Slashdot Mirror
Death of Cookies, Spyware Greatly Exaggerated?
securitas writes "The New York Times' Bob Tedeschi interviews several Internet marketing leaders who debate recent reports that Internet users are deleting cookies en masse and causing serious problems for advertisers. Among the interviewed is Eric Peterson, co-author of the Jupiter Research report that claims 39 percent of Internet users delete cookies. Slashdot has recently had stories about this supposed trend in June and July. A shorter version of the article at IHT. Who is telling the truth and who is deleting cookies? Are you?"
[...]who is deleting cookies? Are you?
Routinely and automatically. I don't need any help in remembering my ID, password, or credit card number, thank you. And I don't want any company tracking my every move on the net just so they can turn around and sell information about my personal habits, whatever those habits may be.
Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.
The NSA: The only part of the US government that actually listens.
If 40 % of the market is deleting their cookies (no doubt as part of a regular anti spyware cleaning) that's a problem no matter what spin you put on it.
Thalasar
Cookies are delicious delicacies.
I simply deleted all my cookies, visited every site I *want* a cookie from and then set my cookies to be read-only. Worry-free AND all the benefits of good cookies!
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
... because I already don't let the browser set them.
Does the advertising industry also "lose" money because it cannot track if I am watching their ads on TV?
The Tao of math: The numbers you can count are not the real numbers.
Cookies are a sometimes food.
The Tools Of Ignorance wanna be a tool?
The "Allow Cookies For Session", along with the Allow Persistent Cookie Exceptions in Firefox solve all my problems. Along with AdBlock and BugMeNot.
I guess that makes me a bad person.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Delete? Just deny them in the first place, Firefox + Adblock extension!
I set my settings in my browser to ask before saving a cookie, most I deny but some, for example, logins I allow. You'd be amased how many websites set a cookie every time you visit their website and how many times. Advertisments are the worst, because they always set several cookies per advert but now I've go into the trend of just blocking whole domains, I hate the feeling that some body is sitting at a computer monitoring how many different people are seeing his adverts/
But not because of security concenns, it is mostly because I have got into a nervous habit of clearing my cache and cookies every day.
A few months ago this was a different story, seeing about 400MB of cache/cookies taking up around a gig on the hdd because the files were so small changed it; and I dont mind having to re-login to sites every time, it means I am less likely to forget my various passwords!
I have Firefox setup to delete cookies on exit. Also, it only accepts cookies from originating site as well. Remind me why I should KEEP cookies again? Oh I know.. it's probably for Amazon to start charging me more because I'm "loyal" customer!
Mozilla/Firefox can. Just tell it to set all cookies as session cookies.
The Tao of math: The numbers you can count are not the real numbers.
The article is mentions the rise of anti-spyware and how it usually cleans up suspect cookies.
From my experience with average users, clients, co-workers and family, most users have no clue what the anti-spyware is actually doing, they just follow along blindly. Personally I think this a great improvement over the truely clueless who don't practice safe browsing of any sort.
XML is a known as a key material required to create SMD: Software of Mass Destruction
"So cookies are a really good thing for managing the user's experience" says a USA Today markedroid.
Clueless. Absolutly clueless. This goes straight to the heart of the matter. They can't understand why people don't want their 'experience managed'.
I can manage my own goddamned experience, thanks anyway. Keep your filthy paws offa me.
Mod down people who tell people how to mod in their sigs
Let's put it like this: when you have someone whose very revenue depends on "detecting wolves", they'll cry "wolf!" All the time. They'll cry "wolf" at the neighbour's "alsacian wolf" dog even. I'm talking about anti-spyware and other "security" companies. Do they delete cookies? Well, I briefly had McAffee installed, and among other problems (such as being a piss-poorly programmed POS) it did exactly that. It tried to protect me from all those supposedly dangerous cookies, storing such "personal details" as the session ID on some site. I'm not kidding. Using half the sites that required logon (such as Gamespy's Fileplanet) was suddenly impossible. So based on that I'd say the concern is genuine. But it's probably not the users going through the menus to delete cookies. Joe Average probably wouldn't even know or care what a cookie is. But Joe Average likely has some POS security software installed that deletes the cookies for him
A polar bear is a cartesian bear after a coordinate transform.
