Tracking Bots and Cookies

[Stuart]

George

As I am a dev for apple software I do know that OSX does not have the windows type registry as its based on UNIX which does not require one

John   Safari asks you if it should remember passwords  , These are able to be removed and viewed by the user ( admin ) under password control ( this one is not remembered )

Stuart

[Maryak]

Replacing cookies with something else is a real challenge for the programmers of the world to think about doing.  All of us who use PayPal to receive purchases and make payments, all of us who sign into eBay or other favorite "Business" sites must have cookies to assure that it is really you that is checking in, and from a known computer system, where a cookie has been placed and recorded by the sender as a personal identifier that is unique to your, your system, and the sender.  It is actually a great system, that has worked for years.  The difficulty with the system has come about due to the greed of many who have found out how to collect and sell information to others for what they call a "Mutual Benefit."

George

George,

I am not trying to be a smart ass but, I can pay on Ebay, with my credit card as a guest. I also have a dynamic IP address so why is the above relevant. If I clean out my cookies and my browser cache does this mean I can no longer pay by credit card as a guest? Surely just like any other shop, if I provide correct credit card details that should be sufficient. In fact Amex now needs no confirmation of anything for purchases under $35, swipe and walk away. What if I want to purchase whilst at an internet cafe, use a dongle from a different ISP, use my daughter's or my wife's or my friends computer? where all have different IPs, providers, and emails.? There is no way they can know or not know it's me, yet they happily accept my credit card payment from such locations. I have even made internet payments by credit card from Novosibirsk, Siberia on my stepson's computer. Again I don't understand and the above currently registers pretty high on my gobbledegook scale.

Respectfully
Bob

[AdeV]

I am not trying to be a smart ass but, I can pay on Ebay, with my credit card as a guest. I also have a dynamic IP address so why is the above relevant.

You are still using either cookies (most likely), or possibly an indicator in the URL. You can test this by turning cookies off in your browser, I bet you can't pay by paypal then. Cookies don't have to be permanant, they can be just for the duration of a session; or even just for the duration of a page.

Again I don't understand and the above currently registers pretty high on my gobbledegook scale.

It's hard to explain cookies in a non-technical way, because there's no real-life parallel. Let me try to invent one....

Imagine a deli counter. There are a few servers, and lots of customers. Because its busy, each server is only doing his "patch" of the counter. Unlike a normal deli counter, you don't hold your basket, the servers do (to make sure you don't run off without paying).

The first thing you do is grab a ticket from the ticket machine. We will call this ticket a "cookie". Let's say you get ticket number 155.

In order to buy something, you hand your ticket to a server & ask him to add an item to your basket. So the server grabs an item, and puts it in the basket numbered 155. He then hands the ticket back to you.

You repeat this until you've got everything you want. Now you've got to go pay at the till. So you take your "cookie" to the till, and hand it to the till operator. Who goes and looks in your basket, works out the total, and tells you. Here's where it gets a bit complex: You now have to go next door to pay for your goods. So the till operator gives you a new "cookie" with details of the transaction in it - the amount to pay & who it's payable to. You walk next door to the PayPal store, and give the first server you see your ticket. They bring up details of the transaction, and give your ticket back to you ... and your server goes off and serves someone else - so you grab another one, give them your ticket & credit card, they process the payment, and give you back yet another ticket that says "155 - paid".

You take that new ticket back to the deli counter, and they hand you your goods. Job done.

In the above tale, each server represented a web server. One web server can be serving tens, hundreds or thousands of requests all at the same time (= number of deli counter servers); there's no guarantee that you'll get the same one each time, but by handing your server the ticket (cookie), that server can immediately see what you've already put in your basket - or, back in the web world - what pages you've visited, etc. That's a simple session cookie. When the deli counter hands over your goods, it might also hand over a cookie with your name, address & customer number in it. Next time you visit, you hand them that cookie, and they can immediately see who you are & what you've ordered in the past. Those are "persistent" cookies (ones you save); and they vary from things like the cookie this forum will save on your computer (to tell our server who you are, and if you're logged in or not), to sites like Amazon which keeps all kinds of information about you, for recommending things, etc.

