mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-02-28 21:28:55 +00:00
documentation change
This commit is contained in:
morse%netscape.com
parent
cb23abcdc0
commit
36749920f3
@ -17,12 +17,15 @@ in control
|
|||||||
explicitly allow them to.
|
explicitly allow them to.
|
||||||
<p>There are various ways that a site has of obtaining information about
|
<p>There are various ways that a site has of obtaining information about
|
||||||
you. When you request a page from a site, a certain amount of information
|
you. When you request a page from a site, a certain amount of information
|
||||||
is disclosed in the page-request that your browser makes on your behalf.
|
is automatically disclosed in the page-request that your browser makes
|
||||||
While you are getting the page, the site could be taking notes about your
|
on your behalf. Once you've received the page, the site could ask
|
||||||
behavior (tracking you) and storing those notes on an area of your hard
|
your browser for some additional information. While you are getting
|
||||||
disk which it can read back later. And whenever you fill out and
|
the page, the site could be tracking you by taking notes about your behavior
|
||||||
submit a form, the information on that form is sent to the site.
|
and storing those notes in an area of your hard disk (cookies) which it
|
||||||
Each of these aspects are described below in detail.
|
can read back later. And whenever you fill out and submit a form,
|
||||||
|
the information on that form is sent to the site. Each of these aspects
|
||||||
|
are described below in detail.
|
||||||
|
<br>
|
||||||
<p><b>Requesting a Page</b>
|
<p><b>Requesting a Page</b>
|
||||||
<p>When you request a page from a site, a small amount of information about
|
<p>When you request a page from a site, a small amount of information about
|
||||||
you is given to that site. In particular, the site is told the three
|
you is given to that site. In particular, the site is told the three
|
||||||
@ -58,12 +61,52 @@ It is no more a part of your identity than is the phone number of a pay
|
|||||||
telephone which you happen to be using when making a phone call.
|
telephone which you happen to be using when making a phone call.
|
||||||
<p>But if you are concerned and want to block your IP address from being
|
<p>But if you are concerned and want to block your IP address from being
|
||||||
given out, see the section on <i>Hiding Your Internet Address</i>.
|
given out, see the section on <i>Hiding Your Internet Address</i>.
|
||||||
<p><i>3. Who referred you</i>
|
<p><i>3. Referrer</i>
|
||||||
<p>The site is also told where you just came from. In other words,
|
<p>The site is also told where you just came from. In other words,
|
||||||
it knows which page you were reading when you clicked on the link to the
|
it knows which page you were reading when you clicked on the link to the
|
||||||
page you are now requesting. This allows the site to know which other
|
page you are now requesting. This allows the site to know which other
|
||||||
site referred you to it. Also, as you traverse the site, it allows
|
site referred you to it. Also, as you traverse the site, it allows
|
||||||
the site to know where in the site you were most recently.
|
the site to know where in the site you were most recently.
|
||||||
|
<br>
|
||||||
|
<p><b>After the Page is Received</b>
|
||||||
|
<p>After you receive a page from a site, that page is displayed.
|
||||||
|
The page might contain programs, referred to as <i>javascript code, which</i>
|
||||||
|
will then execute on your machine. Javascript code has the ability
|
||||||
|
to request some information about your machine and to send such information
|
||||||
|
back to the site.
|
||||||
|
<p>If you do not want any additional information given out, you can easily
|
||||||
|
prevent it. Whether or not your browser allows javascript code to
|
||||||
|
execute is controlled by your preference settings. That preference
|
||||||
|
is initially set to allow javascript to execute. By changing that
|
||||||
|
preference, you will be preventing the site from requesting and transmitting
|
||||||
|
this information.
|
||||||
|
<p>The information that the site can request by using javascript code in
|
||||||
|
this manner is usually not very interesting. It includes such things
|
||||||
|
as the number (but not the names) of the sites you previously visited,
|
||||||
|
whether or not your browser can execute programs written in a language
|
||||||
|
called <i>java</i>, the number and type of plugins you have installed
|
||||||
|
in your browser, the height and width of the browser window, etc..