Within firefox you can setup cookie control fairly well. There are also extensions that allow you to do even more things from what I have been told Although I have not verified the extensions.
I use Cookieculler to protect those cookies I value (cause not all cookies are out there useless) and I delete the rest frequently.
Sample this!
Some don't actually EVER expire..
Some, like Googles cookie, don't expire for ages!
(Googles cookie implodes some time around January 2039)
I am a viral sig. Please copy me and help me spread. Thank you.
Many many helpdesk employees at ISP's tell users to delete cookies. I worked helpdesk for awhile about 4 years ago and back then although sometimes it did help it was mostly snake oil. Some help desk employees at a large ISP did little else besides tell people to delete cookies and reboot. Regardless of whether it works or not the users have learned to do it on their own. A lot of calls these days will start with "I deleted my cookies already but it still doesn't work.."
Sigs are awesome huh?
There are some cookie management extensions out there, but for "normal" people to better manage their privacy (or even to realize they have privacy right that they can manage) I'd like to see "prompt always, deny third party" turned on by default, and a cookie toolbar/rightclick option that allows you to accept/decline/delete them. As a matter of fact, that would be a nice option for the Firefox installer: a checkbox that says something like "[ ] Help me manage my privacy rights online." We could debate whether or not it should be on or off by default.
Or, weirder yet, what about something like the infamous Clippy? "Hi, I'm Foxy, and I'm here to help you with online privacy so you don't become a victim of identity theft, or a pawn of corporate marketing strategies!"
John
Anyone just not give a damn? I mean, everyone's up in arms about privacy, and these lofty ideals of how it should be protected, etc. Just come out and say it. You don't want anyone else to see what porn sites you've been to.
Personally, I don't care about cookies. I don't have many illusions of privacy to begin with. I'm just non-egotistical enough to know that no one really cares about what sites I go to, as an individual.
They want to track my usage and habits? Fine. Throw me in a demographic, and call it a day. Use me as a statistic. Whatever.
Is everyone here paranoid, or do I have any fellow compatriots in the nation of apathy?
I agree whole heartedly. Cookies got a bad name in the late nineties and have never recovered from the uninformeds' position that they must be evil.
I also agree with the AC who said that the vast majority of 'average' users don't even know what cookies are, let alone block or delete them.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
i went through a no-cookies allowed period a couple of years ago and i quickly found something out: they're actually useful and in a lot of cases, dare i say it, desireable.
call me lazy but i actually like my login forms prefilled (name only, of course). i like my template preferences recorded. when i go to ecommerce site 'x' i honestly find it convenient to see what i bought on my last trip.
and, above all, i want to be able to maintain sessions on a lot of sites. increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.
2 1337 4 u!
What's always left out in these discussions is the differentiation between good cookies and tracking cookies (especially long-lasting session ids). See also cookies(5). Lack of user education and bayesian cookie filters in browsers IMO.
You guys all talk about cookies as if the only thing they are used for is making advertisers more money.... The fact is cookies have a real and valuable use. They can track useful information for other kinds of applications. And most cookies (at least the ones I create in my web apps) do not contain user information, instead they contain a GUID key to a database record that contains non-personal information about that users session on the website.... The kind of stuff that is useful for the user, like what category they were last at when they added a product to their shopping cart, or what affiliate they entered our website through and various other such items. These thing make our website easier to use and pose to "privacy" issue to our users.
I find that most often I end up learning from necessity, rather than for enjoyment.
