CSC 105 Grinnell College Spring, 2005
 
An Algorithmic and Social Overview of Computer Science
 

Laboratory Exercise on Browser Information and Privacy

Summary: This laboratory exercise explores some of the data passed routinely from a browser to a Web server. While this material does not identify a specific user, it can be used to find a moderate amount of information about you. This lab also introduces cookies and suggests some potential uses.

Browser Information

Whenever you request a Web page, your browser sends the Web server data about itself. The program http://www.walker.cs.grinnell.edu/fluency-book/web-info.php displays some of this information.

  1. Click on the above link and record the data displayed for future reference.

Since Internet communication requires Internet Protocol Number (sometimes called an IP number or an IP address), it is hardly surprising that the server knows this information. Specifically, the American Registry for Internet Numbers (ARIN) is a nonprofit organization chartered to manage Internet numbers for North America, a portion of the Caribbean, and sub-equatorial Africa; and ARIN maintains a database of which IP addresses are allocated to whom.

  1. Go to the WHOIS service that ARIN maintains for its database. Then type in both the IP address given in step 1 for your computer and the IP address for the server with which your browser communicated in step 1. To what extent can a Web server identify you based on an IP address?

  2. Various other groups build upon ARIN's database and other network services to provide further information regarding IP addresses. Two typical sources follow. In each case, try the tool, and describe what information the Web server can locate about your browser and computer.

    1. Geobytes maintains an IP Address Locator tool.

    2. Hexa Software Development Center, based in Penang, Malaysia, runs IP2Location™ locator services and maintains an information page that includes a pop-up window with a geographic display.

    To what extent do these additional groups provide information beyond that available from ARIN?

  3. Review the other information regarding your browser from http://www.walker.cs.grinnell.edu/fluency-book/web-info.php. Is this information accurate?

Query Strings

As explained in Chapter 12 of The Tao of Computing, data can be appended to yield an extended form of a URL. To get an extended URL, the address of the desired page comes first, followed by a question mark (?) and any desired data. In the lab on html forms, this type of extended URL is used by html forms to communicate user data through the GET method. However, the extended URL format is more general, and any information following a question mark is called a query string.

  1. Try the extended URL http://www.walker.cs.grinnell.edu/fluency-book/web-info.php?Computers are useful!!! and check the response received from the server.

  2. Add your own string to the URl for the web-info.php page, and describe what happens.

  3. Examine the URL that appeared in your browser in the previous step. What information is displayed? Describe briefly how the information displayed in the URL might impact privacy.

Cookies

When a browser accesses a Web page, the Web server can request that your browser store a small piece of information, called a cookie, on your machine. When you go to this Web page again, the Web server can ask for this cookie and can use that cookie in processing.

  1. Check if your browser is usually set to accept cookies.

    If your browser does not usually accept cookies, change the setting for what follows. You can change the settings back at the end of this lab.

  2. Read the "History Information" section of the web-info.php page (about in the middle of the page, before a rather long table).
    Click reload a few times, and describe what, if anything changes.

The Web page web-info.php tries to save a cookie to keep track of whether or not you have visited this page previously.

  1. Go to your browser, as described in Step 8, to locate the cookie for this Web page. (If your browser does not let you view the cookie directly, ask an instructor, lab assistant, or friend to help you locate the file of cookies for your computer or computer account.) Describe what information is set by web-info.php.

  2. Use your browser to delete the cookie associated with web-info.php, and access that page again. Describe what appears now in the "History Information" section of that page.

  3. Examine what, if any, other cookies your browser has stored recently. Consider the work you have done with the Web over the past week, and give a rough estimate of the fraction of your Web-based work that has yielded cookies on your computer.

Privacy Statements

This lab has highlighted some information transmitted to a Web server from you browser whenever you access a Web page. Also, when cookies are enabled, the Web server can record some data about you for future reference. Of course, if you provide additional information about yourself through a Web form (perhaps when you are making a purchase over the Web), then a Web server will be able to link that personal data with your browser and computer information. The use of that data naturally is left to the discretion of those running the Web server.

Many institutions and companies state their privacy policies regarding any data they collect.

  1. Find the privacy policy for your school or company. Then write a paragraph summarizing this policy.

  2. Find the privacy policies for at least three Internet Service Providers (ISPs), such as America Online, MSN (the Microsoft Network), and a local ISP that serves your town. You may want to use an Internet search engine or surf the Web to locate these policies through Web documents for those companies. Summarize this policy in a paragraph.

Work To Be Turned In


This laboratory exercise coordinates with Chapter 12 of Walker, Henry M., The Tao of Computing: A Down-to-earth Approach to Computer Fluency, Jones and Bartlett, 2005.
created 30 December 2003
last revised 24 April 2006

 Valid HTML 4.01! Valid CSS!