Websites CAN be made to work without cookies; e.g. that session number (155)? We can add that to the URL (address) of the web page - e.g. www.mywebpage.com?session=155; and any other links on the website have the same "?session=155" on them. But that's less reliable than cookies, and you could crash into someone else's session just by altering the address to have ?session=157 on the end of it.... so cookies are preferred.

Apologies if that's still gobbledegook, it's really quite tough to explain it in a real-world way.

EDIT TO ADD:

Think back to our deli counter setup, where you hand your ticket over & get stuff added to your basket; there's 2 things you might have noticed about certain websites:

1) Some websites seem to remember what you had in your basket, from ages ago. The answer to that is, they saved basket 155, even though you walked out of the shop without buying. When you came back a week later, the basket is still there, with the items still in it.

2) Other websites seem to forget what you're doing half way through a transaction; sometimes, if you don't update a page for a long while, or if something goes awry behind the scenes, the servers empty your basket & throw it away. So when you hand over your 155 ticket, it can't be found - suddenly, your basket is empty again.

[George_Race]

For those who have never thought about the different types of cookies, and what they do, here is the information directly from Microsoft.

Understanding cookies

Some Web sites store information in a small text file on your computer. This file is called a cookie.

There are several types of cookies, and you can choose whether to allow some, none, or all of them to be saved on your computer. If you do not allow cookies at all, you may not be able to view some Web sites or take advantage of customization features (such as local news and weather, or stock quotes).

How cookies are used

A cookie is a file created by an Internet site to store information on your computer, such as your preferences when visiting that site. For example, if you inquire about a flight schedule at an airline's Web site, the site might create a cookie that contains your itinerary. Or it might only contain a record of the pages you looked at within the site you visited, to help the site customize the view for you the next time you visit.

Cookies can also store personally identifiable information. Personally identifiable information is information that can be used to identify or contact you, such as your name, e-mail address, home or work address, or telephone number. However, a Web site only has access to the personally identifiable information that you provide. For example, a Web site cannot determine your e-mail name unless you provide it. Also, a Web site cannot gain access to other information on your computer.

Once a cookie is saved on your computer, only the Web site that created the cookie can read it.

Persistent cookies

A persistent cookie is one stored as a file on your computer, and it remains there when you close Internet Explorer. The cookie can be read by the Web site that created it when you visit that site again.

Temporary cookies

A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close Internet Explorer.

First-Party vs. Third-Party cookies

A first-party cookie either originates on or is sent to the Web site you are currently viewing. These cookies are commonly used to store information, such as your preferences when visiting that site.

A third-party cookie either originates on or is sent to a Web site different from the one you are currently viewing. Third-party Web sites usually provide some content on the Web site you are viewing. For example, many sites use advertising from third-party Web sites and those third-party Web sites may use cookies. A common use for this type of cookie is to track your Web page use for advertising or other marketing purposes. Third-party cookies can either be persistent or temporary.

Unsatisfactory cookies

Unsatisfactory cookies are cookies that might allow access to personally identifiable information that could be used for a secondary purpose without your consent.


Thought this may help,
George

[George_Race]

Bob, something to try.
Turn off Cookies in your browser, or don't allow them.
I would bet that you would now not be able to use your credit card, even as a guest on eBay.
George

[rleete]

Abe, speaking as someone who understands computers and cookies and how they're used, that's a reasonable explanation.  Pretty hard to make an analogy with something that really doesn't have an analogy in real life.

[ketan swali]

Replacing cookies with something else is a real challenge for the programmers of the world to think about doing.  All of us who use PayPal to receive purchases and make payments, all of us who sign into eBay or other favorite "Business" sites must have cookies to assure that it is really you that is checking in, and from a known computer system, where a cookie has been placed and recorded by the sender as a personal identifier that is unique to your, your system, and the sender.  It is actually a great system, that has worked for years.  The difficulty with the system has come about due to the greed of many who have found out how to collect and sell information to others for what they call a "Mutual Benefit."

