[2435] in WWW Security List Archive
Re:- cookies and privacy
daemon@ATHENA.MIT.EDU (Rob Hartill)
Wed Jul 17 19:51:47 1996
From: Rob Hartill <hartill@ooo.lanl.gov>
To: www-security@ns2.rutgers.edu
Date: Wed, 17 Jul 96 15:16:26 MDT
Cc: jpp@software.net
In-Reply-To: <2.2.32.19960717171709.00d8c380@mail.software.net>; from "John Pettitt" at Jul 17, 96 10:17 am
Reply-To: hartill@lanl.gov
Errors-To: owner-www-security@ns2.rutgers.edu
> Here is how the doubleclick thing works (I suggest it to them).
some of this is clearly wrong.
> 2) they send you the ad graphic with a cookie.
doubleclick do not use cookies. Check your cookie file or ask
Netscape (etc) to notify you when cookies are being set.
> The reason for the cookie is so that they know *which* as graphic they
> gave you (since the url on the image points to a standard location).
They use URLs to do this. The URLs (can) contain random numbers that
tie an ad GIF to an advertiser. Look at some doubleclick advertising
sites and you'll see (e.g. a subset of us.imdb.com's ads are doubleclick)
> When you click the image your browser returns the cookie and they use
> it to figure which ad you saw and where to send you.
doubleclick doesn't do that.
> We do exactly the same thing with our ads on the cwsapps list.
As more people work out how to disable cookies, you'll find this method
will fail more. I now reject all cookies unless I see that I need them.
If you start collecting information on me, I see it straight away and
reject the cookie.
[Netscape 3 (maybe earlier versions too).. look under
Options/Networks/Protocols to toggle automatic cookie acceptance]
rob
--
Java ... the world's first machine independent virus.
