Slashdot Mirror
More Cookie Investigations
FancyKetchup writes "This time, C|Net is caught up in cookie paranoia with their 'special investigation' into use of cookies on the Senate and House representative websites." From the article: "Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that 'I do not use 'cookies' or other means on my Web site to track your visit in any way.' But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035. " Follow up to a story we reported on earlier.
This is a job for the Cookie Monster!
Its simply amazing that after being posted for a few minutes, mccain.senate.gov is now down. Hmmm...think we can take down www.microsoft.com if we all go there at exactly 4:00pm Pacific Standard Time and hit F5 20 times??
Click Click Bloody Click PANCAKES!
I wonder how many people who think that cookies are horrible intrusions into their privacy really dig websites that auto populate their username and password when they visit them.
Also, having a go at the White House for using WebTrends to collect and analyse visitor data is nuts. When you've got a busy and important site like that, good quality analytics are vital. If they didn't have them, you'd probably find the media criticising the White House for not knowing about their visitor demographics, popular pages etc etc.
That article really just smacks of lazy journalism. Whatever next.. discovering their PC has a "Temporary Internet Files" directory?
Never email donotemail@WeAreSpammers.com
It's less scary after factorization: The cookie will not expire until 5*11*37.
-- Senator John McCain.
I know why people get so upset when cookies are stored, but most of the time it is used for useful things. For example it can be a great way to come back to slashdot and already be logged in. I hate typing in my password all the time. Blah.
I think that if NSA or others decides to keep eye on you - they don't need cookies at all :-)) They have also other more effective technologies in the pocket... So why so big bang around cookies while your phones are being tapped without the court approval?
Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
First of all, I'm guessing its the same cookie that you get if you go to anything.senate.gov
Secondly, whats all the fuss about? Cookies are incredibly harmless compared to everything else floating around the internets. Right?
Oh well. Damn politians. I'm sure John McCain is perfectly correct. He, personally, does not use cookies to track people. He probably doesn't.
"Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that 'I do not use 'cookies' or other means on my Web site to track your visit in any way.' But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035. "
Because, as we all know, all politicians are fully versed in technology and its myriad uses.
The theory of relativity doesn't work right in Arkansas.
McCain assures visitors that 'I do not use 'cookies'
Bush assures citizens that 'we get court orders to do wiretaps'
Why are we surprised?
I doubt McCain did this on purpose, but even if he did, should we be surprised?
I remember the last thread about cookies and the NSA had a lot of people saying 'this is nothing important' and I imagine we'll get the same comments again.
Here's the previous thread set to +3
[Fuck Beta]
o0t!
Can anyone direct me to an easy way to get a "wipe cookies" button in my Firefox toolbar? Perhaps something to make deleting all of my cookies as easy as hitting "refresh" while looking at a high school website?
Trying to use sarcasm in text-based forums does not work.
My cookies get cleared several times a week so what does it matter?
polliwog (http://polliwog.sourceforge.net/ will tell you exactly what EACH and EVERY visitor to your site did, i.e. what pages they visited. The server logs tell all!
"Secondly, whats all the fuss about? Cookies are incredibly harmless compared to everything else floating around the internets. Right?"
wrong wrong wrong.
First just because there there is a lot of other things floating araound, doesn't mean things percieved as minor should be ignored.
Do you know what started the 'don't track cookies' effort withing the government? The white house was tracking people who had cookies from a marijuana advocacy site.
The Kruger Dunning explains most post on
I cleared all cookies and went to mccain.senate.gov - checked the cookies and nothing. Anyone else?
Just because a server sends a cookie doesn't mean that the whole world is tracking what you do. It's precisely this kind of media paranoia that makes development damn near impossible without idiot users bitching about harmless cookies. Guess what. Your ISP has more informaiton about what you do on the net that almost any cookie you can get.
What's a "Temporary Internet Files" directory?
[Fuck Beta]
o0t!
got a link for that thing about the government-marijuana-cookie-tracking thing you menationed?
