I noticed that all the cookies sent to my computer from websites start with myname@whatever.com.TXT. I assume that the cookies is getting my name from some user info on my computer.
Is there any way (short of changing that user info name on my computer) to trick the cookie into thinking I’m not me?
I’m not really sure what you’re asking. The name you refer to is the file naming convention used by IE to store cookies, and simply relects the way the browser chooses to implement cookie storage. Netscape, for instance, keeps the cookies in one file called “cookies.txt”, which can be kept in user-specific directories if you have multiple user profiles defined.
That <user>@<path> filename really has nothing to do with the cookie content that is sent back to the site, it’s just a convention for IE to be able to find cookie definitions based on your local identity and the path to a given site. What is sent to the site is the cookie contents contained in the file. You could probably change the path part of the filename, and change which sites would get particular cookies sent to them, and you could probably change the username part, and your browser wouldn’t see those cookies anymore, or would see some originally intended for another local user. Both seem rather pointless exercises.
Actually, let me ammend that slightly - the mapping of site to filename is in a file called index.dat in that same directory. The file name is possibly mangled, and doesn’t reflect the real full site name for the target of the cookie. To change anything, you would have to mess with index.dat. Don’t. It’s got binary data in it.
Okay, some privacy guy was saying something about cookies on TV and my friend (who is a bit of a privacy freak) was worried that Hotmail or Yahoo could trace certain, umm, (legal) adult pics back to him.
(He sometimes sends these pics to his buddies by email!)
He uses a false name at Yahoo, and has even used website services that block the originating IP address (or at least, provide a false one). His concern was that even with this kind of privacy, the cookies on his computer (which include his real name in the file name!!) would be sent to Hotmail or Yahoo and linked back to him.
I guess what you are saying is that Hotmail or Yahoo cannot use cookies to identify users who sent email?
Depends on what he has volunteered to a given site. If you look at the CONTENTS of one of those files, that’s the information that’s being sent back to the site. Somewhat hard to read for IE because there’s some binary control data in there. Usually, it will just be an identifier that lets them look up whatever information they’ve kept about you on their site, or obtained elsewhere based on what they know.
Here’s a basic background document on cookies that I think is pretty good:
The filename of the cookie is not sent back to Yahoo, only the contents of the cookie. Since the contents of the cookie come from Yahoo, there is no way it can contain anything Yahoo doesn’t already know.
Except that there’s a cookie security issue with IE, where any web site can read the cookies from any other web site. So if you have an Amazon.com account, then the nakedchicks.com web site can read the information set by Amazon. See the web page http://www.peacefire.org/security/iecookies/ for a demonstration.
BTW, if you haven’t tried the Opera, you’ve missed out on a browser with cool features.
Okay, I think I misunderstood what you wrote. I know that I can prevent websites from sending me cookies. That appears to be what you had also said.
I misunderstood, however, and thought you meant that you could monitor (and prevent) cookie information from being sent back to the website. That sounded cool, but, alas, I guess it don’t exists w/o completely turning off cookies reception.