Eprofile

A number of companies have started tracking users not only at their own site but at ``partner sites''. In this way, they are able to monitor the browsing habits of users across all these sites. The way this profiling works is demonstrated by a number of Internet sites[19]. The company, say LJS, wanting to create a profile of users on the Web enters in alliance with a number of other sites to have these companies place LJS's banner logo in their home page. However, unlike the rest of the partner's home page, this logo will be served from LJS's Web server. This enables LJS to monitor the user with the help of the ``cookie" on her hard drive and start the profile of the user by recording the date, time, site and pages visited, and the IP address of the user. As long as the user's browser accepts cookie the user can be traced across all alliance sites.

A typical profile generated for Web traveler Jill Doe is shown in Figure . When Jill registered at Alliance4.net, she gave her email address, her address and employer etc. All this data along with the sites visited (Figure ) and its contents are then mined to establish a profile and habits of Jill. Subsequently, LJS can sell information gleaned from the profile, and email address etc. to third parties. She is now caught in the Web; and soon she will start receiving spams and email solicitations each of which would take a few seconds of her life to process.

  

Figure: A Web Surfers Profile collected by server at LSJ.

3#3

All of this is available due to the ``cookie'' feature introduced to better serve the Web visitor. The cookies are stored on the users' hard drive in file usually named cookie. If one looks at the contents of this cookie file (Figure ) we see the note which warns user's not to edit it.

  

Figure: Cookie File Warning; Ignore it.

4#4

However, if Jill edits the cookie file and deletes all cookies left by the servers she visited, she finds, as illustrated in Figure , that they now cannot track her! From Figure , one notices that the first visited site since Jill edited the file has left another cookie to begin tracking her anew. It appears that Jill has shaken-off the hounds from the scent. Since, they are no longer able to use the cookie to know that Jill had visited them before. However, they still have access to Jill's IP address and using HTML based e-mail, could capture her email address. With this data, using a bit of data mining, establish that she was the same person that had a previous profile!

  

Figure: A server at LSJ cannot do much without a cookie!

5#5

One of the simplest schemes to provide some relief from being observed constantly on the Web as one goes about one's work is simply to disable the cookie option on the browser. However, this has the annoying effect of the browser asking for permission to set cookies almost constantly. A simpler scheme is to redirect all cookies to the never-never land of /dev/null.

Let us take our econsumer Jill: if Jill was using an Unix system she can simply redirect the cookie file to /dev/null with the following simple commands:

  

Figure: Sending cookies to never-never land

6#6

A number of software products are also available for Windows based browsers to rid the hard disk of cookies.