{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2011:XWMNDNOLTT4PYJPWSISUP52XZQ","short_pith_number":"pith:XWMNDNOL","schema_version":"1.0","canonical_sha256":"bd98d1b5cb9cf8fc25f6922547f757cc359ede7b2e5926f3435a226c7969ee21","source":{"kind":"arxiv","id":"1108.5864","version":1},"attestation_state":"computed","paper":{"title":"Show Me Your Cookie And I Will Tell You Who You Are","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Vincent Toubiana, Vincent Verdot","submitted_at":"2011-08-30T08:09:13Z","abstract_excerpt":"With the success of Web applications, most of our data is now stored on various third-party servers where they are processed to deliver personalized services. Naturally we must be authenticated to access this personal information, but the use of personalized services only restricted by identification could indirectly and silently leak sensitive data. We analyzed Google Web Search access mechanisms and found that the current policy applied to session cookies could be used to retrieve users' personal data. We describe an attack scheme leveraging the search personalization (based on the same SID "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1108.5864","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2011-08-30T08:09:13Z","cross_cats_sorted":[],"title_canon_sha256":"62168a422a37a2928798fbadbb3a5ff4d3ff389ee74bd64ad64fad36204e2f3a","abstract_canon_sha256":"6234732fe410bfac87c053862edeb09ef41f99677b3b3839b898b88240e49b12"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T04:14:28.362238Z","signature_b64":"h734zeyhSfSpEpxU+r7TbOQTGcyeVuIiTdi0XHR3g4JdwbzW15fFc1S11dyZqs9Wnc38tI8YLjNbBbGQRxbxBQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"bd98d1b5cb9cf8fc25f6922547f757cc359ede7b2e5926f3435a226c7969ee21","last_reissued_at":"2026-05-18T04:14:28.361713Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T04:14:28.361713Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Show Me Your Cookie And I Will Tell You Who You Are","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Vincent Toubiana, Vincent Verdot","submitted_at":"2011-08-30T08:09:13Z","abstract_excerpt":"With the success of Web applications, most of our data is now stored on various third-party servers where they are processed to deliver personalized services. Naturally we must be authenticated to access this personal information, but the use of personalized services only restricted by identification could indirectly and silently leak sensitive data. We analyzed Google Web Search access mechanisms and found that the current policy applied to session cookies could be used to retrieve users' personal data. We describe an attack scheme leveraging the search personalization (based on the same SID "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1108.5864","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1108.5864","created_at":"2026-05-18T04:14:28.361787+00:00"},{"alias_kind":"arxiv_version","alias_value":"1108.5864v1","created_at":"2026-05-18T04:14:28.361787+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1108.5864","created_at":"2026-05-18T04:14:28.361787+00:00"},{"alias_kind":"pith_short_12","alias_value":"XWMNDNOLTT4P","created_at":"2026-05-18T12:26:47.523578+00:00"},{"alias_kind":"pith_short_16","alias_value":"XWMNDNOLTT4PYJPW","created_at":"2026-05-18T12:26:47.523578+00:00"},{"alias_kind":"pith_short_8","alias_value":"XWMNDNOL","created_at":"2026-05-18T12:26:47.523578+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ","json":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ.json","graph_json":"https://pith.science/api/pith-number/XWMNDNOLTT4PYJPWSISUP52XZQ/graph.json","events_json":"https://pith.science/api/pith-number/XWMNDNOLTT4PYJPWSISUP52XZQ/events.json","paper":"https://pith.science/paper/XWMNDNOL"},"agent_actions":{"view_html":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ","download_json":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ.json","view_paper":"https://pith.science/paper/XWMNDNOL","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1108.5864&json=true","fetch_graph":"https://pith.science/api/pith-number/XWMNDNOLTT4PYJPWSISUP52XZQ/graph.json","fetch_events":"https://pith.science/api/pith-number/XWMNDNOLTT4PYJPWSISUP52XZQ/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ/action/timestamp_anchor","attest_storage":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ/action/storage_attestation","attest_author":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ/action/author_attestation","sign_citation":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ/action/citation_signature","submit_replication":"https://pith.science/pith/XWMNDNOLTT4PYJPWSISUP52XZQ/action/replication_record"}},"created_at":"2026-05-18T04:14:28.361787+00:00","updated_at":"2026-05-18T04:14:28.361787+00:00"}