All I did was write a simple script that cleans out my cookies and cache. I've set it to run daily on logout. Change $user to your username and $profile with your profile string and use it:
/home/$user/.mozilla/firefox/$profile/Cache/* /home/$user/.mozilla/firefox/$profile/history.*
/home/$user/.mozilla/firefox/$profile/cookies.txt |grep slashdot >/home/$user/.mozilla/firefox/$profile/cookiesnew. txt /home/$user/.mozilla/firefox/$profile/cookies.txt |grep mapquest >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt /home/$user/.mozilla/firefox/$profile/cookies.txt |grep mywebgrocer >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt /home/$user/.mozilla/firefox/$profile/cookies.txt |grep news.google >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt /home/$user/.mozilla/firefox/$profile/cookies.txt |grep netflix >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt
/home/$user/.mozilla/firefox/$profile/cookies.txt /home/$user/.mozilla/firefox/$profile/cookiesnew.t xt /home/$user/.mozilla/firefox/$profile/cookies.txt
echo "drop firefox cache and history"
shred -u
shred -u
echo "grab all valid firefox cookies"
cat
cat
cat
cat
cat
echo "get rid of all cookies not explicitly kept above"
shred -u
mv
echo "done"
Just add a new line for each cookie that you want kept in the "grab all valid firefox cookies" section just as I did (noting the > vs >> piping).
I mean, it works for me, at least. Why do I shred instead of rm? Because I'm one of the lunatic fringe that likes the idea of actually deleting files that I tell to be deleted.
Coupled with Firefox's AdBlock add-on, I'm pretty comfortable with my browsing experience.
-Tom
You just can't publish and make a profit from information available regarding their CEO.
--- What
I feel so sorry for the advertisers, NOT! They can't track my buying habits and see what sites I frequent. Too f'ing bad! If they can't learn to keep stats on their end of the machine (server side), then perhaps they need better programmers and should start paying their own staff better. There is absolutely no need for an advertiser to keep information on MY machine unless they are trying to track me personally. That is over the limit, out of bounds, in my book. Cookies are great for login information and per session information containers as is noted in a number of comments here, but when advertisers abuse them by tracking my personal and cross session information, they create a problem. They made their own bed, now they have to deal with it. I find it hilarious that they are whining about not being able to try individual users and trying to spin it as a bad thing for users for them to lose this ability. They don't need personal/individual information. They can use their server side information just fine.
Cookies aren't evil. They are just misused, and misunderstood.
There's nothing wrong with using cookies to prevent me from having to logon to Slashdot 10 times a day. And there is nothing wrong with cookies telling Amazon.com that people who buy Movie X also like to buy Book Y. That is useful anonymous marketing information. I actually LIKE it when Amazon recommends things to me, because they are usually right!
The problem is when the cookie stays around for days and you never get a login prompt: that's a security problem. Or when marketers build long-term profiles on you, then try to grab identifying information from other sites you use.
I have Mozilla set to delete cookies every day, which seems to be the best balance. (Firefox unfortunately does not have this option).
Out of the box ... Firefox has really poor cookie management. I have it set to prompt, but once I deny a site permission and realize I want to do business with them it takes many mouseclicks and a lot of stupid scrollbar searching to hunt down the cookieblock and delete it.
Yeah, what's up with this? Mozilla actually has a tools->cookies menu that lets you quickly block or unblock cookies from a site. Why doesn't firefox?
well... durr... that's what session cookies are for... doesn't ie support them then??? who really cares, Konq and Firefox do... and that means I'm happy ;)
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Here's what I do.
/. so I don't have to log in everytime.
Get Firefox to turn ALL cookies into session cookies by deleting them "when I close Firefox" in options.
Then make exceptions for the sites you want to track you. I do this for
From the article;
This anticookie fervor also hurts the deleters, she says. For example, cookies help a computer limit how many times the user is exposed to annoying ads like a floating, animated message. Since when should you trust a site not to annoy you with ads, block popups and use Adblock and Flashblock.
