Declan McCullagh <declan@well.com> writes:
Thanks for the help, folks. This is for an article on privacy I was working on, and I found the info I needed. For instance, Netscape's explanation of the protocol left me wondering about whether cookies from acme.com could be requested by competitor.com. The answer is YES, although it requires a little work.
Suppose that you point your browser at http://www.A.com/index.html. Suppose that file contains an <img src="http://www.B.com/X.cgi">. The CGI file displays a little picture, and also gets or sets a cookie. Suppose you next browse http://www.C.com/index.html, and it too contains the same <img src...>. Since the cookie is "owned" by B.com, not A.com or C.com, the cgi file can track your movement from A.Com to B.Com. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps