Slashdot Mirror
Death of Cookies, Spyware Greatly Exaggerated?
securitas writes "The New York Times' Bob Tedeschi interviews several Internet marketing leaders who debate recent reports that Internet users are deleting cookies en masse and causing serious problems for advertisers. Among the interviewed is Eric Peterson, co-author of the Jupiter Research report that claims 39 percent of Internet users delete cookies. Slashdot has recently had stories about this supposed trend in June and July. A shorter version of the article at IHT. Who is telling the truth and who is deleting cookies? Are you?"
[...]who is deleting cookies? Are you?
Routinely and automatically. I don't need any help in remembering my ID, password, or credit card number, thank you. And I don't want any company tracking my every move on the net just so they can turn around and sell information about my personal habits, whatever those habits may be.
Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.
The NSA: The only part of the US government that actually listens.
If 40 % of the market is deleting their cookies (no doubt as part of a regular anti spyware cleaning) that's a problem no matter what spin you put on it.
Thalasar
FireFox deletes cookies automatically for me, whenever they "expire" (whatever that means).
Cookies are delicious delicacies.
I simply deleted all my cookies, visited every site I *want* a cookie from and then set my cookies to be read-only. Worry-free AND all the benefits of good cookies!
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
... because I already don't let the browser set them.
Does the advertising industry also "lose" money because it cannot track if I am watching their ads on TV?
The Tao of math: The numbers you can count are not the real numbers.
I have been recently making it so that every site that I goto it pops up and I can accept or reject the cookie. Initially it was terrible but after some time I have found that most sites are no longer popping up the cookie information. If the site does not work I put on a allow per session within Firefox.
My XP machines (all Pro) have a shutdown script that purges all cooties that both IE and the OS keep squirreled away for no apparant reason.
Too bad the browsers can't purge all accumulated cookies upon closing the browser window...
I don't mind logging in each time I use a machine, so why would I mind logging in to websites that I frequent?
Visualize Whirled P.'s
I'm not deleting cookies. They're pretty useful. They remember stuff for me. The fact that they've gotten a bad name is mainly because a lot of win32 antispywareprograms identifies them as such.
Underholdning.info
Cookies are a sometimes food.
The Tools Of Ignorance wanna be a tool?
The "Allow Cookies For Session", along with the Allow Persistent Cookie Exceptions in Firefox solve all my problems. Along with AdBlock and BugMeNot.
I guess that makes me a bad person.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
I'm sorry, but I've got your domains completely blacklisted. So no, not deleting your cookies, just not telling you anything. :)
Delete? Just deny them in the first place, Firefox + Adblock extension!
Shame on me for controlling the content I receive, I guess.
The opinion above is fiction. Any similarity to real opinions, including facts and logic, is purely coincidental.
http://www.msnbc.msn.com/id/7421924/
I set my settings in my browser to ask before saving a cookie, most I deny but some, for example, logins I allow. You'd be amased how many websites set a cookie every time you visit their website and how many times. Advertisments are the worst, because they always set several cookies per advert but now I've go into the trend of just blocking whole domains, I hate the feeling that some body is sitting at a computer monitoring how many different people are seeing his adverts/
I delete my cache regularly. Advertisers can take a hike.
Java Oracle Linux Enthusiast
But not because of security concenns, it is mostly because I have got into a nervous habit of clearing my cache and cookies every day.
A few months ago this was a different story, seeing about 400MB of cache/cookies taking up around a gig on the hdd because the files were so small changed it; and I dont mind having to re-login to sites every time, it means I am less likely to forget my various passwords!
I have Firefox setup to delete cookies on exit. Also, it only accepts cookies from originating site as well. Remind me why I should KEEP cookies again? Oh I know.. it's probably for Amazon to start charging me more because I'm "loyal" customer!
The article is mentions the rise of anti-spyware and how it usually cleans up suspect cookies.
From my experience with average users, clients, co-workers and family, most users have no clue what the anti-spyware is actually doing, they just follow along blindly. Personally I think this a great improvement over the truely clueless who don't practice safe browsing of any sort.
XML is a known as a key material required to create SMD: Software of Mass Destruction
But I could use a wee bit less of ad bombardment and a little bit more of privacy . . . utopic as it may sound nowadays
"So cookies are a really good thing for managing the user's experience" says a USA Today markedroid.
Clueless. Absolutly clueless. This goes straight to the heart of the matter. They can't understand why people don't want their 'experience managed'.
I can manage my own goddamned experience, thanks anyway. Keep your filthy paws offa me.
Mod down people who tell people how to mod in their sigs
I don't allow cookies in the first place; that kind of obviates the need to delete them.
I accept cookies from about 10 sites (and yes...slashdot is one of them). And even those get deleted when I close firefox!
When I set up others' computers, I only allow cookies from the orinating website, so that cuts down on cookie retention as well.
No one needs to track me!
--LWM
Use a ramdrive. Nothing to do. They delete themselves. Or blackhole them in the first place. See http://everythingisnt.com/hosts.html
Let's put it like this: when you have someone whose very revenue depends on "detecting wolves", they'll cry "wolf!" All the time. They'll cry "wolf" at the neighbour's "alsacian wolf" dog even. I'm talking about anti-spyware and other "security" companies. Do they delete cookies? Well, I briefly had McAffee installed, and among other problems (such as being a piss-poorly programmed POS) it did exactly that. It tried to protect me from all those supposedly dangerous cookies, storing such "personal details" as the session ID on some site. I'm not kidding. Using half the sites that required logon (such as Gamespy's Fileplanet) was suddenly impossible. So based on that I'd say the concern is genuine. But it's probably not the users going through the menus to delete cookies. Joe Average probably wouldn't even know or care what a cookie is. But Joe Average likely has some POS security software installed that deletes the cookies for him
A polar bear is a cartesian bear after a coordinate transform.
I use Cookieculler to protect those cookies I value (cause not all cookies are out there useless) and I delete the rest frequently.
Sample this!
The software companies should come up with a new way of measuring visitors on their web sites. Cookies do tell a lot but people delete these on a regular basis. Hell, I do too. Who'd want your sister to find out that you actually got your login pre-registered already on that local porn site of yours? :-)
Jokes aside, I wonder who's the most keen on knowing this: the ad sponsors or the people who work with the websites? "Hey, our statistics show that we got approximately 39% more visitors now! Good job Spock!"
As more and more sites include community features, more and more users also log on to the web site they visit. How about measuring this, and then try to get an idea of how many unique IP:s you got, make a poll and then base the poll results on that?
Full Tilt
For a long time I have taken advantage of Mozilla and then Firefox's ability to pop up and let me know any time anyone hands me a cookie, quickly banning those sites that appear to be nothing but cross-site ad trackers.
Looking at the content of cookies, which Firefox allows demonstrates some interesting things, like my IP address more often than comfortable. Of course I love the "badly" written sites that try to hand me a PHP or ASP session cookie on the first page of the website. I usually nix those. At least tell me what you are doing for me before I decide to let myself be tracked.
Personally I won't go out of my way to block ads, but I will go out of my way to not allow the world at large watch my every click of the mouse.
On the other hand, the family members I invariably help with their computers regularly run Ad-Aware and delete cookies it identifies on a regular basis.
D.O.U.O.S.V.A.V.V.M.
They shouldn't have annoyed the visitors anyway with annoying ads.
Besides, there are other ways to track users without cookies. Or at least, most users don't use anonymous proxies anyway.
Ok, then the site shall tell me about what cookies it sets, what it stores in them, and why it needs them. Then I can look at this policy, and if I agree with it I can enable cookies specifically for that site.
The Tao of math: The numbers you can count are not the real numbers.
I think Adaware still marks cookies in its scan, so whenver I clean someone's computer with so much spyware, I just hit select all and then delete. I imagine most people dont go picking through it to save the cookies.
Many many helpdesk employees at ISP's tell users to delete cookies. I worked helpdesk for awhile about 4 years ago and back then although sometimes it did help it was mostly snake oil. Some help desk employees at a large ISP did little else besides tell people to delete cookies and reboot. Regardless of whether it works or not the users have learned to do it on their own. A lot of calls these days will start with "I deleted my cookies already but it still doesn't work.."
