[2358] in WWW Security List Archive
Re: Smart Fine Print
daemon@ATHENA.MIT.EDU (William Perry)
Tue Jul 9 11:35:32 1996
Date: Tue, 9 Jul 1996 06:25:38 -0700
From: William Perry <wmperry@spry.com>
To: Michael Brennen <mbrennen@fni.com>
Cc: Nick Szabo <szabo@netcom.com>, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.LNX.3.94.960709001720.9339m-100000@ns1.fni.com>
Reply-to: wmperry@spry.com
Errors-To: owner-www-security@ns2.rutgers.edu
Michael Brennen writes:
>On Mon, 8 Jul 1996, Nick Szabo wrote:
>
>> The main thing offensive about cookies and cookie sharing is not that these
>> features link information about the user's usage patterns (some users care
>> about this, some don't) but that they undertake this important
>> activity without the user's knowledge or consent.
>
><much deleted>
>
>On a DOS/Windows machine it is easy to prevent cookies before they ever
>turn into dough. :)
>
>Just edit the cookies.txt file to be empty (or delete it and touch it),
>then set the read only attribute on the file. I wish I could say this is
>cleverly ingenious of me, but it is not. I picked it up from someone
>else, and it works. I went to doubleclick.net and ran around -- with nary
>a cookie set. They may keep other info, but cookies seems rather critical
>to their scheme.
Most cookie implementations do not try to write to the cookies.txt file
until you _EXIT_ the application - they are still floating around in
internal storage and will be sent during THAT session.
-Bill P.
