Slashdot Mirror
Death of Cookies, Spyware Greatly Exaggerated?
securitas writes "The New York Times' Bob Tedeschi interviews several Internet marketing leaders who debate recent reports that Internet users are deleting cookies en masse and causing serious problems for advertisers. Among the interviewed is Eric Peterson, co-author of the Jupiter Research report that claims 39 percent of Internet users delete cookies. Slashdot has recently had stories about this supposed trend in June and July. A shorter version of the article at IHT. Who is telling the truth and who is deleting cookies? Are you?"
Mozilla/Firefox can. Just tell it to set all cookies as session cookies.
The Tao of math: The numbers you can count are not the real numbers.
Yeah... The same worry-free experience while still allowing cookies where you want them can be set up in Firefox like this:
:-/
To allow new cookies
(when visiting new forums, etc)
- Allow sites to set cookies = on
- Keep cookies = ask me every time (when asked, obviously don't accept the ad cookies, to 99% easily identifiable)
To allow modifications to cookies earlier allowed to be set, and block the rest
(the by far most common and dialog-free setting)
- Allow sites to set cookies = off
^--- This configuration works, because that setting does not disable cookie usage to 100%, but still keep cookies you've allowed before to be both read and modified. You can review which those are later via "View Cookies". I always thought Firefox documented this behavior poorly in the dialog.
If something slipped in by you allowing too much, simply remove the cookies from the whitelist at "View Cookies" in Firefox. Cookies either not listed, or listed as "block" will be blocked by Firefox with "allow sites to set cookies = off", and the others listed as "allow" will always be allowed despite this setting.
Beware: In C++, your friends can see your privates!
Cookies aren't evil. They are just misused, and misunderstood.
There's nothing wrong with using cookies to prevent me from having to logon to Slashdot 10 times a day. And there is nothing wrong with cookies telling Amazon.com that people who buy Movie X also like to buy Book Y. That is useful anonymous marketing information. I actually LIKE it when Amazon recommends things to me, because they are usually right!
The problem is when the cookie stays around for days and you never get a login prompt: that's a security problem. Or when marketers build long-term profiles on you, then try to grab identifying information from other sites you use.
I have Mozilla set to delete cookies every day, which seems to be the best balance. (Firefox unfortunately does not have this option).
Here's what I do.
/. so I don't have to log in everytime.
Get Firefox to turn ALL cookies into session cookies by deleting them "when I close Firefox" in options.
Then make exceptions for the sites you want to track you. I do this for
From the article;
This anticookie fervor also hurts the deleters, she says. For example, cookies help a computer limit how many times the user is exposed to annoying ads like a floating, animated message. Since when should you trust a site not to annoy you with ads, block popups and use Adblock and Flashblock.
"...So cookies are a really good thing for managing the user's experience," she said." If this was true, we'd all be installing adware on our computers to deliver 'interesting relevant and targetted' advertising to enrich our web experiences wouldn't we? Bah!
increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.
t tacks
For session tracking, cookies are now the standard, but there are other security precautions that can only accomplished by including a unique ID in every form.
Go read up about "session riding" or "cross-site request forgery". For example:
http://shiflett.org/articles/foiling-cross-site-a
See the code sample near the end of the page, under "Force the use of your own HTML forms".
where there's fish, there's cats
But then you are depending on those with money to share content. I worked with a site for a video game mod last year. Great site, no adds, wonderful content (and mod files sizes in the magnitude of Megs). Worked off of donations, a few bucks here, a few bucks there would cover the bandwidth needs. After a while, the site's popularity grew, some links from other very popular sites to this site drove the bandwidth and server load through the roof. The site admin bumped the server to a tougher server, which could handle it, and eventually the guy running the site had to pay for a much higher end hosting solution and bandwidth. That shot his relatively low bandwidth bill to way beyond that of what a part time pet project could justify. He started enforcing free registration, and added google adds, which helped, but the cost of thousands apon thousands of users downloading multiple files from 1 meg to 50 megs was extremely costly, even with 3 mirrors. He added more advertising to help cover the cost. And the site is still up today.
Acording to your point of view, he should not have taken any advertising, because it would push people away from his site, but had he not taken any advertisment, his site would be perpetually unreachable until no one visted it due to it's instability.
Advertising, whether you like it or not, is what allows people with limited budgets to maintain high bandwidth publications.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs