[2411] in WWW Security List Archive
Re: cookies and privacy
daemon@ATHENA.MIT.EDU (Jacob Rose)
Tue Jul 16 14:31:16 1996
Date: Tue, 16 Jul 1996 12:25:02 -0400 (EDT)
From: Jacob Rose <jacob@whiteshell.com>
To: Dave Kristol <dmk@allegra.att.com>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <9607152109.AA07921@zp.tempo.att.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Why not limit Netscape such that it will only send cookies to the user's
"apparent site" - the one in the URL? That way, inline imagery that is
"off-site" won't be able to trigger cookies, and the user will know who
is receiving them; it wouldn't prevent people from collecting personal
data about users, but it would definitely make it hard to correlate.
This seems to me rather an obvious solution; are there any legitimate
quibbles with it?
Jacob Rose "The truth is where the sculptor's
jacob@whiteshell.com chisel chipped away the lie."