George

George,

I am not trying to be a smart ass but, I can pay on Ebay, with my credit card as a guest. I also have a dynamic IP address so why is the above relevant. If I clean out my cookies and my browser cache does this mean I can no longer pay by credit card as a guest? Surely just like any other shop, if I provide correct credit card details that should be sufficient. In fact Amex now needs no confirmation of anything for purchases under $35, swipe and walk away. What if I want to purchase whilst at an internet cafe, use a dongle from a different ISP, use my daughter's or my wife's or my friends computer? where all have different IPs, providers, and emails.? There is no way they can know or not know it's me, yet they happily accept my credit card payment from such locations. I have even made internet payments by credit card from Novosibirsk, Siberia on my stepson's computer. Again I don't understand and the above currently registers pretty high on my gobbledegook scale.

Respectfully
Bob

Hi Bob,

  you have just opened up a different can of worms here 

Many sellers use security gateways to check the authenticity of a buyer to look out for potentially fraudulent transactions. When you pay by credit card or Shitpal, at ARC your details come through Sagepay - a company we use in the payment security gateway. It shows us your IP location, details of your card issuer where available, along with various other security checks available. At the end, there is a score for your transaction, along with a level of guarantee to pay, issued by the various credit card/payment providers. If you ordered from Siberia with an Australian credit card on our website, there is a high probability that your transaction will have an extremely bad score, with low level of guarantee or no guarantee of payment issued by your credit card issuer and/or any other processors in between. Then Ketan here has to decide if he chooses to take the risk with your order. What do you think the chances are of my accepting your payment  ...the risk gets even higher with Shitpal....with whom we still have to work, but prefer to decline for larger value orders. with them, the seller is always guilty until provan innocent, and we have won every dispute raised by buyers using Shitpal, till date. As you can guess by now, even though they put through a lot of worlds transactions through their operations, especially thanks to Shitbay, and even through we have to use them, I do not consider them to be a reputable financial institution.

[AdeV]

...Shitpal ... Shitbay ... I do not consider them to be a reputable financial institution.

So, when are you coming down off the fence about those two, then? 

As a buyer, I find eBay & PayPal to be great.

As a seller, they are the biggest thieves in town.

Unfortunately, for a lot of the stuff I buy & sell, they are the only game in town. 

[Maryak]

Adev, George and Ketan,

Thank you very much for taking the time and trouble to try and explain the cookie saga. 

I can cope with being basket 155 whilst I do my song and dance with company X. Where I got excited was:-

All of us who use PayPal to receive purchases and make payments, all of us who sign into eBay or other favorite "Business" sites must have cookies to assure that it is really you that is checking in, and from a known computer system, where a cookie has been placed and recorded by the sender as a personal identifier that is unique to your, your system, and the sender.
Why......................because I could not, (and still do not), see how a site could know it was "Really Me" unless it had personal information about me and how the cookie was unique to "me and my system" when I use different systems.

I realise the impending changes are going to be a PITA for all of us doing business over the internet but the current system appears to me to be one which is far more oriented to and convenient for the needs of the seller rather than those of the buyer.

As an  aside Paypal will no longer process transactions within the Russian Federation, probably because they have been left holding the baby too often. I understand Ketan's rating and his likely refusal of my payment from Novosibirsk. The banks must have some sort of system in place, our Oz credit cards are accepted at every ATM we have used there and over the counter transactions by credit card are seamless.

Thank you again for your understanding in dealing with an old phart and dragging me kicking and screaming into the 21st century.

Best Regards
Bob

[George_Race]

Bob said:
"Why......................because I could not, (and still do not), see how a site could know it was "Really Me" unless it had personal information about me and how the cookie was unique to "me and my system" when I use different systems."

Bob, I think that we may be thinking to basic, which may be clouding the real answer to your question here.

When you check into eBay, for example, as an eBay user you have both a UserName and a PassWord.  No matter what computer you check in from, in order to buy or sell you will need to sign in with your username and password.  A cookie is then placed on the computer you are currently on and because of your username and password, the remote site knows who you are.

So Bob, in reality, your username and password are what is needed for any site to know exactly who you are, not necessarily where you are and what computer you are on.  And the cookie that is placed on your system, is indeed unique to THAT COMPUTER.  Next time you log into the same site, you will be recognized by your previously received cookie.