Sigs are awesome huh?
[...]who is deleting cookies? Are you?
;)
I wish I wanted to waste that time, but I can't. I recently deleted them.
What we REALLY need is anti-advercookie features in our browsers, preferably Firefox, so we don't need to delete the advertising, we can have the software do it. Think of it like modern anti-virus, but it scans and removes ad cookies. Oh sure, accept it for a session, but when the session ends, the cookie is deleted automatically
Advertising / unwanted cookies only. Slashdot cookies must stay.
Every month or two (really, whenever something prompts me to think about it, which is infrequent) I go through and delete all of the cookies except the ones I know do something I want (i.e. keep me logged into slashdot) or I personally know the people who run the site & am completely sure that they're not being used for anything I disagree with.
I tried selectively allowing cookies (making liberal use of the "always accept from this site" and "always deny from this site" buttons), but it was a pain, and cookies don't really hurt me. My browsing habits won't be hard to track anyway because I've got a distinctive user-agent (firefox on linux) and my IP changes infrequently.
I tell Firefox not to accept a cookie unless the site is on my exceptions list. When I add a site to my exceptions list, I always set it to "allow session cookies only."
I have to re-enter passwords when I restart my browser—but that's what password manager is for.
Permit Cookies is the best extension for Firefox yet. http://mfe.gorgias.de/
I practically laughed when I read this article. I totally delete every cookie that has the word "ad" in the url somewhere and then I delete some on top of that. Then I eat a cookie for good measure. And finally I sit back and laugh at the ad companies while their valuable consumer statistics get all screwed up. Oh, and not to mention, I have a number of ad websites resolving to my personal web server so I can browse the web ad-free while not screwing up the layout of the website in question. They get what's coming to them if they think they can advertise smilie faces and junk like that to me. I'll only tolerate google ads because at least they are sometimes relative to what I'm looking for. But I'm still going to delete their cookies.
xoftspy and ad-aware tend to remove tons and tons of cookies.
Personally, I leave them accepted. I don't give a crap if some database somewhere infers what my computer has been browsing.
I use Opera, which doesn't normally have it's cookies infiltrated by xoftspy and ad-aware.
But Opera kicks ass anyway.
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
I personally allow only session cookies.
Session cookies are a great way for websites to track authenticated users (better than the HTTP authentication mechanisms, anyway). Other than that, cookies are mostly used in ways I don't want them to be used:
- Remembering authentication information. No thanks. If I wanted that, I'd get some software that remembered authentication information.
- Remembering preferences. Better stored on the server side in almost all cases, IMO.
- The privacy-invading sort of cookie.
I basically get the beneficial session cookies, while thwarting the uses I don't want. Another argument is that it's ok for people to know that I am this authenticated user, but it's not ok for sites to go storing information on my computer, without me requesting that.
Please correct me if I got my facts wrong.
I love cookies. I think they are awesome. Cookies let Amazon know what I was looking at last so they can present me a list of books that I might and often do like with out having to search for hours.
/. keep me logged in
Cookies let
Cookies help track my passwords so I don't have to look up each and every password each time I visit a site.
If cookies help some company that I'm visiting improve their marketing making it easier or better for me to get the product I need, that's awesome!
Call me a troll, but I'm not on the tin-foil hat wearing anti-coolaide conspiracy band wagon. I like things that make browsing easier and more productive.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
No, because it's too much time and effort, I can't be arsed and a whole bunch of sites will randomly break and I'll have to remember all the usernames/passwords and configuration settings again. So i'd have to be selective about what I delete to ensure that doesn't happen and then you get a whole list of ones you need to keep or you accept/deny them when you go to a site and ... sorry ... but thats just too much like hard work and paranoia to make browsing the web remotely fun.
If you seriously think that users en mass are deleting cookies or that a bunch of Slashdotters with overly thick tin foil hats are indicative of the world, then you'd be very much mistaken.
Most people don't know or care there is such thing as cookies and even when they do, can't be bothered or simply see no need to go deleting them every time they exit their browser.
I have far more important things to worry about than worry about a bunch of cookies that doubleclick has set (technically they don't anyway as I block their adverts).
Avantslash - View Slashdot cleanly on your mobile phone.
A cookie a day, keeps privacy away.
I was told during my A+ course that it should be routine for someone to blow away their cookies on a regular basis. Supposedly browsers check to see if any / all your cookies had expired everytime your browser loads up, the more cookies you have, the longer it takes to get your home page to load up. How can a textbook course such as A+, which seems to teach a standard on PC maintenance/repair/efficiency would be wrong about eliminating cookies. They even recommended, that if you could live without them, try and disable cookies. Though today, you can't get too far into a website that relies on such technologies.
If i wanted to hear bullshit, i'd go to church.
There are some cookie management extensions out there, but for "normal" people to better manage their privacy (or even to realize they have privacy right that they can manage) I'd like to see "prompt always, deny third party" turned on by default, and a cookie toolbar/rightclick option that allows you to accept/decline/delete them. As a matter of fact, that would be a nice option for the Firefox installer: a checkbox that says something like "[ ] Help me manage my privacy rights online." We could debate whether or not it should be on or off by default.
Or, weirder yet, what about something like the infamous Clippy? "Hi, I'm Foxy, and I'm here to help you with online privacy so you don't become a victim of identity theft, or a pawn of corporate marketing strategies!"
John
So what if I'm deleting my cookies? They can't track what magazine's I pick up from the grocery store, what channels I watch on my crappy standard cable service, what I hear on Radio (the worst of the bunch, or what I see when I'm driving down the road.
So why are these babies crying about the users finally being impowered and taking things into our own hands? Did they assume that we would never catch on? I guess we should remain blind and stupid consumers eh? Now where is my Food Lion MVP card?
Personally I keep konqueror set to ask me everytime a site attempts to set a permenant cookie, and show me the details of it.
If I want/don't mind a cookie, I accept it, if not buh-buh cookie (webtrends, ads, anything that allows the page to render (thus has come from an image/ad), etc -> bit bucket)
I have also done this for the machine my brother and mum use, and attempted to teach them why (although I don't know if they've turned it off).
...as "not allowing" them to be set in the first place. I allow a handful of sites (10 or so) that I use to put my passwords in the permanent cookies, Google's cookie and a few others as per-session and that's it. Cookies' dirty little secret is, the way they are used in a 99% (subjective assessment) of the sites, they really serve no useful purpose.
Not going to happen. You are either going to get MORE untargeted adds with a lower success rate, or LESS targeted add with a higher success rate. So if you keep your surfing details super private, you will get pop-ups for lavitra and enzyte. If you letter you habbits be known, you may still get those adds, but likely only if you visit a combination of elderly, porn, and health sites.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Most people don't delete their flash shared objects, which can serve the same purpose as cookies.
So they're still screwed.
Does anyone know of a spyware removal program that kills shared object files?
___
It's the end of my comment as I know it and I feel fine.
That Slashdot users make up 100% of that 40% of users?
Thanks you, people, for removing cookies, so all this "we watch you" stuff doesn't work.
I'm too lazy to do it myself...
May Peace Prevail On Earth
I've often wondered what kind of havoc would occur from editing cookies. I'd bet that most websites don't have input validation for read cookies because they assume they are just reading back the well-formed string they wrote to your machine.
I'm surprised there aren't more news stories of exploits based on mal-formed/overflowed cookie strings. But maybe there are exploits out there and the sites are too embarrassed to admit they were hacked with their own cookies.
Two wrongs don't make a right, but three lefts do.
The gradual adoption of IE6 has made cookies less useful. The default policies are pretty tough. You'll lose a lot of cookies if you don't specify a P3P policy and you'll probably lose some if you specify an honest P3P policy: I've noticed the decline in cookie acceptance for quite a long time. One big problem is that P3P doesn't have sufficient granularity to explain that a site's policies aren't terribly privacy violating. For instance, I work on a largely academic site that has interactive features that require user log in, valid emails, all that. We share psuedonymous logs with computer science researchers. IE6 would like our cookies if we did one or the other, but there's no way to convince it that we'll never share personally identifiable information with other parties.