|
||||||
|
<p>Javascript code is normally incapable of obtaining any information about
|
||||||
|
you that would seriously compromise your privacy. However, with your
|
||||||
|
permission, javascript code can obtain much more personal information.
|
||||||
|
In fact, it could even read information from arbitrary files on your hard
|
||||||
|
disk and transfer that information back to the site. But you have
|
||||||
|
to grant your permission before any of this can happen. You'll know
|
||||||
|
when the site is attempting to use javascript in this manner because a
|
||||||
|
box will appear asking you to grant your permission. You should not
|
||||||
|
grant it unless you have absolute trust in that site. If you refuse,
|
||||||
|
the javascript code is rendered harmless.
|
||||||
|
<br>
|
||||||
|
<p><b>Downloading a File</b>
|
||||||
|
<p>When you are requesting a file (as opposed to a viewable page), your
|
||||||
|
e-mail address might be divulged as a courtesy to the site. You know
|
||||||
|
when you are requesting a file because its address starts with "ftp://"
|
||||||
|
instead of the more usual "http://".
|
||||||
|
<p>One of your preference settings determines if your e-mail address should
|
||||||
|
be sent as your password when you request files. This preference
|
||||||
|
is initially set to not send your e-mail address so, unless you've changed
|
||||||
|
it, your e-mail address will not be divulged.
|
||||||
|
<br>
|
||||||
<p><b>Being Tracked by Cookies</b>
|
<p><b>Being Tracked by Cookies</b>
|
||||||
<p>Since the site does not know who you are, it cannot possibly be collecting
|
<p>Since the site does not know who you are, it cannot possibly be collecting
|
||||||
any information on you and has no knowledge of any previous times that
|
any information on you and has no knowledge of any previous times that
|
||||||
@ -100,6 +143,7 @@ that it could tell you if a new dog book became available since your last
|
|||||||
visit. It would be a bad thing if it then sold that information to
|
visit. It would be a bad thing if it then sold that information to
|
||||||
the local dog pound so they could cross-check for potential dog owners
|
the local dog pound so they could cross-check for potential dog owners
|
||||||
who do not have valid dog licenses.
|
who do not have valid dog licenses.
|
||||||
|
<br>
|
||||||
<p><b>Encountering Foreign Cookies</b>
|
<p><b>Encountering Foreign Cookies</b>
|
||||||
<p>When a site stores a cookie, it is the only site that is able to read
|
<p>When a site stores a cookie, it is the only site that is able to read
|
||||||
that cookie in the future. That permits a site to build up a profile
|
that cookie in the future. That permits a site to build up a profile
|
||||||
@ -111,7 +155,7 @@ is site specific and nobody can build up a universal database on you.
|
|||||||
stored not by sheep.com but by some marketing site called wolf.com.
|
stored not by sheep.com but by some marketing site called wolf.com.
|
||||||
And sheep.com can cause that to happen very simply by having an image from
|
And sheep.com can cause that to happen very simply by having an image from
|
||||||
wolf.com displayed on its home page. So when you visit sheep.com,
|
wolf.com displayed on its home page. So when you visit sheep.com,
|
||||||
you are really making a side-trip to wolf.com to get the image and
|
you are really making a side trip to wolf.com to get the image and
|
||||||
wolf.com can store the cookie at that time. Suppose that wolf.com
|
wolf.com can store the cookie at that time. Suppose that wolf.com
|
||||||
has enlisted many other sites to also display its cookie-storing image.
|
has enlisted many other sites to also display its cookie-storing image.
|
||||||
Now wolf.com will be building up a cookie that contains information about
|
Now wolf.com will be building up a cookie that contains information about
|
||||||
@ -123,6 +167,7 @@ think you are visiting are called <i>foreign cookies</i>. If you
|
|||||||
are concerned about the privacy implications of foreign cookies but
|
are concerned about the privacy implications of foreign cookies but
|
||||||
not concerned about ordinary cookies, you could give permission for sites
|
not concerned about ordinary cookies, you could give permission for sites
|
||||||
to store ordinary cookies only but not store foreign ones.
