Of late, there has been a lot of talk in the media about user re-targeting through unauthorized browser cookies that are unknown to the website serving the content. Ensuring users privacy and protecting our users from being re-targeted have always been high on the Edmunds radar. Cookie testing has always been an integral part of Testing practices at Edmunds for a while now. Every aspect of a cookie: content, date, name, domain, how it's set and when it's set are part of the test.
A few months ago, we revisited our test automation tools and libraries and realized we can very easily tweak them to comb through our website to scan for any unauthorized cookies. Some of the considerations we had in mind were:
1. We wanted the tool to be JavaScript enabled as many of the cookies are being set as a result of a javaScript event or action.
2. Since we work with many ad agencies and vendors, our list of approved vendors and domains is dynamic. We wanted the tool to be able to respect a list of trusted domains.
It did not take us long to come up with a scanner based on Selenium RC that we use for Web Testing at Edmunds. We have been using the tool for periodic scanning. We are happy the it has served the purpose well. We also presented it to the OPA several weeks back.
Now, that's not the only thing we are excited about. We have been working hard on cleaning up our code a little so that we can open-source the tool. Details of the source code, projects details are coming soon. Stay tuned!
No comments:
Post a Comment