//mmmm marijuana cookies
not that I don't believe you, i'd just like to read more on it.
If CNet is so concerned about the government using cookies why does CNet use cookies? Why does CNet allow their advertisers to use cookies? Why does CNet and their advertisers use Flash?
Oh, you didn't know that Flash is the new favorite means of tracking you? Hold onto your seat Tonto, you're about to get a wake up call! Flash is far more effective than any cookie ever was and no one seems to notice. Have a look at the contents of:
~/.macromedia
or
C:\Documents and Settings\User_Name\Application Data\Macromedia\
Cookies are incredibly harmless compared to everything else floating around the internets.
Indeed. Cookies are delicious delicacies.
Add N Edit Cookies
I'm still trying to figure out what people mean by 'social skills' here.
Looks like the great cookie scare is back. So what they lied about cookies. COOKIES people. Unless you're Doubleclick with the ability to track users over thousands of sites you're not able to do much.
I call half bullshit. If a user visits maryjowanna.com and get's a cookie form there, that cookie only get's sent back to maryjowanna.com, and never sent to the whitehouse.gov servers by the browser. (all browser/javascript vulnerabilities aside).
Interestingly, Slashdot is using Google Analytics scripts to collect the IPs of users reading it. Look for the source code, there is a javascript entry for urchintracker(), using Google Analytics.
<script type="text/javascript">
_uacct = "UA-32013-5";
_udn = "slashdot.org";
urchinTracker();
</script>
stop and think about what he said for a moment.
Then it doesn't matter if the cookie is set. And McCain's statement "I don't use cookies" can still be true, even if his site sets them. Unused cookies get set all the time. Most web servers set them by default. But just because they're set doesn't mean the site uses them.
Edith Keeler Must Die
AC said: Cookies are delicious delicacies.
I was wondering when someone would get around to saying that.
Slashdot - where to disagree, is to be a troll
Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits.
Unique ID numbers? Cookies are (essentially) text files, that allow the web developer to write the limited amount of information they can gather on you (or more commonly anything they need to track from page to page) onto your machine so that it can be retrieved at a later date by the same web application that stored them.
The Unique ID number they are talking about is actually the Session ID allocated by the server that identifies an individual browser session. Shut down and then reopen your browser, and you'll (most likely) get a different session ID. The completely stuffed thing about the paranoia regarding cookies is that any information that the browser could determine about you (IP, the port you are using, the page you last visited in order to get the the current page) could simply be written to the servers database - irrespective of whether or not you have cookies enabled.
In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.
OMG - that'll end civilisation as we know it! Of course this assumes that some can get their hands on ALL your cookies. Perhaps with Netscape it wasn't so hard given they were all stored in a single file - but I would think (I've never tried myself but the how of it is not obvious) you would need some sort of ActiveX control or an exploit of some kind to be able to access Cookies other than those from your web site.
dnuof eruc rof aixelsid
if you don't want to be tracked, you shouldn't go on the internet or www anyway. in theory people can always "track" you on the world wide web, its not like you dont leave an imprint by a) connecting and b) by accessing a website or server. it's all logged, your IP address, time visited, etc. but the real question is who the heck cares? and cookies? cookies are used to store information, on the USERS computer. sites use cookies for users convenience. they store a value which the site can later access. they have limited potential for danger, and so called "tracking cookies" are redundant, if someone cares enough, they could track you without a cookie. the ONLY real problem I know with cookies is if someone steals them with XSS and then is able to steal a session or something from you. But thats like saying "the only REAL problem with connecting to the internet is that somebody MIGHT ssh to my computer and steal stuff" or "the only REAL problem with going outside is that I might get run over by a bus".
Ben Forte of ColdFusion fame has quite a good reply to the cookie news items.
I wonder if the government anti-cookie rule / recommendation / whatever it is exactly, has caused some developers to avoid even session cookies by using URL strings instead. These are less secure than cookies because they end up in web logs, get bookmarked, emailed etc. Despite what another post said, I don't think cookie values generally end up in logs.
