p>This experiment will be done on your Windows XP virtual machine.</p><p> Start up your Windows XP virtual machine  Download from the NAS server to your XP machine the following files: “Firefox Setup 2.0.0.11.exe”, “spybotsd15.exe”, “spybotsd_includes.exe”, and “cookies.txt”. They will be included in the cookies_spybot.zip file.  Using basic Windows installation techniques, install Firefox Setup 2.0.0.11.exe.  Using basic Windows installation techniques, install spybotsd15.exe.  Using basic Windows installation techniques, install spybotsd_includes.exe.  Assuming you installed Firefox with default settings, put the cookies.txt file into this directory: “C:\Documents and Settings\<user name>\Application Data\Mozilla\Firefox\Profiles\<random characters>.default”</p><p>After installation, run Spybot; then click on the “Mode” menu at the top and choose advanced user. Then on the left-pane choose the settings block. Inside settings choose “File Sets”. Once inside the menu, the scanning options can be selected. Since all we want is to use this software for tracking cookies, un-select all the options except </p><p>9 “cookies.sbi”. If you have done everything correctly then your screen should look like the below screenshot.</p><p>At this point, go back into the main menu and choose “Check for problems”. The scan should go very fast since you deselected all the scans except for “Cookies.sbi”.</p><p>Question 4.1: How many separate tracking cookies did Spybot discover (there should be four domains)?</p><p>After the scan is complete, your computer can be disinfected from the current tracking cookies by simply clicking the “Fix selected problems” button at the top (make sure you have check marks by all of the cookies). </p><p>10 Obviously Spybot can be used to help with many security issues, but for this lab we are only focusing on cookies</p><p>The problem with Spybot is that it is not a real time search program. After the domains of the bad cookies are determined during the search, the “learning mode” cookie blocking technique will need to be used discussed in lab section 3.</p><p>Proactive prevention of tracking cookie</p><p>There is one proactive measure which Spybot has; it is called “Immunization”. This feature consists of a list of websites which are known to be bad. Once the user chooses to immunize their system, Spybot automatically adds registry entries to block cookies or harmful scripts from running in Internet Explorer. This feature only blocks sites in Internet Explorer since Firefox handles its settings and cookie management differently.</p><p>To immunize your computer, simply click the “Immunize” button on the left side of the screen. Spybot will automatically immunize everything it can.</p><p>11 Appendix A: Index Webpage Code florida\index.html code <html> <frameset rows=”20%,15%,65%”> <frame src=”welcome.html”> <frame src=”http://localhost/ece4112/ads/determineadflorida.html”> <frame src=”info.html”> </frameset> </html> casino\index.html code <frameset rows=”20%,15%,65%”> <frame src=”welcome.html”> <frame src=”http://localhost/ece4112/ads/determineadcasino.html”> <frame src=”info.html”> </frameset> </html> retire\index.html code <frameset rows=”20%,15%,65%”> <frame src=”welcome.html”> <frame src=”http://localhost/ece4112/ads/determineadretire.html”> <frame src=”info.html”> </frameset> </html></p><p>12 Appendix B: Cookie Code</p><p>Common Code: <script language="Javascript"> function checkCookie(){ //Initialization of variables to be used var lf = "\n"; //character for next line var CookieString = document.cookie; var CookieSet = CookieString.split(';'); var SetSize = CookieSet.length; var CookiePieces; var ReturnValue=""; //set default return value var x = 0;</p><p>//Strips away all extra cookie information past the ‘;’ //and splits apart information separated by ‘=’ for (x = 0; ((x < SetSize) && (ReturnValue == "")); x++){ CookiePieces = CookieSet[x].split('=');</p><p>//Code Questions #2.4-2.6 if (CookiePieces[0].substring(0,1) == ' ' ){ CookiePieces[0] = CookiePieces[0].substring(1, CookiePieces[0].length); }//end if if (CookiePieces[0] == "ad1"){ ReturnValue = CookiePieces[1]; }//end if }//end for return ReturnValue; }//end checkCookie() function SetCookie(cookieName,cookieValue,nDays){ var today = new Date(); var expire = new Date(); if (nDays==null || nDays==0) nDays ==1; expire.setTime(today.getTime() + 3600000*24*nDays); document.cookie = cookieName+"="+escape(cookieValue) +";expires="+expire.toGMTString(); } var returnval = checkCookie();</p><p>13 Unique Code: florida <COMMON CODE> if (returnval == ""){ // no cookie found SetCookie("ad1","florida",100); returnval="florida";} if (returnval == "casino"){ SetCookie("ad1","floridacasino",100); window.location.href="floridacasino.html";} else if (returnval == "retire"){ SetCookie("ad1","floridaretire",100); window.location.href="floridaretire.html";} else if (returnval == "casinoretire"){ SetCookie("ad1","floridacasinoretire",100); window.location.href="floridacasinoretire.html";} //Code Question 2.7 else window.location.href=returnval+".html" </script> casino <COMMON CODE> if (returnval == ""){ // no cookie found, relocate to