|
to store ordinary cookies only but not store foreign ones.
|
||||||
|
<br>
|
||||||
<p><b>Controlling Your Cookies</b>
|
<p><b>Controlling Your Cookies</b>
|
||||||
<p>The way you give permission for a site to use (store and/or read) cookies
|
<p>The way you give permission for a site to use (store and/or read) cookies
|
||||||
is by your preference settings. Your preference could be that your
|
is by your preference settings. Your preference could be that your
|
||||||
@ -160,30 +205,39 @@ reject all future cookie-storing attempts from this site.
|
|||||||
that have been stored on your hard disk as well as a list of sites
|
that have been stored on your hard disk as well as a list of sites
|
||||||
for which you have asked to have the cookie-storing decisions remembered.
|
for which you have asked to have the cookie-storing decisions remembered.
|
||||||
And you can selectively delete any of the cookies or sites in these lists.
|
And you can selectively delete any of the cookies or sites in these lists.
|
||||||
|
<br>
|
||||||
<p><b>Evading Cookies</b>
|
<p><b>Evading Cookies</b>
|
||||||
<p>It should be mentioned that even if you have disabled cookies, the site
|
<p>It should be mentioned that even if you have disabled cookies, the site
|
||||||
still has a way of tracking you, at least while you remain at that site.
|
still has ways of tracking you, at least while you remain at that site.
|
||||||
It does this by storing the information not in a cookie on your machine
|
Presented here is one example.
|
||||||
|
<p>The site could store the information not in a cookie on your machine
|
||||||
but rather in the links that it lets you fetch. Each link that it
|
but rather in the links that it lets you fetch. Each link that it
|
||||||
presents for you to click on contains the name of the next page to fetch.
|
presents for you to click on contains the address of the next page to fetch.
|
||||||
But the site could customize that link specifically for you so that it
|
But the site could customize that link specifically for you so that it
|
||||||
contains a bit of tracking information as well.
|
contains a bit of tracking information as well.
|
||||||
<p>To make this clear, suppose that you visit a site called x1.com.
|
<p>To make this clear, suppose that you visit a site called trackme.com.
|
||||||
That site presents you with its home page that has a link to a second page.
|
That site presents you with its home page and that page contains a link
|
||||||
What you see on your screen is some text describing the link (for example,
|
to a second page. What you see on your screen is some text describing
|
||||||
"visit our second page"). In addition to the visible text, the link
|
the link (for example, "visit our second page"). In addition to the
|
||||||
also contains the address of the second page, such as x2.com.
|
visible text, the link also contains the address of the second page, such
|
||||||
But suppose the link on the home page doesn't contain just"x2.com but contains
|
as trackme.com/secondpage. But suppose the link on the
|
||||||
something like x2.com?0 instead. The "?0" might be a code saying
|
home page doesn't contain just trackme.com/secondpage but contains something
|
||||||
that you haven't visited x2.com yet. Suppose you click on this link
|
like trackme.com/secondpage?0 instead. The "?0" might be a code saying
|
||||||
and then return back to the home page via a link on the second page.
|
that you haven't visited the second page yet. Suppose you click on
|
||||||
The home page that the site presents to you this time differs from the
|
this link and view the second page. Then you click on a link on the
|
||||||
one it sent you previously in that the link back to x2.com now contains
|
second page that gets you back to the home page. The home page that
|
||||||
x2.com?1.
|
the site presents to you this time differs from the one it sent you previously
|
||||||
|
in that the link back to trackme.com/secondpage now contains trackme.com/secondpage?1.
|
||||||
|
The site is now using the page itself (rather than a cookie) to keep track
|
||||||
|
of where you've been and what things you've clicked on.
|
||||||
<p>The good news is that this sort of tracking works only as long as you
|
<p>The good news is that this sort of tracking works only as long as you
|
||||||
remain at the site and visit its related pages. Once you leave the
|
remain at the site and visit its related pages. Once you leave the
|
||||||
site all of this information is lost. If you should then return again
|
site all of this information is lost. If you should then return again
|
||||||
later you will be presented with the "x2.com?0" link all over again.