Anyone just not give a damn? I mean, everyone's up in arms about privacy, and these lofty ideals of how it should be protected, etc. Just come out and say it. You don't want anyone else to see what porn sites you've been to.
Personally, I don't care about cookies. I don't have many illusions of privacy to begin with. I'm just non-egotistical enough to know that no one really cares about what sites I go to, as an individual.
They want to track my usage and habits? Fine. Throw me in a demographic, and call it a day. Use me as a statistic. Whatever.
Is everyone here paranoid, or do I have any fellow compatriots in the nation of apathy?
It will be Good that some admin check how many of /. visitors/users accept cookies, as some form of "statics".
I have CookieCuller http://cookieculler.mozdev.org/index.html (a "modified version of the Cookie Manager built into the Firefox/Mozilla browser".
With that extension its easy to have some "protected" cookies, a list of "blocked" (sites who can not do nothing with cookies), and some other that will be cleaned at start. (and some other options).
Bye
Rock and Roll
Long ago I adopted a habit of a "cookie file".
An edited/select group of cookies for some sites.
A simple shell script overwrites the inoperation cookie file.
I hope this doesn't get lost in the comments...
What ever happened to that very useful "Allow Cookies From This Site" menu item in Firefox? I leave cookies disabled by default, but when I get to a site that simply wont work without them, I liked having a quick way to go enable them for the site.
Now I have to go all through the preferences dialog, find the site in that long Allow/Block list and change it to Allow. Very annoying.
Is there a quick (two clicks max) way to turn on/off cookies for whatever is the current page?
You bet your bippie!!! Yes indeed. I have a brain, and can remember most of my logins. The ones that I have trouble with, are noted in a secure application on my palm-pilot.
Sorry, but the numbers of nefarious web sites, advertisers, et al., have made me decide that cookies, and all that comes with them, are not worth the headaches.
That nifty new browser called Firefox, has a easily accessible feature in the tools menu to kill off all cookies, cache and other items with the swift stroke of just one button!!! It makes it so easy!! Plus the pop-up blocking abilities are just neat too. I've made it a point to expressly distain any site that uses large pop-over screens and adverts. An even bigger deterrent to sites are those that require "registration" just to view news and assorted items.
I started doing this regularly back when I was an Internet Explorer user and discovered that when I have to dump the cookies and such, I discovered that I wasn't killing off all of them. The machines would strangely keep all the old stuff. That's when I discovered Microsoft's trick of keeping several folders with copies of this stuff. After this, I thought that was really bad taste on Microsoft's part to be doing this. So now I'm a Firefox user!!
Firefox/Mozilla Rocks!!!
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
I have firefox set to delete cookies at the end of every session. The only exception permanent cookies I have are for Slashdot and Google. I'm sure many Firefox users autoclear cookies every session.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
If a commerce or community site saves a cookie, then that's fine. There's a purpose for cookies on amazon and slashdot. But it seems that every little blog out there sets cookes, as do all little tech journals and so on. There's no reason for this.
More people are probably running spyware removal programs that also delete advertiser cookies. I guess that's what happens when advertiser get a little too aggressive.
I never delete any cookies. I find it too much work and I'm not that concerned about my privacy.
-- Cheers!
Hell, I'd be amazed if they could even guess my gender. :P
What kind of porn sites are you looking at?
There was a time I deleted every few days all the cookies on my system.
Now firefox does a nice job.
And anyway, who complains on the "cookies deleting users", should at first complain with the people who abused of them.
-- See you, UncleScrooge
It sounds like the marketers are whining becuase their new toys are broken.
Heh.
We were doing just fine before the advent of the cookie and malware. Now don't get me wrong, certain cookies are nice to have around to remember your preferences for newegg and slashdot. But we can do without the malware business, that's for sure.
We have one perfect marketing method that predates even the printed word: That's Word of Mouth. These days we got our forums, blogs and IM's to distribute news of how good or bad a product is or a how a company is performing. Peer advertising always bats a 1,000 when it comes to marketing.
Take a look at the legendary killer apps and you tell me how much marketing they actually spent on. WinAMP? Word Of Mouth via IRC. Winzip? WOM and out of need.
You push a product TOO hard and you are going to drive your prospectus away from you.
First rule of holes; When in one, stop digging.
no, i do not delete cookies. i don't much care about them (though i do not accept those with incorrect paths).
i just don't see ads - both on internet & tv. on internet this is somewhat easier with blockers, on a tv i have a reflex of turning down the sound when ads start and do something useful (like, er, make a tea).
if somebody can get out from my browsing habits what things i want - well, nice, in that case it shapes market in a way that i would prefer it.
i don't see the big deal with cookies & their deletion - just make good ads. there so few really good ads, it's disgusting how much crap people can create and handle.
i actually try to see ads that look interesting (and sometimes even several times. for example, some sprite ads ar great, even though i do not drink sprite) - but i miss most of them because i don't watch tv during ads...
and i can't remember when was the last time i saw an ad on the internet - i just concentrate on the content and don't see them. of course, lately subtle advertising is becoming more and more popular, for example, positive comments, positive articles and so on (and to keep the analogy with tv - movies showing people using different brand products).
if case somebody really dislikes ads (i do), probably capitalism should be ditched. there is no way advertising is going away, it is becoming only more and more visible and obtrusive.
Rich
No, I don't delete cookies - because they never get created in the first place. I have Moz+Multizilla set to ask me before creating a cookie, and unless *I* decide it is needed, the cookie is never created AND the site gets added to my "never accept cookies from this site" list.
/., or news.google.com, or any discussion forum into which I log in, or any e-commerce site - they get allowed to set cookies, because the cookie is of benefit to me .
So the sites that get hit the hardest by this are the sites that, by default, attempt to set a cookie whenever you visit the site. I take the attitude of "You shouldn't need a cookie for routine viewing, so buh-bye!".
Now, sites like
Oh, and by the way: I use the same rule for Javascript and plug-ins - if the first thing some site insists upon doing is wanting to run Javascript or Flash I block it. JS and Flash are fine where appropriate, but as a routine item they are not needed.
I also don't allow third-party sites to set cookies - if I am visiting example.com, there is no reason that adserver.scumsuckers.com needs to set a cookie, run Javascript, load Flash, or anything else - serve up your ad image and be done with it.
And if some site rams an annoying animated GIF down my throat - they go on my image blacklist.
*AND*, if they annoy me enough, they go on my personal firewall/proxy blacklist and then they CANNOT bother me no matter WHAT they try to do.
It amazes me when I go to a friend's house and see the crap they put up with - my browsing experience is sooooo much nicer.
Advertisers: despite what you were taught in school, I am not a pair of eyeballs to view ads, a pair of ears to hear ads, a gullet to swallow crappy product, and an anus that craps cash for you. I am a person, and you abuse me at your peril.
www.eFax.com are spammers
What's always left out in these discussions is the differentiation between good cookies and tracking cookies (especially long-lasting session ids). See also cookies(5). Lack of user education and bayesian cookie filters in browsers IMO.
I for one, kind folks pray it hasn't been.
D wah wah wah.. imagine users exercising thier rights.. wah wah wah.. :)
You guys all talk about cookies as if the only thing they are used for is making advertisers more money.... The fact is cookies have a real and valuable use. They can track useful information for other kinds of applications. And most cookies (at least the ones I create in my web apps) do not contain user information, instead they contain a GUID key to a database record that contains non-personal information about that users session on the website.... The kind of stuff that is useful for the user, like what category they were last at when they added a product to their shopping cart, or what affiliate they entered our website through and various other such items. These thing make our website easier to use and pose to "privacy" issue to our users.
I find that most often I end up learning from necessity, rather than for enjoyment.
