[2452] in WWW Security List Archive
Re: cookies and privacy
daemon@ATHENA.MIT.EDU (Seth I. Rich)
Thu Jul 18 12:35:46 1996
Date: Thu, 18 Jul 1996 09:35:47 -0400
To: dmk@allegra.att.com (Dave Kristol), hfinney@shell.portal.com
From: "Seth I. Rich" <seth@hygnet.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
dmk@allegra.att.com (Dave Kristol)
responds to hfinney@shell.portal.com (Hal Finney)
> > Consider changing the user interface so that we are not so much warned
> > when cookies are received by the client, as given control over when they
> > are sent. Don't send cookies automatically on every interaction. Only
> > send them explicitly upon user request. For example, perhaps a shift
> > click or some other modifier or mouse button is needed to send a cookie.
>That would create a rather different mechanism from cookies. The
>automatic response part of cookies is essential behavior for the kinds
>of applications for which they were intended.
It is more important that users have control, IMO. Web developers should be
smart enough to deal with potentially incomplete data -- that's one of the
first things any programmer has to learn, is to verify the data one's using.
(Of course, since so many web developers only a few months ago were bankers
or some such, maybe this is expecting too much.)
Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet (pbeilard@direct.ca)
Rabbits on walls, no problem.