I admit to using session strings myself because a few years ago lots of people were scared into turning cookies off in their browser. That doesn't seem to be much of a problem these days. I hope this misguided publicity is not going to trigger a return of those days. Likewise for Javascript.
" This is a job for the Cookie Monster!"
That's it! Kill him, kill him now. He doesn't actually eat the cookies. He just pretends to!
As far as I have seen from experience, the vast majority of cookies in use today are merely for storing a user's session key. They just store your virtual "connected" status (with the otherwise connectionless HTTP) for the duration of your visit to the site, and expire and are discarded after a few minutes of idleness (usually 30 minutes).
Of course, it would be nice to not have session cookies at all, but it appears to the user to be the most transparent. The other main method is to have a session key in the URI. How many times have you seen "?sessionid='somedata'" or "?JSESSIONID='somedata'" appended to the end of a URL?
The other ways, such as hashing the agent's info (ip address, browser, etc) on the server and doing a lookup for every page request, or passing the data back and forth in 'type=hidden' form fields, are less reliable.
I think that if someone would tell the media this missing bit of info, the hype might fade, if only temporarily. There are too many Chicken Littles (Cassandras?) in the world for paranoia to take a permant holiday.
He lied. He's a politician. Get over it.
If cookies are bad why do browser makers include them? Maybe there are not all the bad?
r s/reference/behaviors/userdata.asp
e ment.html#attr_persist
:-) Because people seeking for cookies will not check this things that theoretically may do the job well... ;-)
Why the client-side data storage is so popular that even Microsoft embraced it more with its User-Data
http://msdn.microsoft.com/workshop/author/behavio
And why Mozilla brings it's persistent attributes to the world-famous secure browser?
http://xulplanet.com/references/elemref/ref_XULEl
And I ensure you that these things are more evil then the most evil cookie monster
But what if they are not so bad?
Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
at least whitehouse.com looks OK to me...
Flash is much much much worse. Take a look at this:n /flashplayer/help/settings_manager02.html
http://www.macromedia.com/support/documentation/e
Here's a question for those (many) who are wiser than I. I don't like the idea of having my actions tracked by cookies, but what has always really concerned me about them is that I have no control over what information is recorded in those cookies and--in effect--made public. I'm talking more about stupidity than malevolence here. Suppose I order something from some dumb vendor, and his web page decides to record my name, address, credit card number or even--horrors!--my top secret Social Security Number in cleartext. If someone wrote a cookie like that, any server I visit could read it, couldn't they? Or am I paranoid? Never mind that last...of course I'm paranoid...but am I right?
Great men are almost always bad men--Lord Acton's Corollary
Perhaps someone can enlighten me, but how are cookies a privacy issue? The cookie gives the site access to information which it created in the first place, not any of your personal data. Anything it stores in a cookie could just as well be stored on the server. Cookies provide a slightly better way to tie data to a user than by ip address, but even then it's not really reliable identification.
<meta="Cookie Monster">
<Frank Oz>
C is for cookie. That's good enough for me!
</Frank Oz>
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
I bet McCain has web-logs!
That's true now, but it wasn't always. Back about ten years ago, any site could ask for your complete cookie list and view any cookie it wanted. That made it possible to track you across sites, and people didn't like it one bit. Then, browsers were changed so that no domain could see cookies it hadn't set itself. Naturally, computer illiterates who'd managed to learn "cookies are bad" never caught on to the fact that the problem's been fixe and still fear them. It's possible that the story about tracking marajuana sites came from back there, but I've never heard it before.
Good, inexpensive web hosting
will tell you exactly what EACH and EVERY visitor to your site did, i.e. what pages they visited. The server logs tell all!
If that was true why would a multi million dollar company base its entire business on this rather large piece of code talking to their servers ?, read the code, dissasemble the functions, and imagine what kind of stats you could create with it when applied through a relational db
the server log will only tell you so much, in stats there is only 1 rule, get as much data as you can, in this case every single bit of client data the browser and user can give them
Ok, First off I'll visit John McCain's website and let's see what cookies I get... ... hrmmm, none, not even a session cookie.