login.php SetCookie("ad1","casino",100); returnval="casino";} if (returnval == "florida"){ SetCookie("ad1","floridacasino",100); window.location.href="floridacasino.html";} else if (returnval == "retire"){ SetCookie("ad1","casinoretire",100); window.location.href="casinoretire.html";} else if (returnval == "floridaretire"){ SetCookie("ad1","floridacasinoretire",100); window.location.href="floridacasinoretire.html";} else { window.location.href=returnval+".html";} </script> retire <COMMON CODE> if (returnval == ""){ // no cookie found, relocate to login.php SetCookie("ad1","retire",100); returnval="retire";} if (returnval == "florida"){ SetCookie("ad1","floridaretire",100); window.location.href="floridaretire.html";} else if (returnval == "casino"){ SetCookie("ad1","casinoretire",100); window.location.href="casinoretire.html";} else if (returnval == "floridacasino"){ SetCookie("ad1","floridacasinoretire",100); window.location.href="floridacasinoretire.html";} else window.location.href=returnval+".html" </script></p><p>14 Appendix C: Internet Explorer Cookie Settings</p><p>Internet Explorer (all recent versions of IE have identical setting options) has similar features to Firefox to add cookie privacy. </p><p> In Internet Explorer, click on Tools  Internet Options  Click on the “Privacy” tab.  You should a menu similar to the screenshot below.</p><p>The default settings are displayed. As can be seen, Internet Explorer actually has a more robust cookie prevention system than Firefox. The sliding bar has many different settings which are displayed below.</p><p>15 This system is more user friendly for people who are not as familiar with net security because they can simply choose what setting they like and nothing else is needed to be done. </p><p>Similarly to Firefox though, clicking the “Sites” button enables websites to be added to the always blocked or accepted list. This was referred to as “learning mode” in the lab. </p><p>16 Answer Sheet</p><p>Group Number:______</p><p>Member Names: ______</p><p>Section 1: Cookies in action</p><p>Question 1.1: What is the advertisement you see about? (It is underlined.)</p><p>Question 1.2: What is the advertisement you see about?</p><p>Question 1.3: Is the advertisement the same as before? Why or Why not?</p><p>Section 2: Making Cookies (with computer code)</p><p>Question 2.1: What is the webpage that is responsible for carrying out the cookie operations and redirecting you?</p><p>Question 2.2: How are all three webpages able to access the same cookie? (Hint: You may want to view the source of the other index.html pages and see what they have in common.)</p><p>17 Question 2.3: If we didn’t have the webpage stored on our hard drive, how could we get around the automatic redirection so that we can view the webpage source?</p><p>Section 2 Code Questions</p><p>Question 2.4: What does the if statement “if (CookiePieces[0].substring(0,1) == ' ' )” do?</p><p>Question 2.5: What code/variable contains the name of the cookie? What is the cookie name used?</p><p>Question 2.6: What code/variable contains the value of the cookie?</p><p>Question 2.7: Assuming the if statements are not taken, what does the line “else window.location.href=returnval+".html"” do?</p><p>Question 2.8: Given what has been learned by answer the above questions, how are users tracked (by this method) when going from website to website? Include which cookie field is being manipulated and how the field is changed depending on the website visited.</p><p>18 Question 2.9: Would it be possible to track a user using a method other than manipulating the cookie field used in this example? If yes, how? If no, why not?</p><p>Section 3: Cookie Defenses</p><p>Question 3.1: Did clearing the cookies work? (Do you now see an ad only about casinos?)</p><p>Question 3.2: Do you see a combined message ad (ex. Florida/casino/retirement) or a single purpose ad (just retirement)?</p><p>Question 3.3: Is the cookie that was previously stored still on the computer?</p><p>Question 3.4: At any time did you see a combined message ad?</p><p>Question 3.5: Was the cookie ever able to make it on to the computer?</p><p>Section 4: Spybot – Search and Destroy (A Non- Browser Tracking Cookie Solution)</p><p>Question 4.1: How many separate tracking cookies did Spybot discover (there should be four domains)?</p><p>19 How long did it take you to complete this lab? Was it an appropriate length lab? </p><p>What corrections and/or improvements do you suggest for this lab? Please be very specific and if you add new material give the exact wording and instructions you would give to future students in the new lab handout. You may cross out and edit the text of the lab on previous pages to make minor corrections/suggestions. General suggestions like add tool xyz to do more capable scanning will not be awarded extras points even if the statement is totally true. Specific text that could be cut and pasted into this lab, completed exercises, and completed solutions may be awarded additional credit. Thus if tool xyz adds a capability or additional or better learning experience for future students here is what you need to do. You should add that tool to the lab by writing new detailed lab instructions on where to get the tool, how to install it, how to run it, what exactly to do with it in our lab, example outputs, etc. You must prove with what you turn in that you actually did the lab improvement yourself. Screen shots and output hardcopy are a good way to demonstrate that you actually completed your suggested enhancements. The lab addition section must start with the form “laboratory Additions Cover Sheet” which may be found on the class web site.