All I did was write a simple script that cleans out my cookies and cache. I've set it to run daily on logout. Change $user to your username and $profile with your profile string and use it:
/home/$user/.mozilla/firefox/$profile/Cache/* /home/$user/.mozilla/firefox/$profile/history.*
/home/$user/.mozilla/firefox/$profile/cookies.txt |grep slashdot >/home/$user/.mozilla/firefox/$profile/cookiesnew. txt /home/$user/.mozilla/firefox/$profile/cookies.txt |grep mapquest >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt /home/$user/.mozilla/firefox/$profile/cookies.txt |grep mywebgrocer >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt /home/$user/.mozilla/firefox/$profile/cookies.txt |grep news.google >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt /home/$user/.mozilla/firefox/$profile/cookies.txt |grep netflix >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt
/home/$user/.mozilla/firefox/$profile/cookies.txt /home/$user/.mozilla/firefox/$profile/cookiesnew.t xt /home/$user/.mozilla/firefox/$profile/cookies.txt
echo "drop firefox cache and history"
shred -u
shred -u
echo "grab all valid firefox cookies"
cat
cat
cat
cat
cat
echo "get rid of all cookies not explicitly kept above"
shred -u
mv
echo "done"
Just add a new line for each cookie that you want kept in the "grab all valid firefox cookies" section just as I did (noting the > vs >> piping).
I mean, it works for me, at least. Why do I shred instead of rm? Because I'm one of the lunatic fringe that likes the idea of actually deleting files that I tell to be deleted.
Coupled with Firefox's AdBlock add-on, I'm pretty comfortable with my browsing experience.
-Tom
You just can't publish and make a profit from information available regarding their CEO.
--- What
As a web developer, I'll call bull-puckey on this.
Every developer working in the online industry by now knows that cookies are, at best, an unreliable solution to solving the statelessness of the web. Why would you encourage anyone to keep cookies on their systems, knowing that a large segment of the online community is going to put those cookies to unethical use? Because "legit" sites will get caught in the crossfire? No. Legit sites should design a strategy for storing user state that does not involve cookies. Two well-worn ways of doing this are: storing user state in a server-side session that expires after 30 minutes or so and persisting data to a data store.
You cannot count on people having cookies enabled or on allowing cookies to be set; cookies have been usurped by advertisers and spyware writers to invade the privacy of web-surfers. I am sure that you can find either a browser feature or a browser plugin that will remember your username and password for sites you regularly visit...or fill in forms for you...or whatever. Beyond login information, everything required to enable every feature of a good site can be retrieved from a persistent data store. If a user does not want to register, they get a default presentation. Not a problem.
If you are going to only allow session cookies why not skip the cookies altogether and store needed state information in an actual session object. No doubt this uses more resources on the server, however, it is far more reliable than using cookies and does not strongarm the user into enabling a feature that is sure to be abused by some third parties.
You and I understand what session cookies are and how they work. Most people do not; many people do not even know what cookies really are. These people have been conditioned to fear cookies and are likely to either enable or disable them altogether.
The content on the website you're visiting, maybe?
Another thing that my script does, is edit cookies. Some sites of which I do want to retain cookies have ridiculous ideas about when they expire, so I automatically move the expiration date.
My Google cookie is auto-edited in another way. I want to keep it in order to force the language to English (stupid Google thinks it's neat to automatically redirect you to your local server and most of all your local language based on your IP address, but I strongly disagree). But I do not want them to track me in any way, so I randomly edit the ID info in the cookie. This makes the cookie invalid, so each time they give me a new one, but in the mean time I still get the language set properly.
Linux user since early January 1992.
I simply don't accept them in the first place. (Except for Slashdot and a few others, of course.)
no one has mentioned how completely unbeleivable the stat is. there's no way 39% of internet users are deleting cookies. I would say 20% know what cookies are - at most. I'm sure some people are blocking cookies because they set their ie security to "most secure."
not everything is a science experiment!
that sounds conspicuously like a p3p policy:
q =p3p+policy&sourceid=opera&ie=utf-8&oe=utf-8
http://www.google.com/search?client=opera&rls=en&
you're supposed to set a p3p policy if you set cookies, and that way the browser can block or allow cookies for you. if you have cookies such as 'remember users stylesheet' and the browser understands p3p (i believe ie does, dunno about others) then the cookie will be accepted, if its a traking cookie, then it'l prompt or block.
also, session cookies are neccessary for secure php sessions over https (alternative is GET variables, and they aren't secure).
I feel so sorry for the advertisers, NOT! They can't track my buying habits and see what sites I frequent. Too f'ing bad! If they can't learn to keep stats on their end of the machine (server side), then perhaps they need better programmers and should start paying their own staff better. There is absolutely no need for an advertiser to keep information on MY machine unless they are trying to track me personally. That is over the limit, out of bounds, in my book. Cookies are great for login information and per session information containers as is noted in a number of comments here, but when advertisers abuse them by tracking my personal and cross session information, they create a problem. They made their own bed, now they have to deal with it. I find it hilarious that they are whining about not being able to try individual users and trying to spin it as a bad thing for users for them to lose this ability. They don't need personal/individual information. They can use their server side information just fine.
Cookies aren't evil. They are just misused, and misunderstood.
There's nothing wrong with using cookies to prevent me from having to logon to Slashdot 10 times a day. And there is nothing wrong with cookies telling Amazon.com that people who buy Movie X also like to buy Book Y. That is useful anonymous marketing information. I actually LIKE it when Amazon recommends things to me, because they are usually right!
The problem is when the cookie stays around for days and you never get a login prompt: that's a security problem. Or when marketers build long-term profiles on you, then try to grab identifying information from other sites you use.
I have Mozilla set to delete cookies every day, which seems to be the best balance. (Firefox unfortunately does not have this option).
should be from the too-lazy-to-check-to/too dept
Can anyone suggest any free anonymizers available? And is it an effective mechanism to avoid cookies?
We need to mount an immediate education campaign to push that figure up towards 100%. It's a matter of basic hygene:when you've finished a task online, you kill the cookies. Not doing so is like not wiping your arse properly: the result is invariably uncomfortable.
I save my all cookies for later reference. I love them. Sometimes I just browse through them for fun. My cookiesfolder is now 3,5GB and dates back to early 1994.
PS. I have a backup as well.
Out of the box ... Firefox has really poor cookie management. I have it set to prompt, but once I deny a site permission and realize I want to do business with them it takes many mouseclicks and a lot of stupid scrollbar searching to hunt down the cookieblock and delete it.
Yeah, what's up with this? Mozilla actually has a tools->cookies menu that lets you quickly block or unblock cookies from a site. Why doesn't firefox?
This seems like more of an issue than cookies on your computer that can be deleted.
Time is comparison of movement to other movement.
Certainly there are abuses involving cookies, but the level of paranoid BS out there is deafening.
The average non-techie now believes that cookies are active programs which will peer into the deepest recesses of his life and possibly erase all his MP3s. The same people religiously wiping every cookie (and complaining about the NYTimes login hassle) are typically infected with a dozen types of REAL spyware and a virus or two.
In an age where an American citizen can't get on the friggin' Greyhound bus without providing zee papers and the government has lifted all our traditional privacy protections, worrying about having your banner-clicking habits tracked is more than a little silly.
"Society is like a stew. If you don't keep it stirred up, you get a lot of scum on top. " - Edward Abbey
Love those hemlock cookies. Yummy!
A good chunk of the people who delete their cookies do it because they don't want their employer to find out where they've been surfing.
(And yes, I know a lot of routers and net tools will log where the user surfs anyway, but IT depts. generally aren't the Gestapo.)
A while ago I heard about an interesting project to screw all those loyalty/tracking cards you get for shopping.
The idea is to swap cards with someone else every so often so that their data gets completely screwed up.
Could something similar be done with cookies to rm -rf the data recorded by the personal data collectors, bugmenot is about as closest thing I've found to cookie swapping.
thank God the internet isn't a human right.
It's only a problem for them. The rest of us don't have any problems with it, and really don't care that they see it as a problem.
- AMW
Cookies are hardly the biggest problem. There are worse threats out there that Internet users should be worried about.
And with AOL visitors, the IP will most likely change through the course of the visit, so that really breaks the IP checks also.
I still want to know when exactly cookies became evil.
