[5331] in bugtraq
Re: IE4 and channels
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Fri Oct 3 02:07:21 1997
Date: Thu, 2 Oct 1997 22:42:43 -0400
Reply-To: "hallam@ai.mit.edu" <hallam@ai.mit.edu>
From: Phillip Hallam-Baker <hallam@AI.MIT.EDU>
X-To: "Jonathan.Cargille@CyberSafe.COM"
<Jonathan.Cargille@CyberSafe.COM>
To: BUGTRAQ@NETSPACE.ORG
On Thursday, October 02, 1997 2:14 PM, Jon Cargille [SMTP:jonathan.cargille@CyberSafe.COM] wrote:
> The only real question is whether the the logs that are uploaded also
> reveal your IP addr, and I don't know the answer to that question.
> The "Extended Log File Format [W3C-WD-logfile]" that IE uses for the
> logs certainly _supports_ client ip-addr as one of the fields in the
> log, but is by no means a _required_ field. So, the logs that are
> being uploaded may be innocuous in that regard (I haven't checked).
> If not, that would be an issue.
I wrote the W3C logfile draft, if you look at the archives you will note it
has two sisters, a session ID draft and a logfile exchange scheme
for demographic data.
The drafts were written after a conference on demographic data for
the explicit purpose of facilitating limited exchange of information
to facillitate payment for content.
The reason why I was concerned is that without such schemes sites
are forced to use cache busting techniques to increas their income,
they cannot know how many exposures they get through a cache
so they bust it. To do otherwise costs them income - hard to justify
if like all online content you are loosing money.
I'm fully aware of the privacy issues etc and I believe that in the long
term P3 will be a big advance for everyone. The problem I had to deal
with was very short term however. - it still took almost 2 years for
this to reach product, the development of the Web moves at a glacial
pace.
If Microsoft are uploading a field I would hope it would be the
statistically unique session Id I describe. This is unique for each
site but does not need stupid cookies to track a person through
a site. The cookies are cryptographically formed making it
impossible to correlate them across site except by exporting
them through a URL of some sort.
Phill