Aren't computers fun!
George

[Maryak]

Thanks George, 

That's cleared things up quite a bit, I can understand that my username and password are hopefully unique to me, for each site am enrolled with.

Best Regards
Bob

[ketan swali]

...Shitpal ... Shitbay ... I do not consider them to be a reputable financial institution.

So, when are you coming down off the fence about those two, then? 

As a buyer, I find eBay & PayPal to be great.

As a seller, they are the biggest thieves in town.

Unfortunately, for a lot of the stuff I buy & sell, they are the only game in town. 

  Agreed. Sorry I got a bit carried away with my direct opinion.

[ketan swali]

As an  aside Paypal will no longer process transactions within the Russian Federation, probably because they have been left holding the baby too often. I understand Ketan's rating and his likely refusal of my payment from Novosibirsk. The banks must have some sort of system in place, our Oz credit cards are accepted at every ATM we have used there and over the counter transactions by credit card are seamless.
[/color]

Bob,

I was not aware that Paypal stopped processing transactions from the Russian Federation. In my experience, Paypal have usually left the seller holding the baby for shipments to the Russian Federation. As a norm, Paypal sat on the fence and/or did not offer seller protection for this region.

In my experience, the problems have not been with the buyers. I have found most of them to be genuine. The problem has been with logistics, the minute a parcel lands in Russia. If we send by courier be it DHL or TNT, the parcel is normally considered for safe passage to the receiver, if the receiver is a company, and normally in a main city. If the receiver is an individual, the chances of their receiving the said parcel by courier is about 10 ~ 20 %, and near impossible if outside a main city. Add to this, the clearance and local delivery charges to the receiver are extortionate.

If sent by the postal system under a tracked service like EMS, the probability of goods reaching the destination are greater. Still, delivery success is a bit of a hit and miss.

For a while, ebay and Paypal liked to promote a courier called "Shipwire" to customers. Then they realised what happens in the real world, and Shipwire released this guideline: http://www.shipwire.com/w/blog/russian-orders-to-individuals/

The reason I am giving you the above explanation is that without understanding the complete picture, one could easily think that there are a lot of scammers in Russia. Whilst this may or may not be the case for fast moving electronics type goods, in my opinion, it is not the case with engineering products buyers. This, I only came to realise clearly, thanks to Google Analytics :-). Amongst other things, it showed me that we have a good following in the Russian Federation, and that there are good opportunities there. Had I not got the intelligence gained from GA, I would have got the wrong stereo typical impression about the average Russian buyer!. We still consider shipping to the Russian Federation to be high risk, but it is not because of the customer, but because of the logistics.

As for credit cards, you are lucky with Oz credit cards. If I am to use my credit or debit cards in a foreign country, I usually have to tell my card providers that I will be using them overseas, otherwise they block them when I am overseas and call me to check that it is really me using them :-), which I think is a good thing, even though it can get embarrassing at times.

[Maryak]

Ketan,

We only found out by accident this month when we went to renew Galina's subscription to a Russian Movie site, by Paypal. Her subs was refused and we could not understand why. I went to the Paypal site and sure enough RF has been removed from their list of countries.

DHL is the only way to ensure a delivery outside of Moscow, St Petersburg and Novosibirsk. Registered Post works well for letters to the aforementioned. Even if items are sent airmail, from Moscow on they are sent by rail. We stopped sending parcels some years ago for things like birthdays and Xmas because if they did arrive they had been rifled of things various handlers decided their need  was greater than the intended recipients.

In reverse parcels sent from Russia to us have eventually arrived but the lead time has never been less than 3 months.

Whilst there is good money to be made in some sectors, the majority of ordinary Russians are grossly underpaid when they get paid and it's even worse in the public sector. We in the west see the tip of the iceberg when dealing with the postal service.

Best Regards
Bob

[Bogstandard]

I had the same problem when I tried to send packages to friends in Moscow. I have now given up, as they never arrived, and even letters are opened to see if there is any money inside. I had to spend over 50 pounds to make sure a normal letter got safely and unopened to the British consulate there.

My friend, who lives there, even says it is just as bad amongst the general population. If you stop to ask someone the way, they hold their hand out, expecting money, before they will answer your question. Almost everyone is 'on the make'.

John