When we enter "protocol, FTP protocol, Gopher protocol" in the browser address bar, it seems to be the product of the dinosaur era, and applications based on the above-mentioned ancient protocols have basically been replaced by applications based on HTTP protocol.
Compared with those old protocols, one advantage of HTTP protocol is its faster response speed to clients. This is due to its design as a connectionless and stateless protocol. The so-called connectionless stateless means that the Web server executing HTTP protocol closes the connection immediately after processing the client's request, and does not save the client's access status, which reduces the server's memory consumption and network bandwidth occupation, and correspondingly improves the server's work efficiency.
We can use a simulated life scene to understand their working mode. Suppose a group of customers go shopping in a store. For protocols such as POP3 and FTP, they arrange salespeople to provide one-on-one service for customers until the customers finally leave the store. If the number of salespeople is insufficient, other customers will have to wait. For the HTTP protocol, the shop assistant only appears when the customer needs to interact, and immediately runs to meet another customer's interaction request after a few words. Although the shop assistant is busy, even a few shop assistants can cope with many customers, which improves the work efficiency for the store.
Unfortunately, the salesman under the HTTP protocol is a face-blindness patient, and it treats every customer who asks about it as a new customer. This is different from the salespeople under POP3, FTP and other agreements. Those salespeople follow you from beginning to end. If you ask it, "How much is a catty of eggs?" It replied, "5 yuan a catty." You said, "Come 10 kg." It will answer, "OK, 10 Jin of eggs, you have it." Under the HTTP protocol, it is like this-you ask the salesman, "How much is a catty of eggs?" It replied, "5 yuan a catty." You said, "Come 10 kg." At this time, it will be puzzled: "Who are you? Come 10 Jin what? I don't remember you talking to me. " You: "..."
If the salesman under the HTTP protocol wants to handle the above situation well, he can only put a specific mark on you. For example, you can ask the salesman, "How much is this egg a catty?" It answers: "5 yuan a catty", and at the same time, it sticks a note on you "This person wants to buy eggs", so that when you say "Come 10 catty" to the shop assistant, it will hear you and see this note on you "This person wants to buy eggs", so it will naturally understand what you want to buy 10 catty.
From the perspective of Web site design, there are three common methods to mark the client computer to save the client access status: one is to add some information that is not displayed to the HTML page returned to the client, which will be sent to the server when the user clicks the button in the page to submit; Second, add some information to the link address of the HTML page returned to the client, and when you click these links, you will send the information back to the server. The third is the protagonist we are going to talk about today: Cookie technology.
The content in the Cookie is some additional information when the server returns the HTML page data to the client. After receiving this information, the client browser saves it in a specific folder on the computer to form a text file corresponding to the server domain name. The text files with special formats in these special files are called Cookies. When the browser visits the same server again, the last saved cookie content will be sent to the designated server at the same time.
Cookie is not mysterious, it appears to overcome the shortcomings of the first two of the three marking methods mentioned above. The validity period of the information saved in those methods is very uncertain: if the browser closes and the page disappears, the saved information is gone; If the user saves the page on the computer with the "Save As" function of the browser, the saved information will be permanent, and the validity period of the information saved in the Cookie can be specified by the server. In addition, the information saved when visiting the A page of the website may also be useful on the B page, and it is impossible for them to enjoy it with the first method; Although the second method can enjoy information across pages or even servers, a more serious problem is that the amount of data that can be transmitted is too small. However, in the final analysis, which method the server uses to mark the client is the result of self-selection after integrating various factors in website design. As users, objectively speaking, we can only passively accept their design unless you don't use their services or are willing to accept the confusion and trouble caused by the unmarked client.
Similarly, what information the server saves when the client is tagged is also determined when the website is designed. What the website does with this information is impossible for the user to know, and the user has to passively accept it. This has nothing to do with using Cookie technology, as long as the server needs to mark the client. As users, we can only choose those websites that have a good reputation and are considerate of users' privacy protection. For those small websites that are unknown and messy, we should stay away from them. In addition, we can also empty Cookie when we exit the browser, which has no big harm except that it is a little more troublesome to visit the website again, just like we can remove the note that the salesperson stuck on our body after we leave the store-unless you want the salesperson to recognize those marks after entering the store next time.
Now there is a kind of thing called "third-party Cookie", which is not essentially different from the so-called "first-party Cookie", except that it is created by the code of the third-party website loaded in the website you visit ("first-party website"), and the domain name in the Cookie points to the domain name of the third-party website, and the information in the Cookie will be returned to the third-party website. For example, if you go to a store, the shop assistant there will not only leave the mark of his own store on you, but also help B store to mark you, so that when you go to B store, its shop assistant can recognize the mark that has been marked on you. Third-party Cookies are the favorite of online advertising companies, because they can add their own codes to user-intensive websites, so as to obtain the information they need. Theoretically, its security is the same as that of the "first-party Cookie". However, when the first-party website cooperates with the third-party website, it has no control over the cookies of the third-party website, but our trust in the first-party website is automatically transferred to the third-party website, which creates a hidden danger in privacy protection. However, at present, mainstream browsers provide the option of accepting third-party cookies in Settings, and more and more browsers will prohibit accepting third-party cookies by default.
Then, can Cookie technology be used to "grasp 90% of the users in the country" as they boasted when they made an unannounced visit to the advertising sales staff at the 315 party? Is he male or female, age, status and education level, including your email registration, including your registration to participate in a certain category lottery? You can know everything after you get the cookie, including your mobile phone and computer?
Theoretically, this information can be stored in cookies, but accurate personal information such as gender, age, QQ number, etc. can't appear in cookies out of thin air except that you submit it to the website and the website records it in cookies. However, formally designed websites generally don't save this information in cookies (as soon as users empty cookies, they are most likely to save it in their own databases, and at most one associated identification number is saved in cookies.
Of course, information such as hobbies, annual income, Internet surfing, etc. may be obtained through cookies, but the method of obtaining it is not to read directly from cookies, but to associate the client with a series of access events through cookies and obtain it by data mining. For example, a third-party website can infer that I like astronomy by discovering through Cookie that the browser of my computer has visited many pages related to astronomy in a portal website. It's just that the conclusion is very inaccurate. What if my friend used my computer to visit these pages? Not to mention that we can interfere with its data mining process and conclusion by clearing Cookie. It's just that advertisers don't pay much attention to the accuracy of the analysis conclusions. They just need to ensure that their advertisements can cover specific groups. "It's better to kill thousands of people by mistake than let one person escape."
Speaking of this, it is necessary to remind netizens that although cookies stored on their computers are safe, once cookies are intercepted and uploaded by rogue software, the consequences will be disastrous.
On February 20 13 1 day, the national standard "Guidelines for Personal Information Protection of Information Security Technology and Commercial Service Information Systems" was officially implemented, which is an important progress in the field of personal privacy protection in China. For a long time, there has been a serious shortage of personal privacy protection in China. A considerable number of netizens don't care about it. They think that only celebrities and big people need to protect their personal privacy. This misconception has made their own computer portals open and rogue software popular. At the same time, a large number of netizens' personal data have been used by phishing websites and collected and sold by small and medium-sized websites. I sincerely hope that the majority of netizens can pay attention to this issue from now on and protect their personal privacy from illegal infringement.
(Author: flying midges)