Domain: webpolicy.org
Stories and comments across the archive that link to webpolicy.org.
Comments · 4
-
For those looking for a technical explanation
TFA doesn't actually contain any details on how they did that, but (ironically) with the help of Google, I was able to find a page that details the process. The short answer is they took advantage of the fact that any form submitted from the browser to a site would allow that site to install cookies, so they added a hidden form submit to their ads.
-
Re:Intentional vs. Unintentional
And if you need a reference, read the original analysis that spawned this entire debacle. It makes it very clear that one cookie, "_drt_" (which is fairly innocuous), is the only one that is deliberately set using the workaround. The unintended side-effect is that on future page loads, the "id" cookie (and others) can be directly set (no workaround needed) because Safari considers a domain whitelisted if it has *any* cookies set, and allows all further cookies.
-
Re:Bug?
It is a bug, and also seems very likely to be a (granted rather trivial) exploit. Google seems to be the primary target here, even though multiple sites have been identified using the workaround, because of previous agreements it has made regarding privacy.
-
Re:Chrome.
You didn't read the story where Google circumvented privacy settings in iOS?
http://webpolicy.org/2012/02/17/safari-trackers/
Bert