Query on cookies

Dr.Dimitri Vulis KOTM dlv at bwalk.dm.com
Fri Aug 8 00:59:20 PDT 1997

Declan McCullagh <declan at well.com> writes:

> Thanks for the help, folks. This is for an article on privacy I was
> working on, and I found the info I needed. For instance, Netscape's
> explanation of the protocol left me wondering about whether cookies from
> acme.com could be requested by competitor.com.
The answer is YES, although it requires a little work.

Suppose that you point your browser at http://www.A.com/index.html.

Suppose that file contains an <img src="http://www.B.com/X.cgi">.
The CGI file displays a little picture, and also gets or sets a cookie.

Suppose you next browse http://www.C.com/index.html, and it too
contains the same <img src...>.  Since the cookie is "owned" by B.com,
not A.com or C.com, the cgi file can track your movement from A.Com to


Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

More information about the cypherpunks-legacy mailing list