[3819] in WWW Security List Archive
RE: Germany bans cookies! (and a whole lot more)
daemon@ATHENA.MIT.EDU (Jacob Rose)
Tue Dec 17 09:40:07 1996
Date: Tue, 17 Dec 1996 07:59:50 -0500 (EST)
From: Jacob Rose <jacob@whiteshell.com>
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Cc: "'John Anonymous MacDonald, a remailer node'" <nobody@cypherpunks.ca>,
"www-security@ns2.rutgers.edu" <www-security@ns2.rutgers.edu>
In-Reply-To: <01BBEB71.DB4FC310@crecy.ai.mit.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
I completely agree with this (below). I've proposed the following
solution once before, but I don't know if anyone thought it was a good
one, because nobody commented on it:
If cookies were only sent to a site when that site's URL was in the
"Location" window, no organization could hide links that send cookies to
them on a page. The only way for companies to aggregate information would
be if each of them asked for enough information to correlate
personal records. It couldn't be done nearly as effectively, it would be
significantly more work (particularly in convincing users to enter enough
unique information everywhere), and it couldn't be done without raising
user awareness. Cookies would be restricted to the site that the user is
aware of visiting.
I wholly agree that any company who wants to buy or sell any of my
personal information should by law be required to get my authorization
for each transaction, but at least this would keep the technology itself
from being "in on it."
> I think that it is reasonable for a content provider
> to be able to perform limited linkage over
> transactions performed by a Web site visitor. For
> example it seems reasonable to me for the content
> provider to know that users visit the home page,
> go to the headlines page, then sport and do business
> last. I don't think that it is reasonable for content
> provider A to be able to aggregate his database with
> content provider B, that makes it too easy for the
> content providers to compile lists of suspicious
> characters.
------------------------------------------------------------------------
Jacob Rose All you and I must agree upon is peace.
------------------------------------------------------------------------
