making your web site work for you...
| Web
professionals dedicated to making your web site work for you... |
| |
|
Back to Newsletter list 
|
 |
CyberArtisans Web Developers Newsletter |  |
|
||||||||||||||||||||
Each issue we try to present information that will be useful to you as a website owner and as a user of the web. If these newsletters are useful, please forward this to a friend. To unsubscribe, follow the directions at the bottom of this email.
Firesheep is a recent Firefox extension that allows someone using the same WiFi connection you are on to gain control of your Facebook (or Twitter) account. Here's how it works: In its most basic form, a website has no way to track an individual user from page to page. This means that if you logged into Facebook and then clicked on a link to another page, Facebook would have no clue that you are the person who just logged in. Web developers long ago solved this with cookies, which are sent with each page request to identify the user. The problem, in a public WiFi environment, is that your browser is, in effect, shouting out your identification cookie to all the other computers on that WiFi connection. Firesheep simply collects those cookies as they go by, and then allows the person using Firesheep to use the cookie it just collected to log into your Facebook account and change anything they want (like your password, for example). Can you protect yourself against Firesheep? Yes, you can, but the description is longer than will fit comfortably into this email. However, if you go to my blog you will find a more thorough explanation of how Firesheep works and how to protect yourself. For sites like Facebook and Twitter, protecting yourself is actually quite simple. For other sites it could be more complex, but both options are explained in the blog.
The Wall Street Journal has been running a very interesting series about tracking cookies on websites called What They Know. It is available without a subscription. The series has gone on long enough to be able to report on changes in website tracking-cookie activity induced by the series itself. The (very) short version is that more websites than you think are using more tracking cookies than you think, and those cookies are able to record quite a bit of information about each of us. In fact, the industry has gotten so convoluted that many websites are not aware of how many cookies they use and how much data is being siphoned off to data aggregators, who eventually sell this data, sometimes back to the same websites. But in the latest installment ( Websites Rein In Tracking Tools), the WSJ reports that many websites have decided to restrict the use of tracking cookies on their sites. It should be noted that the motivation for this is less altruistic and more profit-oriented – they want to keep the collected data for themselves rather than let the data aggregators profit from it. If you have some time, look through the series. Each article is quite detailed and fairly long, so it isn't a light half-hour's read, but it is interesting. And yes, you can skip over some of the more technical information and still understand the articles.
|
||||||||||||||||||||
 |
 |