[2434] in WWW Security List Archive
Re: cookies and privacy
daemon@ATHENA.MIT.EDU (Dave Kristol)
Wed Jul 17 19:14:57 1996
Date: Tue, 16 Jul 96 12:45:51 EDT
From: dmk@allegra.att.com (Dave Kristol)
To: hfinney@shell.portal.com
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Hal Finney wrote:
> Consider changing the user interface so that we are not so much warned
> when cookies are received by the client, as given control over when they
> are sent. Don't send cookies automatically on every interaction. Only
> send them explicitly upon user request. For example, perhaps a shift
> click or some other modifier or mouse button is needed to send a cookie.
That would create a rather different mechanism from cookies. The
automatic response part of cookies is essential behavior for the kinds
of applications for which they were intended.
Dave Kristol