By all means provide good options for customising cookie behaviour, and set reasonable defaults. But please don't do the above: that wording will add more confusion than it removes. What are "privacy rights"? How do you "manage" them, and why do you need to anyway? Why does being "online" make any difference? What "help" are you asking for here?
If you're going to add this to the installer, provide a one- or two-line plain English explanation of what an option actually does. This is possible without using either technobabble or meaningless drivel. Obsequious yet ultimately unhelpful UIs are one of the curses of today's software industry, and the sooner we get rid of them, the better.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I use cookies, but I'm very nazi-ish about which ones I let stay. I block all 3rd party cookies, and I use a local http proxy to make sure none sneak through with underhanded iframe html and other things of that nature. Also, any time I see an annoying banner ad, i grab the url from the source of the page and add it to my hosts file block list (made easy with Hoster: http://www.majorgeeks.com/Hoster_d4626.html). Would that it were easier to manage these things, but unfortunately the internet isn't a perfect place.
For those that dont understand 3rd party vs 1st party cookies... the difference is this:
the way these tracking cookies work is when you're visiting site A, site A has a banner from site Z. If you have 3rd party cookies enabled, not only can site A set a cookie to your harddrive, so can site Z. Now, you go to site B which also uses site Z's ads... and site Z can see you were also at site A. Block 3rd party cookies however, and you cant get a cookie from site Z unless you actually VISIT site Z.
Disabling 3rd party cookies lets you keep their useful functions (login information at ebay, etc) and restrict the illegitimate ones (tracking my useage)
To err is human, to really foul up requires a computer
After 3 years of tech support for one internet company or another I can say in my experience only 1 in 50 of my callers clear their cookies regularily. That's half as many people as there are in the 'cookies? what are cookies' group.
The rest of the world, it would seem, only clears their cookies out when asked to by tech support, and even then it's like pulling teeth.
I think the best solution is the simple "only accept cookies from the sites you browse to" in most modern browsers. This keeps most spyware/adware cookies off your machine but still give you the convenience of using cookies.
I also go thru and manually delete some cookies from sites I don't visit on a weekly basis.
*** For a better tommorow, change your life today ***
"C is for cookie, that's good enough for me!"
(Why do they call them "cookies" anyway?)
Seriously, though - I don't delete my cookies THAT much, and I don't get spyware since I'm using Linux, but I don't need those stupid cookies. KDE has something called KDE Wallet which automatically types in my passwords in an encrypted file (called a wallet), so the only one I need to know is the one to my KDE Wallet. It'll remember passwords for ANYTHING - Instant Messenger, e-mail, all my web sites. . . you name it.
www.linuxpenguin.net
They've uncovered a dark truth. In January 2039, we're all going to die! It's just like the Mayan calendar.
Aside from the fact you don't own all of the information pertaining to you (the fact you drive a car of a certain color, for example), this isn't theft. How are they preventing you from profitting from it? They sell the information about you. Is there anything preventing you from selling the same information? No.
So go ahead, try to sell it.
Developers: We can use your help.
Sorry to be a grammar pedant, but you left out a word. VOLUNTARY. Look it up. BEFORE you listen to Rush Limpballs.
"Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
Me hungry! But cookies all dead!!
That's "Mr. Soulless Automaton" to you, Bub.
A great (and I admit, one of my favurite) features in mozilla is being able to "accept", "reject", "accept for session" and remember the above prefs for the current site.
I don't NEED to delete cookies, I only have cookies for the sites I want to store them (message boards, internet banking, etc). Sites that don't let me continue unless the cookie is set (some scum are doing this now) I usually just close the window and don't go there, if they are really nasty about how they word it, I tell mozilla to block images from them as well (so i can remember them in future).
We have the tools, use them. Once you have most of the sites you visit regularly set, you will barely notice your privacy being protected.
...
I'm deleting the hell out of my cookies.
Of course, I'm on a static IP, and I'm a gmail user, so I suppose it probably doesn't account for much.
I remove cookies from my systems whenever the hell I feel like it, thank you very much.
- The businesses making the most money on the net and getting the most hits are pr0n sites.
- Many people are embarrased to have gone to pr0n sites.
- Lots of people get history scrubbers
to destroy the evidence of their surfing.
So I suspect the majority of that 39% is people cleaning up after their pr0n surfing...- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
I get the benefits of purging the evildoers and still retaining my laziness by not having to login to sites such as Slashdot every visit.
That said, slashdot.org can leave me all the cookies they want. Mmmm, cookies.
^^
Using Firefox, I just deleted all cookies, turned on the cookie tracker, and came back to Slashdot.
Slashdot has set a total of 10 cookies: 8 as it was loading and 2 more when I logged in. The breakdown by length of life is interesting:
2 of these have no significant content and seem to be used just to determine whether I am allowing cookies in this session; 1 is my log-in ID for the session and another is a repeat of this (maybe there are 9 cookies and this one is being listed twice?). The other 6 appear to be related to advertising.
It is certainly possible that some of these are providing advertisers with demographic data (my ISP is listed in the body of one cookie-- why else would that be there?). But I guess I need to trust that Slashdot and its advertisers will do nothing malicious with this info. Sort of the same way that I trust my hardware store won't sell me substandard counterfeit bolts.
..and you can't specify who you have the conversation with...
The problem is that the average user doesnt understand what cookies are, how they can be missused, when they are appropriate and how to manage cookies themselves. And there is many a business thats is/wants to take advantage of this fact. Perhaps in the next iteration of (enter your fav browser here) it should start with a popup box explaining the ins and outs of cookies for the layperson to understand. and of course most /.'ers could just skip it.
Don't ya hate it when the correct spelling of your favorite screen name is taken?
The new version 6.0 of the Zone Alarm Pro firewall also includes an anti-spyware capacity, which runs automatic scans at set intervals. The default setting is to automatically delete tracking cookies. That's bound to mean more cookie deletions, as Zone Alarm is widely used.
RichM
Data Center Knowledge
In Korea, only old Cookies are deleted.
The Tao of math: The numbers you can count are not the real numbers.
Cookies aren't the only thing that advertisers use to keep track of you. Don't forget about web bugs - basically, any static image (often only 1 pixel in size, but it can be any size) can be used to keep track of you. Since your browser caches images, web servers can assign a unique modification date for each visitor. When your browser visits a site it has already visited, it will ask for the web bug image, and in the request, your browser will say "give me this image if its modification date is later than [a unique specified time]." That's when the server says, "Welcome back, Fred." The trick to foiling this? Don't use a cache. You really don't need one if you have broadband.
... Spammer
Tomato, Tomahto...
About once a week or two I'll get a few idle minutes, playing with my laptop while making dinner, and I'll just start opening up cookies and changing the data in there. Not to try to impersonate someone else, but just as every person's duty to scribble nonsense on some moron's database.
It's fun. It probably doesn't do anything, but it kills a minute or two of time, and it's more fun than "bejewled".
Absolutely right.
Moreover, when you visit a site and someone makes a cent or two off of information about you you're almost always being reimbursed for it.
Almost all of the non-subscription entertainment sites make money off ads. Online retailers can offer lower prices because the info they gather from customers makes them a company with better profit margins.
Maybe they're not handing you a check, but it's not like you're in a sweatshop or anything - nothing you mentioned sounds like telltale signs of an extractive economy.
World Changing - News for Humans, Stuff about our planet
. . . as one's actions do not affect another individual can said privacy be allowed.
I don't trust secrecy (collective privacy) in most instances.
Mostly because I don't allow a cookie to be set if I suspect the host is an ad server or whatnot, and only allow it to survive as a session cookie otherwise. Sites I frequent get to set necessary cookies normally.
One thing the "cookies aren't usually deleted" crowd tends to gloss over is the ability of browsers to force cookies to be session-only, or to delete cookies when the browser closes. People set up for this appear to all the stats engines as accepting cookies, but cookies set on them don't persist the way the stats engines expect them to. I think they gloss this over because it's all but impossible for a stats engine to detect this situation and count it.
The best estimates I can come up with are that something like 5-6% of all users have their browsers set to force even cookies from the site's domain to session-only (or discard them upon browser close), and something like an additional 16-17% either block third-party cookies completely or discard them at the end of a browsing session. And those percentages have been trending upwards over time.
