[2403] in WWW Security List Archive
Re: cookies and privacy
daemon@ATHENA.MIT.EDU (Paul Phillips)
Tue Jul 16 02:03:15 1996
Date: Mon, 15 Jul 1996 20:25:43 -0700 (PDT)
From: Paul Phillips <paulp@cerf.net>
To: Dave Kristol <dmk@allegra.att.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <9607152109.AA07921@zp.tempo.att.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Mon, 15 Jul 1996, Dave Kristol wrote:
> 4) We acknowledge that the rules in the I-D can be circumvented. But we
> believe that users will, when they note them, call attention to violations,
> just as they have commented unfavorably on DoubleClick. We think such
> policing by public exposure is the most effective deterrent.
I hope you mean that "policing by public exposure" is the most effective
deterrent in light of the warts in the existing implementation, rather than
the most effective deterrent you can think of. The efficacy of the threat
of poor publicity is of questionable usefulness on the net; witness what
effect it has had on Usenet spamming (none.)
What percentage of the web-using population do you suppose has even the
foggiest idea who DoubleClick is, and of those, how many accurately
understand what it is that they did, and to what extent it poses a threat
to their personal information? Vanishingly few. This is not the sort of
atmosphere where public opinion is an effective or just tool for deterring
unethical behavior.
--
Paul Phillips | "Click _here_ if you do not
<URL:mailto:paulp@cerf.net> | have a graphical browser"
<URL:http://www.cerf.net/~paulp/> | -- Canter and Siegel, on
<URL:pots://+1-206-447-1595/is/paul/there?> | their short-lived web site