"...So cookies are a really good thing for managing the user's experience," she said." If this was true, we'd all be installing adware on our computers to deliver 'interesting relevant and targetted' advertising to enrich our web experiences wouldn't we? Bah!
increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.
t tacks
For session tracking, cookies are now the standard, but there are other security precautions that can only accomplished by including a unique ID in every form.
Go read up about "session riding" or "cross-site request forgery". For example:
http://shiflett.org/articles/foiling-cross-site-a
See the code sample near the end of the page, under "Force the use of your own HTML forms".
where there's fish, there's cats
That said, slashdot.org can leave me all the cookies they want. Mmmm, cookies.
^^
Yes, we will have completed that move on approximately January 18, 2038.
About once a week or two I'll get a few idle minutes, playing with my laptop while making dinner, and I'll just start opening up cookies and changing the data in there. Not to try to impersonate someone else, but just as every person's duty to scribble nonsense on some moron's database.
It's fun. It probably doesn't do anything, but it kills a minute or two of time, and it's more fun than "bejewled".
Absolutely right.
Moreover, when you visit a site and someone makes a cent or two off of information about you you're almost always being reimbursed for it.
Almost all of the non-subscription entertainment sites make money off ads. Online retailers can offer lower prices because the info they gather from customers makes them a company with better profit margins.
Maybe they're not handing you a check, but it's not like you're in a sweatshop or anything - nothing you mentioned sounds like telltale signs of an extractive economy.
World Changing - News for Humans, Stuff about our planet
Who needs to delete cookies? I just have a little program that overwrites the text with random text. Why? Well, spyware companies suck that's why. But you're not kicking them in the gut if you just delete the cookies. Nah, feed their databases with crap. That's what I say.
Logic, macros, and more
More like leaving your keys in the car while it sits in a locked garage.
Block 3rd party cookies and allow the rest and you should have nothing to worry about. Unless you enjoy the paranoia.
I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
"I want the monetary value of my opinion."
/. makes money from all the suckers who paid to read your post as well as the ads on the page whose impressions are generated by.. people reading your post.
Yet you post it to slashdot for all to see for free. Possibly you've even paid for the privilege.
Can you be Even More Awesome?!
But then you are depending on those with money to share content. I worked with a site for a video game mod last year. Great site, no adds, wonderful content (and mod files sizes in the magnitude of Megs). Worked off of donations, a few bucks here, a few bucks there would cover the bandwidth needs. After a while, the site's popularity grew, some links from other very popular sites to this site drove the bandwidth and server load through the roof. The site admin bumped the server to a tougher server, which could handle it, and eventually the guy running the site had to pay for a much higher end hosting solution and bandwidth. That shot his relatively low bandwidth bill to way beyond that of what a part time pet project could justify. He started enforcing free registration, and added google adds, which helped, but the cost of thousands apon thousands of users downloading multiple files from 1 meg to 50 megs was extremely costly, even with 3 mirrors. He added more advertising to help cover the cost. And the site is still up today.
Acording to your point of view, he should not have taken any advertising, because it would push people away from his site, but had he not taken any advertisment, his site would be perpetually unreachable until no one visted it due to it's instability.
Advertising, whether you like it or not, is what allows people with limited budgets to maintain high bandwidth publications.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
You and I have much the same way of dealing with ads. However, the idea is that if you are going to see ads, you should see a different one each time. That way, instead of having one product shoved under your nose over and over, you get one look at a large number of products. This increases the chance that you will find at least one of the ads useful and lowers the chance that you will get so fed up you block them all.
As I see it, you have two sensible choices. Either you block all ads or you allow the cookies. Blocking cookies and accepting ads just gets you bombarded with endless repititions of the same thing and that's the worst outcome.
Good, inexpensive web hosting
I'm only accepting cookies from few sites and blocking all but google's text ads. I must say that since I started to surf like this, my user experience has improved vastly.