Friday, July 13, 2007

Party cookie - GA a virtual first party

pencil icon, that"s clickable to start editing the post

User tracking depend on using cookies as i touched on in Party cookies - web analytics. For my own blog i use Google Analytics (GA), since i wanted to have an idea about visits to my blog, and since I then had choosen blogger/google i just continued with the pure shop idea (Single Sign-On among others) and that it didn't cost any thing (as in money). To have a closer look i changed my cookie settings in Firefox to ask me every time, and waouv there's a lot more serving cookies than i thought. I'm normally very relaxed about cookies and gladly use the service of persistent cookies to ease login, so i hadn't really looked at it for some time. Here's how a visit to my blog goes cookie wise.

First is a .blogger.com (from www2.blogger.com) cookie:

and as a fact www2.blogger.com does not have an A record, but an CNAME to blogger.l.google.com

dig www2.blogger.com

; <<>> DiG 9.3.4 <<>> www2.blogger.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29868
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;www2.blogger.com.              IN      A

;; ANSWER SECTION:
www2.blogger.com.       1689    IN      CNAME   blogger.l.google.com.
blogger.l.google.com.   184     IN      A       72.14.221.191

;; AUTHORITY SECTION:
l.google.com.           46533   IN      NS      b.l.google.com.
l.google.com.           46533   IN      NS      e.l.google.com.
l.google.com.           46533   IN      NS      f.l.google.com.
l.google.com.           46533   IN      NS      a.l.google.com.
l.google.com.           46533   IN      NS      d.l.google.com.
l.google.com.           46533   IN      NS      c.l.google.com.
l.google.com.           46533   IN      NS      g.l.google.com.

;; ADDITIONAL SECTION:
a.l.google.com.         85267   IN      A       209.85.139.9
b.l.google.com.         29215   IN      A       64.233.179.9
c.l.google.com.         29293   IN      A       64.233.161.9
g.l.google.com.         28956   IN      A       64.233.167.9
f.l.google.com.         86263   IN      A       72.14.235.9
e.l.google.com.         28956   IN      A       209.85.137.9
d.l.google.com.         29215   IN      A       66.249.93.9

;; Query time: 14 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Jul 12 21:15:35 2007
;; MSG SIZE  rcvd: 305
and then no less than four GA cookie's from .blog.sweetxml.org (from blog.sweetxml.org):

and blog.sweetxml.org has a CNAME as well to ghs.google.com which again has a CNAME to ghs.l.google.com:
dig blog.sweetxml.org

; <<>> DiG 9.3.4 <<>> blog.sweetxml.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63018
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;blog.sweetxml.org.             IN      A

;; ANSWER SECTION:
blog.sweetxml.org.      40733   IN      CNAME   ghs.google.com.
ghs.google.com.         548066  IN      CNAME   ghs.l.google.com.
ghs.l.google.com.       26      IN      A       72.14.207.121

;; AUTHORITY SECTION:
l.google.com.           46380   IN      NS      a.l.google.com.
l.google.com.           46380   IN      NS      f.l.google.com.
l.google.com.           46380   IN      NS      c.l.google.com.
l.google.com.           46380   IN      NS      d.l.google.com.
l.google.com.           46380   IN      NS      e.l.google.com.
l.google.com.           46380   IN      NS      g.l.google.com.
l.google.com.           46380   IN      NS      b.l.google.com.

;; ADDITIONAL SECTION:
a.l.google.com.         85114   IN      A       209.85.139.9
b.l.google.com.         29062   IN      A       64.233.179.9
c.l.google.com.         29140   IN      A       64.233.161.9
g.l.google.com.         28803   IN      A       64.233.167.9
f.l.google.com.         86110   IN      A       72.14.235.9
e.l.google.com.         28803   IN      A       209.85.137.9
d.l.google.com.         29062   IN      A       66.249.93.9

;; Query time: 18 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Jul 12 21:18:08 2007
;; MSG SIZE  rcvd: 323

How the h... does the user tracking cookie for GA come from blog.sweetxml.org? I'm no Javascript Whizz but it must come from the referenced JavaScript in:

<script src='http://www.google-analytics.com/urchin.js' type='text/javascript'>
</script>
<script type='text/javascript'>
_uacct = "UA-1555577-1";
urchinTracker();
</script>

Fetching http://www.google-analytics.com/urchin.js with WGet gives:

wget -S http://www.google-analytics.com/urchin.js
--21:06:01--  http://www.google-analytics.com/urchin.js
Resolving www.google-analytics.com... 64.233.183.147, 64.233.183.99, 64.233.183.104, ...
Connecting to www.google-analytics.com|64.233.183.147|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.0 200 OK
  Cache-Control: max-age=604800, public
  Content-Type: text/javascript
  Last-Modified: Mon, 18 Jun 2007 22:44:25 GMT
  Server: ucfe
  Content-Length: 21089
  Date: Thu, 12 Jul 2007 19:06:01 GMT
  Connection: Keep-Alive
Length: 21089 (21K) [text/javascript]
Saving to: `urchin.js'

I do know that cookies can be set and read through JavaScript, but it would be interesting to know what goes on in those 21K.

3 comments :

Dennis said...

I believe your cookie content is derived from the uacct #. I thought that this content identified my computer, but since I have the same content as you do, it is obvious that the website is being identified.

Sweetxml said...
This comment has been removed by the author.
Sweetxml said...

Hi Dennis

I'm not sure that I follow you, but I guess you are referring to:

_uacct = "UA-1555577-1";

and that does identify the website being tracked, and you get it when you create a GA account/site.

Brgds Brian