(editor: Zhang Man)
exposure from 315 network agents collect user privacy is over a period of time, the discussion of privacy continues. Here are zhihu user LO speech, let us know how online advertising agency of user information collected through cookies. In the article the author puts forward many questions.
last night after Google was shot in the CCTV innocent references, its an official account immediately, this paper introduces the definition of Cookies is based on wikipedia. Cookies are, by definition, certain sites in order to identify the user identity and stored in the data on the user’s local terminal (usually encrypted). Ok we’ll start the person speaking below (note that the person is to don’t understand people understand the principle, does not like technical expression is rigorous, please understand technical people don’t take this to attack me). Because we usually visit the web site of the HTTP protocol used no memory function, but in some cases the web server must “remember” what users access to the web, what operation, so need an intermediate means to record these things, then the web server will be a piece of plain text files in the user’s computer to write as a tag, this text file similar to the “memorandum post-it note” is Cookies.
cookies, how to collect user information
common example of this is that if you buy things on the Internet, place the order with a mouse, and then to buy the keyboard; Browser at this time had left mouse commodity page, as a result of the HTTP protocol without memory function, so when you look at the keyboard, the mouse to buy after the record has been washed clean by a visit to record. Even if you buy 100 items, and finally the checkout can only see at last. To avoid this situation appear, shopping website will after each order, is a piece of Cookies on your computer to record; Finally the checkout, read these Cookies, to collect your shopping list.
according to the definition and the example above, the Cookies has several features:
the first, it has specificity, who is making Cookies is only who have permissions to read. You go to taobao bought things on jingdong, jingdong server to read Cookies is unable to read from taobao of Cookies on your machine, it can only be placed their own Cookies, when need to read. So even though your computer store the taobao, jingdong a heap of websites such as sina grass pomegranate Cookies, but as long as the computer is not lost, these Cookies itself is safe, no website can take the initiative to take.
second, Cookies can actually record many of your personal information, such as what kind of website do you often visit, staying on a web page, usually when surfing the Internet and so on. This information some people may not care, but if the advertisers focus to collect in the past, can control the person’s interest in online taste, sometimes also can calculate the income levels and other personal information. However, for many places emphasis on the Cookies will save the user password problem, in my opinion it is not necessarily imminent danger, because these passwords are usually not reversible way encryption, leak can restore the user password; This topic can also be written an article, we temporarily stop, or go to talk about the theme.
how to acquire abnormal Cookies
according to the characteristics of specificity, only users to access the site, can be issued, obtain their own Cookies, the Cookies to collect a large number of users, there are only two ways: one is to make a popular website, there are hundreds of thousands of people come to visit you, then you can get the mass user Cookies, naturally and the resulting access feature of the entire population.
it while it is usually there is a dispute, but people familiar with the Internet will tend to think that this is legitimate, after all websites need to provide personalized services according to the different characteristics of each person, for example, if you go to the amazon to buy books, entered it will give you recommend a batch of management books, because your previous purchase, browse the books. It brought convenience to the user, also facilitate to improve the efficiency of the website to sell goods.
Google, netease and other website also in this way to analyze the user behavior, to push targeted advertising, advertising and calculate the delivery efficiency. Like Google, baidu, netease, sina, therefore, these very large sites, with hundreds of millions or even billions of user Cookies are very normal, as long as they don’t sell these data to a third party, at present they have these data are legal.
but in CCTV report, friends, the overflow, easy to media and other companies claim to have tens or even hundreds of millions of user data, clearly their own websites is not up to this kind of popularity, that these data come from? If don’t show evidence to the company, we tend to believe the conclusion of CCTV, this a few company did use informal channels for the mass user information. And this is really reprehensible even legal punishment behavior. We’ll look at the website how to obtain do not belong to his own Cookies.
the second access to large quantities of Cookies, is Ming buy dark to steal. Oneself do not popular website, then go to buy big website. Like netease commercial web sites for careful consideration, usually can’t use this way to sell the data, but some of the individual structures, and popular hot BBS, does not exclude the profit in this way. Dark stolen, is placed on the large sites Cookies thief, term called “web beacons” or “web bugs”.
the working principle of web bugs and old trick: in popular with the users, widely access web site placed a picture of a pixel size, so that users can’t see the picture, but it can still work normally, its job is to get the Cookies to learn the user’s browsing habits. Now, for example, the thief company in netease women channel placed on all pages of the bug. When the user access channel page, netease woman due to bugs in this website, so it has the right to allot, won the user’s Cookies; Again due to the bug embedded thieves website address, so that it can turn a channel netease women visitors Cookies collect thieves and returned to the company. If netease woman channel 10 million visitors a day, one day the company to get 10 million copies of personal information.
do sell user cookies that netease? We put the above five points 3 seconds of the CCTV video to play, in the face of reporters “website can add code” inquiries, netease company hereafter east China channel sales manager director said, “if you put more on the inside, channels, such as women had a little effects on site, generally still can apply for to get”. That is to say, if the advertising and other interests temptation, netease sales staff or can promise, hang web bugs in their website code (you just need to with advertising icon on, technically simple). And because the netease has huge traffic, once really do this thing, that all the netease user Cookies will be offered to buy advertising company is obtained.
in netease company, after the event statement about your web page is not allowed to use third-party code, we also noticed that the statement was made by netease mail, rather than by netease company. That is to say, the mailbox distancing himself, but the greater the netease portal in the side of the suspect.
to finally, CCTV quoted the FTC punished Google case to prove that the United States is also opposed to collect Cookies, this example is wrong. First, the FTC (federal communications commission) rather than CCTV said the federal trade commission by the court to punish Google; Second, the penalty charges not Google collects the Cookies, but Google ignored apple safari on privacy Settings, the user can set a refuse to accept Cookies in the browser), placed directly on the user’s computer Cookies, trigger a punishment. That is to say, the punishment is to obtain the behavior of the Cookies without permission, if the user doesn’t oppose, the site itself get Cookies behavior will not be punished. (via YangMiao personal very agree with this view)
reflection: netease can be so blatant selling user cookies, that sina, tencent, sohu, CNTV website have to do such things, such as web pages from the middle to around shows ads will give us the answer. Believe facts speak louder than words, users eyes!
summary: through normal channels for COOKIE is allows users to understand, but selling cookies or steal user can only be the result of the notorious! As long as do the violation of the user, regardless of the part, or Yin in Yang), or the sophistication, this is all useless, let alone a media company boss still use “belt cover not QJ” point of view to justify, don’t think himself so the user when the silly force! Also for each big web site alarm, don’t give up immediate interests in order to the good future, because the user is our god!