In FireFox version 1.0.2 (what's currently in front of me):
Tools > Options > Privacy > Cookies > "Keep Cookies:" > "Until I close FireFox"
All of those steps are available through mouse clicks. It's not obscure and you don't need to edit a strange variable within a configuration file.
Of course, you'd need to close the browser every so often for this to be helpful.
This is not my sig.
I don't usually bother deleting cookies - my massive adblock list tends to keep them from ending up on my machine in the first place. That said, I do end up going through and cleaning them out once or twice a year.
When I used Netscape I deleted all cookies, then went to about 6 sites I had to login to (/. included), closed the browser. I went to the tree and saved the cookie file as cookies2. Now when I am through with my browser I delete the entire cookie file and save cookies2 as cookies. It was easy to copy the file into Firefox when I changed to it last year.
I have added a few sites to my file over the years, but I will decide what gets saved on my machine, not Gates or any other Markettwit.
Professional Politicians are not the solution, they ARE the problem.
The fundamental problem in my view is that people are installing (or have pre-installed) software (web browsers) that allows companies to track their every move without fully explaining to users that this is going to happen.
I think it's outrageous that IE and Firefox don't ask users explicitly the first time a company tries to set a cookie if they want companies to be able to track them. I don't think if users were forced to choose and understand cookie policys they would allow ANY 3rd party cookie tracking (regardless of P3P policys) and yet by default firefox and IE allow all 3rd party (P3P) cookie tracking on their default medium setting without asking the user!
As soon as the default setting allows 3rd parties to track one 3rd party advertiser sells data to marketeers, then ALL 3rd party ad servers have to do the same to compete.
If another program leaked as much information to companies without your knowledge as IE and Firefox on the default cookie setting the software would be deemed spyware (or worse as it leaks information to thousands of companies!).
The idea that laws should be introduced to force websites to say they are spying using cookieing is a stupid legal solution to the technical problem that users are installing and using software that leaks their data in way that the average user would consider a privacy violation - BY DEFAULT!
I would suggest that the web browser should pop up a one time warning dialog the first time it sees a 3rd party trying to set a cookie. Something like this: "a 3rd party company not 'slashdot.org' is trying to record information on your computer, do you want to allow any 3rd parties to record data about your internet usage?"
Most people would say NO, this would change the cookie acceptance policy on the users browser so that no 3rd party tracking would ever work.
Cookie wiping by anti-spyware companies is just another kludge work around for not forcing users to choose a cookie security policy they are comfortable with.
Users don't delete the cookies. They just throw away the computer when the spyware reaches critical mass.
I have firefox set to delete cookies on exit, so I guess a little fox is doing it for me
IIRC, the original 39% guys are marketers, they're worried about the marketing cookies that are used by advertising networks. These cookies are routinely deleted by SpyBot and other anti-spyware applications.
If you think about how many people have to run an anti-spyware app at least once a year, then the 39% seems quite reasonable. But this has nothing to do with the cookies that remember my login ID to Slashdot or Yahoo.
Two well-worn ways of doing this are: storing user state in a server-side session that expires after 30 minutes or so and persisting data to a data store.
Without the use of a cookie to store the session ID number, how does the server tie the visitor's next request to his state data? Aside from using a small cookie containing that session ID number, the only way I know of doing this is to be always passing the ID number back and forth in the request/response headers like a hot potato-- which I understand makes the session vulnerable to man-in-the-middle attacks.
Is there something you know that I don't know? Is there perhaps a meta-intranet that allows the browser and server to pass the session ID around by silicon-enabled telepathy??
No, but I maliciously rearrange their data to give the tracking system(s) an aneurism...
*evil laughter*
Come hear me sing!
I white list my cookies with Konqueror. Any site not on the list doesn't get to set cookies. If I go to a site I like or need, and cookies make the site more friendly (auto login and stored preferences), the site goes on the white list.
I have 14 cookies on the system I've been using for the last couple years. This works well since I don't usually surf or browse the web. I use the web because I want something specific. The only exception is a search result from Google when I'm looking for something specific. Then I'll visit sites I've never seen before. They don't get to set cookies either unless I'm sure I'll be returning frequently.
The problem with that is that if marketers are not making sales, they will stop advertising in those channels, which means content providers will lose their add revenue, which means they will turn to pay -per-content or close.
;)
So go ahead and block all adds, you will know where to look when your favorite content provider loses their income
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Cookies are benign. No one can track YOUR every move on the net -- at least not YOU specifically. Rather, they are tracking that browser. There's this massive misconception that cookies expose your life and habits for all the Web to read at their leisure. The reality is quite different.
If you go to a web site and they set cookies, only that site can actually read those cookies. If you don't want to be tracked by anyone other than the site you're visiting, simply turn off "third party cookies" (in IE5+). In Mozilla/Firefox simply enable cookies only for the originating site. You'd do better to manually accept all cookies, rather than automatically denying them all.
Cookies are not little pieces of malicious code that can run arbitrarily.
I work in the search industry, and cookies are a good healthy thing as they are used by the majority of sites. They allow airlines, retail stores, hotels, and any other vendor decide how and when to run sales. By tracking [anonymous] people's habits they can better target their pricing. Lots of people looking for PC3200 DDR RAM? Yep, tracking says lots of people are!
This is good for all of us.
My ZooLoo
Firefox in Linux is slightly different:
Edit > Preferences > Privacy > Cookies > "Keep Cookies:" > "Until I close FireFox"
"What is Internet Explorer 7? Are you saying we can't access the normal internet?" - I love tech support. Really.
I nuke cookies with extreme prejudice, especially ones for "partners".
It's nobody's business. If I wanted to live in Soviet Amerika, I'd have voted for the failure.
-- Tigger warning: This post may contain tiggers! --
"I want the monetary value of my opinion."
/. makes money from all the suckers who paid to read your post as well as the ads on the page whose impressions are generated by.. people reading your post.
Yet you post it to slashdot for all to see for free. Possibly you've even paid for the privilege.
Can you be Even More Awesome?!
I used to allow all cookies. I wasn't worried about privacy issues and I found them convenient in many sites. And I let anti-spyware programs sort out the "bad" cookies.
Until a year ago, when I noticed a mysterious slowdown and occasional tendency to crash in my system. Ran adaware and spybot and got nothing. Ran a host of anti-virus tools and got nothing. After working with a slow computer for a week I decided to clear all my cookies. Guess what? Problem went away.
Having learned my lesson that even a combination of multiple anti-spyware tools won't catch all the invasive cookies in my system, I now set firefox to delete all cookies upon exiting my session all the time. And since firefox has auto form-completion, the convenience factor is not lost. Anti-spyware won't catch everything - in some cases because threat of lawsuits from spyware firms have forced anti-spyware makers to delist certain malware. So the only way I can feel safe is by deleting all cookies.
I have no reason to keep cookies around longer than the current session.
Neither do the web sites I do business with.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I'm not paranoid. I don't delete my cookies... Opera keeps them for as long as they're set for. Opera also has powerful cookie management/filters.I like to just "stay logged in" to my favorite services. It's a lot easier than retyping a password, that I'd probably have to look up, every time I wanted to log in to a site. I don't do online banking, I'm not going to get my identity stolen and I don't have any spyware.
I refuse cookies from ad servers, and accept them from login servers (slashdot, forums, etc. -- not yahoo because they don't keep me logged in anyway).
Deleting cookies doesn't affect my performance or the stability of the application, so I only see how good they can be.
Your life is not that interesting that any of these companies give a shit about you personally. They're more interested in AGGREGATE data. Nobody really cares about how many pr0n sites you visit, just the number of total visits. Your personal net usage habits are WORTHLESS as an individual.
Ironically, your rant on tracking must not apply to Slashdot, mr. "It doesn't come easy (695416)".
Conspiracy theorists always dream up wild conspiracies that would never apply to their own lame, mundane lives.
I allow cookies from the sites I navigate to. The convenience outweighs privacy issues as far as I'm concerned. I like having sites show me ads for stuff that I might actually be interested in.
