[2373] in WWW Security List Archive
Undeliverable message
daemon@ATHENA.MIT.EDU (Electronic Postmaster)
Wed Jul 10 04:20:22 1996
Date: 10 Jul 96 01:53:53 EDT
From: Electronic Postmaster <POSTMASTER@compuserve.com>
To: <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Your message could not be delivered for the following reason:
Mailbox 75162.3375 is currently full.
Please resend your message at a later time.
--- Returned message ---
Sender: owner-www-security@ns2.rutgers.edu
Received: from ns2.rutgers.edu (ns2.rutgers.edu [128.6.21.2]) by arl-img-1.compuserve.com (8.6.10/5.950515)
id BAA23290; Wed, 10 Jul 1996 01:53:35 -0400
Received: (from daemon@localhost) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) id SAA06246 for www-security-outgoing; Tue, 9 Jul 1996 18:41:29 -0400
Received: from hp.com (hp.com [15.255.152.4]) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) with ESMTP id SAA06241 for <www-security@ns2.rutgers.edu>; Tue, 9 Jul 1996 18:41:28 -0400
Received: from hpfsvr01.cup.hp.com (allan.cup.hp.com) by hp.com with ESMTP
(1.37.109.16/15.5+ECS 3.3) id AA234862180; Tue, 9 Jul 1996 15:43:01 -0700
Received: from allan by hpfsvr01.cup.hp.com with SMTP
(1.37.109.15/15.5+IOS 3.20+cup+OMrelay) id AA139552158; Tue, 9 Jul 1996 15:42:38 -0700
Message-Id: <31E2E05C.6A37@cup.hp.com>
Date: Tue, 09 Jul 1996 15:42:37 -0700
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Reply-To: www-security@ns2.rutgers.edu
Organization: Hewlett-Packard Co.
X-Mailer: Mozilla 3.0b4 (X11; I; HP-UX A.09.05 9000/720)
Mime-Version: 1.0
To: www-security@ns2.rutgers.edu
Subject: Re: Smart Fine Print
References: <199607082007.NAA23638@netcom.netcom.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-www-security@ns2.rutgers.edu
Precedence: bulk
Errors-To: owner-www-security@ns2.rutgers.edu
Nick Szabo wrote:
>
> The main thing offensive about cookies and cookie sharing is not that these
> features link information about the user's usage patterns (some users care
> about this, some don't) but that they undertake this important
> activity without the user's knowledge or consent.
>
> For example:
>
> > And when you click on it, you go to the connected site via DoubleClick (I
> > think - do they use HTTP Status Code: Found 302 to redirect the browser?)
>
> Even many of us technically proficient people seem to be in the dark
> about this one; it is a well-hidden feature.
>
I went to Doubleclick and can't get them off my back. Every time I
exit they make a cookie and I don't even visit them anymore. Do they
map your domain or I.P. and then keep sending out some kind of signal?
After leaving them, closing Netscape and deleting cookie, I reloaded
Netscape and went about surfing, NOT going to any ads, and guess
what, doubleclick's cookie appeared! Their cookie has been pestering
me for 2 days now, and I'm determine to find out just how they do it.
It implies there's a way to put a cookie on any server out there
without their visiting you. If true then I could run a program that
cycles through everyone who is logged on in the whole wide world and
add their latest cookie file to my database.
> > Woohoo. Maybe I'll do that here to Australians :)
>
> This is not funny, it is offensive. Users may not usually be able to
> detect redirects, or find or trace their cookies, but the nature of the
> Internet community is such that users will at some point figure out
> that these pieces of smart fine print hidden inside their software
> have not been written in their interest. The result will not be
> intelligent use of software and services (for by hiding features
> important to the user we have worked against that), but a crude
> judgement -- that Internet software and services that use cookies
> are often duplicitous, designed for unscrupulous vendors rather than
> for end customers, and not to be trusted with either one's personal
> information or one's business. The big gains to be made from
> client-side persistence could be lost.
>
> Nick Szabo
> szabo@netcom.com
> http://www.best.com/~szabo/
I remember how a boss from way back in the late 70's told me how
he ``seeded'' mailing lists to get the best offers. He said you
send away for offers that fit a profile of someone who is ``upper
crust'' (it *also* helps to have a good demographic zipcode), and
consistently answer questionaires the right way etc. etc.. He
got the best free offers and freebies. A perfect cookie could
serve that purpose, you just copy it into your .netscape directory
and you get the best free offers as you surf the net. My point
being one has to question how much businesses will gain in the
long run from cookie technologies if anyone can seed their cookie
with whatever ``profile'' will get them where they want to go. It
cuts both ways. Thanks to the person who gave that tip on setting
my read-only attribute also.
Gene
--
___
| ._ _ ._ _.._ _ ``I do not fear computers
_|_| |(_|| (_|| | | I fear lack of them.'' -Isaac Asimov
_____ _| _______________________________________________________
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
[Signature lettering created by ``Figlet Ascii Font Converter''
http://mediacube.datacom.de/cgi-bin/moniteurs/figlet]
