Using cookies for data mining

[smurgler]

Hello,

I'm wondering if it is possible to use cookies for data mining on users that frequent my board.  I'm running SMF 2.0.13.

Essentially what I'd like to do is search for specific cookies that a user may have on their local machine.  For example let's say I think we have a problematic user that I know frequents the site xyz, and want to be able to identify which of our users are going there.  I know by checking my own cookies after visiting the site that they use a local storage cookie that calls out site xyz in particular.  This cookie doesn't age out like the session cookie, which is removed once the browser closes.

Is there any way on the SMF side to use the API to scan for cookies from another site?

Thanks,

Smurgler

[vbgamer45]

There is no way to do that for security reasons.

[smurgler]

So I could not custom script this? Given how Facebook, Amazon, and so on are able to track me between sites I wonder if there's a way but just isn't built in to SMF.  I'm just guessing at this point as I'm not a web developer, but session cookies seem like they could be read by anyone if scripted correctly.

Also, is there any legal implication to doing something like this?

[vbgamer45]

Noway to do it And would be illegal to do so.

[Kindred]

Exactly... unethical and illegal

[nend]

Not actually illegal depending on where your from, unethical, maybe.

First thing though is you must be able to place a payload at xyz site. With forum software linking a generated image which places the payload from your site is probably the best method. However since we are dealing with generated images a payload may not be necessary as you can just check the credentials of the request.

However in any matter you must be able to link some loaded resource, if you can't then it is practically impossible.

Main reason Amazon and Google are so successful at this is there are plenty of sites using their resources which gives them more opportunities to snoop around.

*edit
What I mentioned above may be a little misleading and doesn't actually read another's sites cookies as for security reasons on almost every browser this isn't possible. It merely gives a example where if your allowed on xyz site to hotlink a resource from your site then you can possibly observe that the user has visited xyz site.

Like mentioned above reading another sites cookies is illegal and unethical, sorry I must have skipped over that somehow, but if the webmaster has given you some sort of foothold to place resources on their site then you don't even have to do that to figure this out.

This is how Google, Facebook and the rest do it. Say for instance you visit a page, but webmaster doesn't have to be using AdSense in order for Google to figure you visited it. The page can be using a font, a hosted library such as jQuery and even Recaptcha in order for Google to figure out you have visited this page. Facebook may do this with their like buttons and site comment system.

In the end the webmaster must be using your resource or give you the opportunity to post your resource. This is why I mentioned images as it is the easiest one. With forum software you can hotlink an image from anywhere, however you'll only be able to see if the user has visited that post within xyz site and nothing more. If the user visits xyz site and never reads your post then your out of luck.

[florence000]

Exactly... unethical and illegal

Why is it illegal?

[Kindred]

Because, in many countries, collecting information on users for sites other than your own is outright illegal -- and even collecting information by cookie from users on your own site is questionable and requires a statement that you are doing so.

[Arantor]

Especially if you happen to have any EU users...