March 12

Let's see what you have for flask mini projects ...

Your PHP work suggests that the connections and data flow between html pages, forms, handlers, cookies, sessions, and databases isn't clear to most of you yet.

We should use the firefox dev tools (or something similar) to make sure you all see what gets stored where, and when and how that happens. Flask does some of this for you ... but you still need to understand what's going on.

Next steps :

1. Can we type something into your web pages (or other people's web pages) that contains code (js, html, sql, ...) that escapes from the its "favorite color" box?

2. Take a deeper look at how cookies, ads, and 3rd-party privacy issues all works.

Readings!

First, the basics of web servers and what they're doing :

• MDN: learn server side

Second, google and read about cookies, tracking, add blockers, and all that. A few places to read are :

• wikipedia: web tracking
• privacy.net : cookies and tracking
• internetsafety - understanding browser tracking
• mozilla anti-tracking policy
• TrackingTheTrackers | hackernews discussion
• CNAME Cloaking, the dangerous disguise of third-party trackers | hn

What is

• an adblocker? How do they work?
• google analytics
• a "DNS sinkhole"? How is that related?

Dig in and find a specific example of a tracking cookie, using whatever browser and developer tools you like. Something like "when I visit bigstore.com, in addition to its big_store_cookie it loads adds from trackercompany.com and sets tracker_cookie". Find the specific sites and cookies involved. How could (a) a browser add-on AdBlocker or (b) a home router DNS sinkhole change this behavior?

related

• pi-hole.net | hackernews discussion