Laboratory Exercise on Browser Information and Privacy
Summary: This laboratory exercise explores some of the data passed
routinely from a browser to a Web server. While this material does not
identify a specific user, it can be used to find a moderate amount of
information about you. This lab also introduces cookies and suggests some
Whenever you request a Web page, your browser sends the Web server
data about itself. The program
displays some of this information.
Since Internet communication requires Internet Protocol Number (sometimes
called an IP number or an IP address), it is hardly surprising that the
server knows this information. Specifically, the American Registry for Internet Numbers
(ARIN) is a nonprofit organization chartered to manage Internet numbers
for North America, a portion of the Caribbean, and sub-equatorial Africa;
and ARIN maintains a database of which IP addresses are allocated to whom.
Click on the above link and record the data displayed for future reference.
Go to the WHOIS
service that ARIN maintains for its
database. Then type in both the IP address given in step 1 for your
computer and the IP address for the server with which your browser
communicated in step 1. To what extent can a Web server identify you based
on an IP address?
Various other groups build upon ARIN's database and other network services
to provide further information regarding IP addresses. Two
typical sources follow. In each case, try the tool, and describe what
information the Web server can locate about your browser and computer.
To what extent do these additional groups provide information beyond that
available from ARIN?
Geobytes maintains an IP
Address Locator tool.
Hexa Software Development Center, based in Penang, Malaysia, runs
IP2Location™ locator services and maintains an information page that
includes a pop-up window with a geographic display.
Review the other information regarding your browser from http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php.
Is this information accurate?
As explained in Chapter 12 of The Tao of
Computing, data can be appended to yield an extended form of a URL. To
get an extended URL, the address of the desired page comes first, followed
by a question mark (?) and any desired data. In the lab on html forms, this type of extended URL is
used by html forms to communicate user data through the GET
method. However, the extended URL format is more general, and any
information following a question mark is called a query string.
Try the extended URL http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php?Computers are useful!!!
and check the response received from the server.
Add your own string to the URl for the web-info.php page, and
describe what happens.
Examine the URL that appeared in your browser in the previous step. What
information is displayed? Describe briefly how the information displayed
in the URL might impact privacy.
When a browser accesses a Web page, the Web server can request that your
browser store a small piece of information, called a cookie, on your
machine. When you go to this Web page again, the Web
server can ask for this cookie and can use that cookie in processing.
The Web page web-info.php tries to save a cookie to keep track of
whether or not you have visited this page previously.
Check if your browser is usually set to accept cookies.
If you use Internet Explorer under Windows, this information can be found by looking
under select "Internet Options" from the "Tools" menu, then look under
"General" and "Settings" in the "Temporary Internet Files" section.
If you use Internet Explorer on a Macintosh, this information can be found
by looking under "Preferences" under the "Explorer" menu, and then looking
under "Cookies" in the "Receiving Files" section.
If you use the Mozilla browser, this information can be found by looking
under "Preferences" in the "Edit" menu, and then going to "Privacy &
Security" and "Cookies".
If your browser does not usually accept cookies, change the setting for
what follows. You can change the settings back at the end of this lab.
Read the "History Information" section of the web-info.php page
(about in the middle of the page, before a rather long table).
Click reload a few times, and describe what, if anything changes.
Go to your browser, as described in Step 8, to locate the cookie for this
Web page. (If your browser does not let you view the cookie directly, ask
an instructor, lab assistant, or friend to help you locate the file of
cookies for your computer or computer account.) Describe what information
is set by web-info.php.
Use your browser to delete the cookie associated with
web-info.php, and access that page again. Describe what appears
now in the "History Information" section of that page.
Examine what, if any, other cookies your browser has stored recently.
Consider the work you have done with the Web over the past week, and give a
rough estimate of the fraction of your Web-based work that has yielded cookies
on your computer.
This lab has highlighted some information transmitted to a Web server from
you browser whenever you access a Web page. Also, when cookies are
enabled, the Web server can record some data about you for future
reference. Of course, if you provide additional information about yourself
through a Web form (perhaps when you are making a purchase over the Web),
then a Web server will be able to link that personal data with your browser
and computer information. The use of that data naturally is left to the
discretion of those running the Web server.
Many institutions and companies state their privacy policies regarding any
data they collect.
summarizing this policy.
Find the privacy policies for at least three Internet Service Providers
(ISPs), such as America Online, MSN (the Microsoft Network), and a local
ISP that serves your town. You may want to use an Internet search engine
or surf the Web to locate these policies through Web documents for those
companies. Summarize this policy in a paragraph.
Work To Be Turned In
Descriptions for steps 2-4, 6-7, 9-14.
This laboratory exercise coordinates with Chapter 12 of Walker, Henry M.,
The Tao of
Computing: A Down-to-earth Approach to Computer Fluency, Jones and
created 30 December 2003
last revised 24 April 2006