</p><p>Turn-in checklist You need to turn in:</p><p> Answer sheet.  Any corrections or additions to the lab.</p><p>20 TA Instructions</p><p>Load two zip (tar.gz) files on to NAS server for students to download.</p><p>21 Answer Key for TAs</p><p>Group Number:___00______</p><p>Member Names: ____ANSWER______KEY______</p><p>Section 1: Cookies in action</p><p>Question 1.1: What is the advertisement you see about? (It is underlined.)</p><p>Florida</p><p>Question 1.2: What is the advertisement you see about?</p><p>Florida Casino</p><p>Question 1.3: Is the advertisement the same as before? Why or Why not? The ad is different. By removing the cookie, you reset the tracking information collected by the webpage. It now doesn’t know where you have been, so it shows the casino ad.</p><p>If the student answers that it is the same, they probably did not close the browser and instead hit refresh. Section 2: Making Cookies (with computer code)</p><p>Question 2.1: What is the webpage that is responsible for carrying out the cookie operations and redirecting you? http://localhost/4112/ads/determineadflorida.html Also acceptable answers, replace the end with determineadcasino.html or determineadretire.html</p><p>Question 2.2: How are all three webpages able to access the same cookie? (Hint: You may want to view the source of the other index.html pages and see what they have in common.)</p><p>The advertisements all link to the same domain (“ad”). Despite the fact that you are actually going to 3 different domains, each of those pages references the same “ad” domain.</p><p>22 Question 2.3: If we didn’t have the webpage stored on our hard drive, how could we get around the automatic redirection so that we can view the webpage source?</p><p>Multiple Answers Possible: Disable javascript, Disable browser redirection, use command prompt to get the webpage via text browser, possible others.</p><p>Section 2 Code Questions</p><p>Question 2.4: What does the if statement “if (CookiePieces[0].substring(0,1) == ' ' )” do?</p><p>If there are blank spaces in the name of the cookie, it removes them. Thus, for the program a cookie named “ name”, “ name” and “name” all look the same.</p><p>Question 2.5: What code/variable contains the name of the cookie? What is the cookie name used?</p><p>CookiePieces[0] Cookie Name is “ad1”</p><p>Question 2.6: What code/variable contains the value of the cookie?</p><p>CookiePieces[1] also acceptable, returnval, CheckCookie()</p><p>Question 2.7: Assuming the if statements are not taken, what does the line “else window.location.href=returnval+".html"” do?</p><p>It sends the browser to a webpage with the title of the cookie value. For example, with a cookie value of florida, it goes to florida.html. If the cookie value was foo, it would go to foo.html.</p><p>Question 2.8: Given what has been learned by answer the above questions, how are users tracked (by this method) when going from website to website? Include which cookie field is being manipulated and how the field is changed depending on the website visited. Key words in bold: The value field of the cookie is changed each time the user visits a new website. Visiting a new website adds to the current value of the cookie. Visiting florida then casino sets the value to floridacasino. Casino then retirement sets the value to casinoretirement. Visiting all three sets it to floridacasinoretirement</p><p>23 Question 2.9: Would it be possible to track a user using a method other than manipulating the cookie field used in this example? If yes, how? If no, why not?</p><p>Yes. Multiple methods accepted. Store different cookie names and check cookie name. Not mentioned in lab, but is sometimes possible to track by IP (less reliable, less used.) Other answers are possible. Section 3: Cookie Defenses</p><p>Question 3.1: Did clearing the cookies work? (Do you now see an ad only about casinos?)</p><p>Yes.</p><p>Question 3.2: Do you see a combined message ad (ex. Florida/casino/retirement) or a single purpose ad (just retirement)?</p><p>No. Single Ad.</p><p>Question 3.3: Is the cookie that was previously stored still on the computer?</p><p>Yes. Despite the fact that they added the cookie name to the banned list and that there is only a single ad displayed, the original cookie remains. </p><p>Question 3.4: At any time did you see a combined message ad?</p><p>No.</p><p>Question 3.5: Was the cookie ever able to make it on to the computer?</p><p>No.</p><p>Section 4: Spybot – Search and Destroy (A Non- Browser Tracking Cookie Solution)</p><p>Question 4.1: How many separate tracking cookies did Spybot discover (there should be four domains)?</p><p>12 </p><p>24</p>