...looking for cookies from senate.gov domain (just in case they're being stored as wildcard cookies) ... nope none.
dum de dum dum...
looking for cookies from mccain.senate.gov
okay, now let's hop on over to the referenced article slamming John McCain's website for setting a cookie on CNET ... .. 2 .. 3 .. 4 .. 5 .. 6 .. 7 ... 7 cookies for news.com.com. Let's have a look at them...
Hrmmm....
Cookies for news.com.com...
Ok there's (counts) 1
ok, two of them are session cookies, "team" and "isFlash7". Not sure what team is for, but isflash7 appears to be an indicator that i have flash 7 on my system (I wonder if I explicitly set that to 0 if CNET would stop serving me flash ads? Anyways, no need since I use Adblock).
There are three cookies that are numbers followed by _uu. They appear to be set for a duration of one year and appear to track which articles I've viewed on CNET. These are the *gasp, shock horror* "tracking cookies" (queue "dun dun duhhhhh" dark sounding music).
The other two cookies appear to be set for one month and are "whatshot" and "contextPane". They appear to be some sort of preference settings, but I don't ever recall telling them I want to see a graphical "what's hot" button or a large "Content Pane" right in the middle of the article I'm trying to read. I wonder if tweakign with these cookies might get rid of those?
To me this article stinks of the pot calling the kettle black, only there is no kettle. Either McCain's webmasters fixed the site to stop sending this cookie as soon as the article broke, or Declan McCullagh and Anne Broache (the writers of the CNET article) visited a page on his site that I didn't, or they're outright lieing. At any rate, they really should've checked thier own site before going on this rampage against McCain.
Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.
The article summary is incredibly biased and unfair. The article does not promote cookie paranoia. It states that most uses of cookies are innocuous but that, in the worst case, they can be used to track users across multiple sites. This is entirely correct.
The main point of the article is not that congressional web sites are violating our privacy, but that congressmen are being hypocritical on the issue, by seeking to impose rules that they cannot follow themselves.
Everything will be in the server logs? You mean those URLS that are supposedly where I am posting from, or those forged MAC addresses I use?
Tor, proxies etc are your friends, yes. Go ahead, read those phony server logs.
In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.
OMG - that'll end civilisation as we know it! Of course this assumes that some can get their hands on ALL your cookies. Perhaps with Netscape it wasn't so hard given they were all stored in a single file - but I would think (I've never tried myself but the how of it is not obvious) you would need some sort of ActiveX control or an exploit of some kind to be able to access Cookies other than those from your web site.
I have worked with cookies extensively, but haven't come across any bug or other clever means of using cookies to track a user's movements *across* websites. The fundamental basis for a cookie is that it's attached to a domain - And the server can access the cookies file from the client for ONLY the domain it belongs to (the HTTP headers are compared to check the domain the cookie is requested for). Thus, like you said, the cookie at best, is a poor man's, simple mechanism of tracking user movements across pages - that too, mainly for improved navigation
Any clever stuff such as enhanced navigation (bringing the user back to a page where they started via a custom "back" button, etc) or managing the shopping cart (which a *LOT* of start-ups used the cookies for in the dot-com era), has long moved to session (which is lately hot-replicated to disk/DB but out of scope for this discussion)
For both the author of TFA and the senators getting their knickers in twist over this, smacks of ignorance
http://efil.blogspot.com/
Unlike, say, www.mccain2008.com or mccainforpresident.com (hypothetical, not actual, links), the site mccain.senate.gov is not *his* site, per se. It is a sub-page within the senate.gov site, and I assume must adhere to the cookie policy of the parent site.
As others here have noted, a cookie is not evil. It is like any other tool - a tool that can be used for any number of purposes. This rash of OMG WTF cookiez everywhere is silly.
As a side note, I worked for McCain in the late 80s as a summer intern in his Phoenix office. I never found him to be anything but straightforward and decent.