What bugs me about cookies is the disparity between what I can do, and what websites can do. I would feel better if the relationship were more equal.
Companies have "Customer Relationship Management Systems" and "Approved Vendor" lists. As more of my life moves online, I feel the need for a "Website Relationship Management System." There are a small number of websites that I *want* to have a continuing relationship with, and for those I want tracking and reporting exceeding what I now get.
If a site used to use SSL, but no longer does, I want an alert.
If a site used to have a privacy policy at a specific URL, but it's moved or changed, I need to know.
If a site uses 10 cookies, but only one benefits me, I want to permit just the one useful cookie.
If a new tracking system gains popularity, I want to understand it so I can make a rational decision about whether to cooperate with it.
Computers should be the Great Equalizer, but we (programmers) don't have our act together yet -- any ideas about how this can be changed?
Don't mess with The Phone Company. Piss them off and you'll be using two tin cans and a piece of string.
You can track users pretty well by IP address and other methods. If you use Amazon with cookies disabled, it still shows your recently visited items after you wipe all your cookies. In fact, if you don't want Amazon to show your recently visited items to someone else using your computer, you have to go to their preferences and check a box. This of course, sets a cookie. QED
If every website that buried their stuff under obnoxious ads fell off of the 'net tomorrow, I would cheer.
It seems a common misconception that only sites rife with ads serve up any worthwhile content. In fact, I often find that the obnoxiousness of a site's advertising is inversely proportional to the value of its content.
In a seeming parallel to open source programming, many people and institutions will happily put content up on the web because they want or need to, not because some ad agency is paying them to do so. There was content on the web before advertising, and there'll be content on the web without it.
There is a spellbook here; eat it? [ynq]
If it helps to frustrate advertisers and marketing minions, then i'm all for it (and do). They spend enough of my day (everyday) frustrating me with the constant onslaught of Ads and marketing tactics to get me to be the ultimate consumer, I feel it is the least I can do to show them my gratitude.
[...] who is deleting cookies? Are you? /. cookies because I keep forgetting my pw all the time.
Only pr0n cookies. I need the
"By then, we will have moved that counter to a 64-bit number."
We will all have moved to Australian outback... or updated our Resumes as Y2k39 consultants.
So if you like a site enough to visit it and use their information, then consider that your renumeration for the collection of your browsing habits. After all, you're using their service, and they're using you to make money to pay the bills and turn a profit.
The only objection I have is if a site's privacy policy doesn't explicitly state that cookies are in use on a site and/or what information is collected.
"Nokia is not a country, it's the capital of Finland!" -Moderated "Informative". Yeesh.
But then you are depending on those with money to share content. I worked with a site for a video game mod last year. Great site, no adds, wonderful content (and mod files sizes in the magnitude of Megs). Worked off of donations, a few bucks here, a few bucks there would cover the bandwidth needs. After a while, the site's popularity grew, some links from other very popular sites to this site drove the bandwidth and server load through the roof. The site admin bumped the server to a tougher server, which could handle it, and eventually the guy running the site had to pay for a much higher end hosting solution and bandwidth. That shot his relatively low bandwidth bill to way beyond that of what a part time pet project could justify. He started enforcing free registration, and added google adds, which helped, but the cost of thousands apon thousands of users downloading multiple files from 1 meg to 50 megs was extremely costly, even with 3 mirrors. He added more advertising to help cover the cost. And the site is still up today.
Acording to your point of view, he should not have taken any advertising, because it would push people away from his site, but had he not taken any advertisment, his site would be perpetually unreachable until no one visted it due to it's instability.
Advertising, whether you like it or not, is what allows people with limited budgets to maintain high bandwidth publications.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I have third-party cookies blocked by default in Firefox, and I usually go through my cookies once every few months to add the ones that I don't recognize to my "always block" cookies list. Generally, if I don't recognize the site name (especially if it is something like "www.intrusivemarketinganalprobe.com") it gets put in the "always block" list. Also, when I run Ad-Aware, I let it quarantine any cookies it marks as potential marketing/ad/spy tracker-cookies.
...the more false-alarms they create.
... so more burglars aren't alerted that it's safe to come in!"
Well, maybe not in *all* cases, but it sure seems to be a decent "rule of thumb". Norton and McAfee are probably the top 2 most popular vendors marketing "Internet Security" type packages - and both seem to flag the most false alarms, disrupt normal, smooth system operation, and "bloat" things FAR more than necessary.
Time and time again, when I'm trying to clean viruses or spyware off machines, I get the best results using relatively obscure, typically foreign-developed software products. And "personal firewall" software for Windows seems like much more of a "scam" or "solution in need of problems" than anything sensible or truly useful.
EG. Say you install "ZoneAlarm" on your Windows XP box because people promise you it's "much more secure and flexible than Windows' built in firewall!". Ok... Well, now you've got this product that's constantly harassing you EVERY TIME some new application or DLL tries to access the net for the first time. Typically, it tells you it has "no information to offer" on what that program really does, so it's up to you, the end-user, to determine if it's "safe" or not. Why would I ever assume that the typical Windows user knows better than applications themselves about which DLL files are "safe" vs. "threats"? But yet, that's pretty much the design model.
And furthermore, much of the supposedly "security" of these firewall products lies in the fact that they can "permanently block" malware from communicating out to the net. But that's *AFTER THE FACT* that the stuff got onto your machine! Who knows what other problems said malware is causing your computer in the meantime... but the user gets a false sense of security because ZoneAlarm "blocked" the stuff. That's like me saying "Hey, I have this cool security system in my house. Anyone can walk right in because I don't have locks on my doors, but once you set off the alarm, the criminal is rendered unable to communicate outside my house to his buddies
What I have setup:
Tools -> Options -> Cookies:
- Keep Cookies: ask me every time
And when Firefox shows the dialog to ask me:
- I set the checkbox "Use my choice for all cookies from this site"
- Then I click Deny (or Accept).
So, once you deny (or accept) cookies from a specific site, it will remember your selection.
That way I don't need to delete all my cookies and then having problems logging again to Slashdot because Firefox can no longer logged me in automatically.
My $0.02
This is what I do.
use Firefox
under Edit:Preferences:Privacy, select the twisty for cookies and check "allow sites to set cookies" and "for the original site only"
Install extention "CookieCuller" and "Add 'n Edit cookies"
go to google.com and set your prefrences
using "add n edit" zero out the google cookie; change the first 16 hex digits to 0
use "cookieculler" protect this cookie, and any other cookies that you find useful
set "cookieculler" to delete unprotected cookies on startup (you must do it this way, don't upchuck cookies on shutdown)
use extention Flashblock to stop those annoying flash logos and help prevent "flash cookies"
use adblock and a good filterset (google for it)
(this last step is not really necceary, but it assures me that if google ever targets ads to me because I'm tech savvy and I've zeroed out my google cookie, at the very least, I'll never see them!)
All I can say is use Proxomitron for Windows and Grypen's Proxomitron Filters for effecitve cookie filtering along with a whole whack of other filters for ad's and anything else malicious.
You must master your joystick like a fisherman masters bait! - Gimpy
I'm wondering just how many of the "cookies" turned off people are of the enlightened variety, and how many are using security programs(think antispyware) who actively disable known ad-based cookies, and similar usage-tracking methods(like webbugs).
Wouldn't that explain the change, and the worry of the ad companies, without having to explain why the masses we know and loved changed their hats on "it's too hard, do it for me" issues like security, privacy and efficiency.
Someone from DoubleClick? Gator?
There's no flamebait in the parent post. It's a perfectly reasonably statement of a perfectly reasonable viewpoint. I'd mod it back up myself, but I've already posted to this article.
Information doesn't want to be anthropomorphized anymore.
When I get bored on slow afternoons, I'll go thru my cookies and delete anything unexpected. Then I'll flip the read-only flag on some, and when I'm feeling malicous, I'll alter the cookie contents - change some bytes, add some garbage...
Sometimes its fun to watch sites puke from corrupted cookies.
The only PT Boat Journal on the web: http://www.PT171.org
it's "a penny for your thoughts". See, better profit margin.
I only post comments when someone on the internet is wrong.