|
later you will be presented with the "trackme.com/secondpage?0" link all
|
||||||
|
over again. (Of course if you bookmark a page from such a site, when
|
||||||
|
you return to that page via the bookmark that tracking information will
|
||||||
|
still be there.)
|
||||||
|
<br>
|
||||||
<p><b>Submitting Information on Forms</b>
|
<p><b>Submitting Information on Forms</b>
|
||||||
<p>Of course if you voluntarily chose to divulge information to the site,
|
<p>Of course if you voluntarily chose to divulge information to the site,
|
||||||
such as by submitting a form that the site presents to you, you are knowingly
|
such as by submitting a form that the site presents to you, you are knowingly
|
||||||
@ -212,17 +266,18 @@ machine and not on any website. When the Form Manager prefills a
|
|||||||
form with the saved information, that information is not sent to the site
|
form with the saved information, that information is not sent to the site
|
||||||
until you submit the form. Once again you are in control -- no information
|
until you submit the form. Once again you are in control -- no information
|
||||||
is released until you say so.
|
is released until you say so.
|
||||||
|
<br>
|
||||||
<p><b>Divulging your Password</b>
|
<p><b>Divulging your Password</b>
|
||||||
<p>If you are like most users, you've registered for services at various
|
<p>If you are like most users, you've registered for services at various
|
||||||
sites. The registration consisted of selecting a user name and password.
|
sites. The registration consisted of selecting a user name and password.
|
||||||
Each time you return to such a site, you fill out and submit a form containing
|
Each time you return to such a site, you fill out and submit a form containing
|
||||||
the user name and password that you selected for that site. You might
|
the user name and password that you selected for that site. To avoid
|
||||||
not want to be burdened with having to remember a different password for
|
having to remember a different password for each site, especially those
|
||||||
each site, especially those you don't visit often, so you probably used
|
you don't visit often, you might have used the same password everywhere.
|
||||||
the same password for each site. And the same goes for your user
|
And the same goes for your user name, providing somebody else hadn't already
|
||||||
name, providing somebody else hadn't already taken it.
|
taken it.
|
||||||
<p>So now each site that you register with has a record of two important
|
<p>So each site that you registered with has a record of two important
|
||||||
pieces of information about you, your user name and password. And
|
pieces of information about you -- your user name and password. And
|
||||||
if this is the same user name and password that you always use, an unscrupulous
|
if this is the same user name and password that you always use, an unscrupulous
|
||||||
site administrator at any one of these sites has enough information to
|
site administrator at any one of these sites has enough information to
|
||||||
go impersonating you by logging in to other sites at which you are registered.
|
go impersonating you by logging in to other sites at which you are registered.
|
||||||
@ -242,6 +297,7 @@ or change them before submitting if they are not what you want.
|
|||||||
<p>The Password Manager also allows you to see which user names you have
|
<p>The Password Manager also allows you to see which user names you have
|
||||||
stored for which sites. And it allows you to selectively delete any
|
stored for which sites. And it allows you to selectively delete any
|
||||||
of these items if you wish.
|
of these items if you wish.
|
||||||
|
<br>
|
||||||
<p><b>Hiding Your Internet Address</b>
|
<p><b>Hiding Your Internet Address</b>
|
||||||
<p>When you request to see a page from a site, your browser needs to tell
|
<p>When you request to see a page from a site, your browser needs to tell
|
||||||
the site your internet address (IP address) so the site knows where to
|
the site your internet address (IP address) so the site knows where to
|
||||||
@ -268,5 +324,6 @@ you. The site that supplied the page never gets to see your IP address.
|
|||||||
<p>There are several sites that provide such services. Use your favorite
|
<p>There are several sites that provide such services. Use your favorite
|
||||||
search engine to find them -- try search words such as "anonymous" and
|
search engine to find them -- try search words such as "anonymous" and
|
||||||
"surfing".
|
"surfing".
|
||||||
|
<br>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user