Regards, John Hancock.
I stand corrected. Thanks! ^^
"McCain assures visitors that 'I do not use 'cookies'
Bush assures citizens that 'we get court orders to do wiretaps'"
You know, this is the thing that really shorts my circuits sometimes. Here we have a president who has effectively admitted, "Yeah, so I attack foreign nations, imprison and torture anyone I want to, arbitrarily decide who's allowed to fly and who's not, spy on anyone I want to, whether the courts want me to or not." And people very earnestly debate whether this is a partisan issue, and if so, which way will the libertarians move?
But hey folks, get the rope ready, start heating the tar and plucking the chickens, 'cause the senate website has cookies!
Crumb's Corollary: Never bring a knife to a bun fight.
Interesting that a post that shows distrust of the Democrats is modded Flamebait. I'll bet that if it were an anti-Republican post it'd be Insightful. Group-think, ain't it grand!
Good, inexpensive web hosting
He's a politician. Politicans are expected to make random statements regarding matters about which they know nothing. Kinda like marketing people, but worse.
and if you wish to turn off or alter the flash player settings you have to visit a page on macromedia.com (wtf!?) which has some rather nasty tracking on it itself
funny how they forgot to build the privacy controls into the player but managed everything else and using regular cookies just wasnt enough
is there a good way (script or program) to automagically poison all accepted cookies so they return *interesting stuff back to whomever set the cookie and tries to retrieve data?
I think that would be fun, at least for a few days anyway.
*goatse, a hearty FU, link to russian mafia porn site, automatic redirect to most prolific adware host, or etc. ya know, stuff.
Maybe its just me but given all the current issues that are cropping up with the NSA and the president doing electronic taps without warrents or oversight, that worrying about cookies is probably something that is of much lesser importance? Possibly laughably so in comparison. The people who run John McCain's senate site probably are not going to use that data to link you to some terrorist plot or whatever have you; no, some guys in the NSA are going to skip the whole cute cookies bit and get straight down to a direct-line tap where they see everything that moves across the line, and they are going to do it based on what they think, no judges required. I am not saying, 'Who cares' since it is important that federal websites follow federal guidelines regarding privacy, but I really hope that we all dont start getting caught up in regulating federal website cookies while the real flagarent, Big-Brother level infringement goes on undiscussed.
"What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
well I was close. My memory is failing.
g ency.privacy.ap/index.html
t ml?tw=rss.index
- 06-20-00&cat=AN
http://www.cnn.com/2005/TECH/internet/12/29/spy.a
relevant quote:
"The government first issued strict rules on cookies in 2000 after disclosures that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. Even a year later, a congressional study found 300 cookies still on the Web sites of 23 agencies."
however it still makes my point on one way a cookie can be used for malice.
http://www.wired.com/news/wireservice/0,69945-0.h
shows how cookies can be used to trace you through the web, as it were.
http://shns.scripps.com/shns/story.cfm?pk=COOKIES
"White House ads offering information on marijuana pop up when Internet users search for certain words connected to drugs on Internet search engines like AltaVista or Lycos. The banner ads steer users to the anti-drug site Freevibe.com, which is operated by the White House drug office. A tracking cookie is inserted in the user's personal computer as the site is activated.
Although Freevibe's privacy notice states that "no information, including your e-mail address, will be sold or distributed to any other organization," the site is connected Doubleclick.com. Officials of Doubleclick, a New York advertising firm that is one of the largest companies gathering data on Internet user use, told the Senate Commerce Committee last week it is developing new products that will profile more than 40 million Internet users."
here is an example where your information is tracked and sold.
I won't go into wether or not these particular cases where intended to abuse anyone, but it would be just as easy to use this data for profiling.
Would it be hard to imagine someone thinking "Well, if they are looking for ways to kick a drug habit, then they probable have drugs. Lets go arrest them!"?
oddly, I can't find the story that I heard about it originally.
The Kruger Dunning explains most post on
Those who don't understand cookies are doomed to argue against them, poorly.
