[2383] in WWW Security List Archive
Re: Smart Fine Print
daemon@ATHENA.MIT.EDU (Peter L. Wyatt)
Wed Jul 10 13:18:54 1996
Date: Wed, 10 Jul 1996 09:26:25 -0500 (CDT)
To: www-security@ns2.rutgers.edu
From: "Peter L. Wyatt" <wyatt@interaccess.com>
Errors-To: owner-www-security@ns2.rutgers.edu
At 03:42 PM 7/9/96 -0700, you wrote:
>Nick Szabo wrote:
>>
>> The main thing offensive about cookies and cookie sharing is not that these
>> features link information about the user's usage patterns (some users care
>> about this, some don't) but that they undertake this important
>> activity without the user's knowledge or consent.
>>
>> For example:
>>
>> > And when you click on it, you go to the connected site via DoubleClick (I
>> > think - do they use HTTP Status Code: Found 302 to redirect the browser?)
>>
>> Even many of us technically proficient people seem to be in the dark
>> about this one; it is a well-hidden feature.
>>
>
>I went to Doubleclick and can't get them off my back. Every time I
>exit they make a cookie and I don't even visit them anymore. Do they
>map your domain or I.P. and then keep sending out some kind of signal?
>After leaving them, closing Netscape and deleting cookie, I reloaded
>Netscape and went about surfing, NOT going to any ads, and guess
>what, doubleclick's cookie appeared! Their cookie has been pestering
>me for 2 days now, and I'm determine to find out just how they do it.
>
>It implies there's a way to put a cookie on any server out there
>without their visiting you. If true then I could run a program that
>cycles through everyone who is logged on in the whole wide world and
>add their latest cookie file to my database.
>
>> > Woohoo. Maybe I'll do that here to Australians :)
>>
>> This is not funny, it is offensive. Users may not usually be able to
>> detect redirects, or find or trace their cookies, but the nature of the
>> Internet community is such that users will at some point figure out
>> that these pieces of smart fine print hidden inside their software
>> have not been written in their interest. The result will not be
>> intelligent use of software and services (for by hiding features
>> important to the user we have worked against that), but a crude
>> judgement -- that Internet software and services that use cookies
>> are often duplicitous, designed for unscrupulous vendors rather than
>> for end customers, and not to be trusted with either one's personal
>> information or one's business. The big gains to be made from
>> client-side persistence could be lost.
>>
>> Nick Szabo
>> szabo@netcom.com
>> http://www.best.com/~szabo/
>
>I remember how a boss from way back in the late 70's told me how
>he ``seeded'' mailing lists to get the best offers. He said you
>send away for offers that fit a profile of someone who is ``upper
>crust'' (it *also* helps to have a good demographic zipcode), and
>consistently answer questionaires the right way etc. etc.. He
>got the best free offers and freebies. A perfect cookie could
>serve that purpose, you just copy it into your .netscape directory
>and you get the best free offers as you surf the net. My point
>being one has to question how much businesses will gain in the
>long run from cookie technologies if anyone can seed their cookie
>with whatever ``profile'' will get them where they want to go. It
>cuts both ways. Thanks to the person who gave that tip on setting
>my read-only attribute also.
>
>Gene
>
>--
>___
> | ._ _ ._ _.._ _ ``I do not fear computers
>_|_| |(_|| (_|| | | I fear lack of them.'' -Isaac Asimov
>_____ _| _______________________________________________________
>Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
> [Signature lettering created by ``Figlet Ascii Font Converter''
> http://mediacube.datacom.de/cgi-bin/moniteurs/figlet]
>
>
Peter L. Wyatt, MIMgt.
General Sales Manager
CYLINK CORPORATION
Wireless Communications Group
Tel #: 708-350-1206
Fax #: 708-350-0071
E-Mail: wyatt@interaccess.com