From the report:
[For example, cookies help a computer limit how many times a user sees annoying ads like a floating, animated message.]
They need a cookie that can reveal my final visit to a web site. That the best time to show the annoying, floating animated ad, assuring that i will never return to the site.
The government which is strong enough to protect you from everything is strong enough to take everything from you.
"Cookies are critical from a business perspective," said Lorraine Ross, vice president for sales at USAToday.com. "They help us do things like track our profitability per unique visitor, for instance. But if you don't know how many people are coming in, you don't really have a handle on whether your profitability is improving or not."
This is, in a word, totally false. False as the day is long. Any site with a decent eingineering team can munge links with a session ID and track people without cookies all damn day long.
Love the technical speak from people that just dont know anything about it.
s'wut i sed.
Are you saying thats when they became evil? Its not possible all the sites have a use for the cookie? I use cookies so that people can login and so they can customize a site. You dont think other sites do that? As for ad networks, sorry to tell you guys, but they support free content. They will not go away, blocking their cookies does nothing more than make them find new ways of tracking which ads they have already shown you. Would you prefer to just see the same ads over and over and over and over?
And if they go away and then come back to your home URL, how do you know it's the same person?
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
and it's more fun than "bejewled".
Blaspheme! May you burn hell you filthy dog!!!
They bookmark, or you look at IP addresses or even better, match it to a login on your site. This can be fairly easily done.
If youre just tracking visitors or clickthroughs, you DONT want to aggregate them, brcause you want to twist the humbers higher.
s'wut i sed.
I have three words for you: peer to peer. In this kind of situation, the client-server architecture concentrates thousands of leechers on a single resource that may not be equipped to handle it (as your friend unfortunately found out). With p2p, downloaders can help you out with bandwidth, which is only fair and often doesn't cost them anything.
The current state of p2p isn't very highly evolved, but it's continuing to improve. I'm hopeful that in the future it'll totally eradicate the small-guy problem that you outline.
There is a spellbook here; eat it? [ynq]
My proxy blocks all persistant cookies every single time. There's really no need for storing settings that I don't explicitly want, so I don't allow sites to do it. Ever.
Session cookies? All are accepted. No problem. Incidentally my brwoser sessions last a few days.
-josh
Cookie management in Firefox is a little bothersome, thats why i installed Permit Cookies extension, so you can easily whitelist sites by pressing ctrl-c. Then you can choose: allow, session, block, or remove the cookie for the site you are currently viewing.
Permit Cookies would be a little more user friendly if it worked just like NoScript extension (which does the same, but for javascript).
In my opinion both tools should be integrated into Firefox.
Artix
Your Linux, your init.
Yep.
I agree with you that passing back and forth on the query string is open to man-in-the-middle attacks; however, the threat of such a thing happening can be significantly reduced by using SSL.
My less-than-eloquently-stated point is that you can design a site to not use cookies; using cookies is unreliable because you cannot guarantee that the user will have cookies enabled - and forcing them to enable cookies just to use your site is not right, in my opinion.
Ultimately, I concede the point for the following reasons:
Just like any technology, cookies can be abused-- but that doesn't make them inherently bad. I solve the problem simply by forcing all cookies to be session cookies :)
Luke-Jr
I don't think cookies should be out there at all," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, an advocacy group based in Washington..
Without cookies most web applications will fail. While there are other methods to uniquely identify a session (hidden form input, querystring value), cookies remain the most effective.
meh
No - I think you're missing my point. I'm not "blasting ZoneAlarm" because it doesn't do everything and isn't "idiot-proof". I'm blasting it because it's an extra piece of unnecessary software for most people. If you disregard the fact that it allows you to block malware from communicating *after* it has already gotten in, then what else does it really accomplish that the built-in XP firewall doesn't?
Of course you need several products in tandem to adequately protect a PC. You want anti-virus software, anti-spyware software *and* a basic firewall. But assuming your anti-spyware and anti-virus software is up-to-date and doing its job properly, why would you see a real benefit from your firewall having extra "intelligence" to keep popping up alert dialogs whenever apps try to use the net?
Spyware authors simply engineer their programs to confuse and trick people into letting them past these types of firewalls anyway. EG. There's a popular piece of spyware that identifies itself as "winword.exe" - so most people think "Oh, it's Microsoft Word. That's ok." and authorize it to get past the firewall. I don't think it's fair to label everyone an "idiot" who doesn't figure that stunt out right away.
If you use a Mac, the best browser for cookie management has to be Omniweb. Here's a screenshot. See the little cookie icon at the bottom of the browser window? When you click it, that sheet with the red/yellow/green dots drops down and lets you accept/deny cookies on an individual basis. Just set the default to 'deny all' and then selectively accept the ones you want as you need them. It's very slick. The last time I used Mozilla I had to dig through the preferences constantly to achieve something similar. Only one other browser that I've used (iCab) has anything close, though I must admit that I've never tried Firefox.
But that's a moot point considering bandwidth is so cheap and if you want to throw up some kind of large, bandwidth consuming site you can generally run it on donation.
While I mostly agree with the rest of your rant, in particular with reference to the lifestyle type advertising (very Tyler Durden there), its time and way beyond time that you, tinker bell, and the rest of slashdot woke up to some realities you won't find steeping in the comfortable groves of academia or mouldering away in your parents' basement.
Some people run online businesses. These are what got the internet to where it is today. These require online advertising to let people know whats available. Everyone's favourite website, google, does that run on donations? No, its 100% advertising based revenue. One hundred percent.
The only reason that the internet is so ubiquitous today is purely private enterprise. A PC in every home, spreading broadband access, these things would not exist without commercial enterprise, whose sole purpose is profit. Do you seriously think that the internet would even exist if it had been left in the hands of academics?
And its not just the internet that was built on the back of commercial enterprise, take a look at spaceflight and see how has been fizzling like a wet firecracker until Richard Branson et al stepped in to bring you your star trek.
So if you don't like the nasty advertising, I suggest you sod off and read a good book, and leave the internet alone. Donation based websites, I mean what the good fuck.
What he can't kill, he has sex on. Trent.
Agreed, P2P can grow to be an amazing tool, but the social engineering behind it has to catch up to the technology. Integrating P2P connections into browsers (mozilla, IE7) will be a huge step, but even more so will be continuous improvements in wireless and ubiquitous technology coupled with a fluid social interface.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
If the site you visit is hosted by a load balancing device but the application is not built to maintain session state between separate physical servers (most apps aren't, the developers don't ever seem to think about the fact that the app might be running in multiple places), the load balancing device must then maintain persistence of each client to the correct server for the site to work.
If you are not allowing (at least) session cookies, the load balancing device must fall back to using your source IP address to maintain persistence. If your source IP is a proxy (ie, you are an AOL user, on a corporate network, behind a gateway router, etc) then your session may be confused with another session and you may end up inside someone else's session or vice versa. I've seen this behavior on several sites where I was dumped into someone else's session with no authentication because our connections originated from the same proxy.
The way to ensure that *only* the correct client gets back into their own session is to uniquely identify them, and the easiest way to do that (without rewriting the app to use sessions in the URL) is for the load balancing device to insert a session cookie that has information on which server the client was originally load balanced to and to read that cookie on subsequent connections. The application server never even has to know about the cookie.
Therefore I submit that people's attitudes that cookies only collect/store personal information and their reaction to turn off all cookies including session cookies can actually decrease their security by exposing their sessions to access by other users.
DennyErecting the wall of separation between church and state is absolutely essential in a free society. - Thomas Jefferson
Indeed--what you say about our personal information being of value is so true. A couple of years back, in reflecting on the copyright wars and the corporate insistance on what is "their" property, I began to think how cavalierly they take our personal info and resell it (think ChoicePoint here). Figuring that the intellectual property juggernaut was not going away any time soon, I developed an idea of granting us, everyday citizens, property rights over our own personal info. That way, any company who took our info and resold it (esp w/o our consent) could be liable for , yes, copyright violations! I thought I was original in that idea, but it turns out that Pamela Samuelson, developed the idea in about 1999. Surprise, surprise--nothing came of it.