Since the invention of Web browser cookies by Netscape, the claim has always been made that they are anonymous and cannot be associated with any personal information unless someone provides this information. In this write-up, I will present a technique in which browser cookies can be matched to Email addresses without people's knowledge. The technique relies on a security hole that is present in both Microsoft's Internet Explorer browser and Netscape's Navigator browser. This technique can be used, for example, to allow a banner ad company to associate an Email address with a "anonymous" profile that has been created for a person as they surf the Web.
47f14da3aa9f1689692f108845fad8b6b3d627c6b65c81714e5d0d58b19318f8