[2438] in WWW Security List Archive
Re: cookies and privacy
daemon@ATHENA.MIT.EDU (Michael Brennen)
Wed Jul 17 20:41:12 1996
Date: Wed, 17 Jul 1996 17:12:00 -0500 (CDT)
From: Michael Brennen <mbrennen@fni.com>
Reply-To: Michael Brennen <mbrennen@fni.com>
To: www-security@ns2.rutgers.edu
In-Reply-To: <v01530500ae113fbc537c@[192.0.3.1]>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 16 Jul 1996, Dave Kristol wrote:
> Paul Phillips wrote:
> >What percentage of the web-using population do you suppose has even the
> >foggiest idea who DoubleClick is, and of those, how many accurately
> >understand what it is that they did, and to what extent it poses a threat
> >to their personal information? Vanishingly few. This is not the sort of
> >atmosphere where public opinion is an effective or just tool for deterring
> >unethical behavior.
>
> No doubt few users know about DoubleClick, and no doubt they have little
> understanding about cookies. But people consistently *claim* they care
> about privacy (behavior notwithstanding), and I believe if various media
> tell them their privacy is being invaded by these things called "cookies",
> they will express concern. While some of the news reports have misstated
> the true threat, they do usefully raise people's consciousness, and that
> can mobilize public opinion.
True enough, but IMO to really affect the broader public it will take a
media scare to bring about radical change. The issues with Netscape
leaking email names a few months ago was widely known enough that NS had
to back off a previous "neat feature" and classify it as a
"privacy/security hole". NS just didn't see the side effects on that one,
and in some fairness to them I can understand that.
Also, the audience that responded to this was very Internet aware and
didn't like email addresses being handed out gratuitously. Netscape had
much to lose on this one.
doubleclick won't work the same way. They are not selling a product that
people won't buy if they react against it. The sites that hook up with
doubleclick are enquiring minds that want to know as much as they can.
I wonder if collecting marketing data isn't perceived so differently that
the larger national media will pass on it. After all, they are in the
marketing game themselves and dearly love to collect all kinds of things
about their subscribers / viewers / readers / audience. They probably wish
they could collect as much as doubleclick.
Someone sneaking an email address from a browser is a specific act on a
specific piece of personal information, and people react to that because
it is clearly a privacy issue. doubleclick's information collection,
though potentially far more complete, is not perceived the same way. If
the media doesn't pick up on this, who will? Those that are Internet
aware will get around it; the majority just won't know and may not care.
Have I overlooked something? Somebody take a swipe at this and prove me
wrong -- PLEASE! Yes, there are reasonable uses of cookies, but until I
figure a way around doubleclick the readonly addtribute is still set on
cookies.txt.
-- Michael