You don't need cookies to track people online. IP plus browser string works fine if the number of users is small enough. In most online forums, I can (if I wanted) track forum members just by checking my server log for hits to my linked avatar. Without any setup/work required on my part, just with the host's default server settings, it tells me their ip address, the referer (which of my posts they were reading), when they viewed it, and what browser they're using. Combined with things I know about them and other information like the "users viewing this forum" information that so many boards share, I imagine I could match usernames to ip addresses, and even find the exact identities of some of them. People might expect a website to track them, but they never expect other users of the site to track them, without cookies. If you're so worried about being tracked, try blocking third party images in addition to those third party cookies you're probably already blocking.
Almost every website I go to, especially Apache websites run by techies who are highly unlikely to actually look at the cookie responses, seems to try a cookie request and then not mind if you reject it. (I normally run my browser with ask-me mode as the default because I want to know what sites are doing.) Is this a default, or does everybody really tell their website to do this? The cookies are normally from the sites themselves - it's not just cookies from ad-banners or whatever.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Since you have worked with cookies 'extensivly' I suggeast you take 2 seconds out of your day and do some research about cookie exploits. I suggest google.
a. I didn't say I used cookies extensively - Though I have (and do) use them quite a bit.
b. I did say it was probably only possible through an exploit - I've found mention of a couple of exploits and they are either VERY old (like your reference) or mentioned in security updates. To base your ability to profile Internet users (like doubleclick) on an exploit would be a great way to have a short career.
dnuof eruc rof aixelsid
I suspect that I fall into the category dismissed as paranoid, but I think there are two things that really bother me about the use of cookies:
1) The fact that I can't understand the data contained in the cookie. Granted, I realize this is because in the early days of cookies, the info was saved as simple text and that was a huge security risk. I understand that personal data has to be encrypted for the sake of security, but other than personal data, I would like other data to not be gibberish. However, it appears all cookies are incomprehensible gibberish to me, and that makes me less trustful of them. I realize that this is not a consistent position. I can't read or understand the code that runs my computer, but I don't resent this the same way I do cookies. My distrust of cookies goes back to the early "abuses" of Doubleclick and their ilk, and this has left me less than receptive to cookies in general.
I always block cookies from every site I visit as a matter of habit because of the early cookie "abuses." If a site does not work properly because I have blocked its cookies, then I decide whether the content/service is valuable enough to me to allow the cookies--even then, I never allow persistent cookies. I simply don't understand why any site needs to set cookies that are valid until 2035. That strikes me as incredibly intrusive.
If all I want to do is browse content and the site does not function without cookies, then I leave the site, usually cursing under my breath or out loud if it was a particularly stupid cookie use.
2) What is even more heinous in my mind is the number of cookies thrown at you from domains outside of the one you are technically visiting. Granted, I always block third party cookies, but when I review (via adblock) the amount of crap being pumped into my browser that does not originate from the site I'm actually visiting (such as from google-analytics.com and a.as-us.falkag.net on the page where I'm typing this right now) and some of this content is delivered attached to a 1x1 invisible pixel, I can't help but wonder why sites are trying to hide from me what they are trying to do. And, of course, cookies are usually attached to these invisible intrusions.
Perhaps I would be less suspicious if I understood what was being accomplished, but the mere fact that it appears that these companies are trying to hide what they are doing makes me suspicious of their intent.
Does that qualify me for a tinfoil hat? Hmmm---perhaps I shouldn't ask that question here...
Cookies are created by the web browser.
Software that a user willingly installed on there system.
The problem is not at all with the websites.
It's with the web browsers.
Some people are idiots and don't understand the technology.
...and that is all I have to say about that.
http://jessta.id.au
Haven't you seen the movie 'Dick'? Those marijuana cookies solved major diplomatic issues with Asia!
Hello Dolly!
I wouldn't blame McCain (even though I'd like to.) Other senators websites have the exact same quotes. I'd blame their webmasters whom appear to be cut-and-paste'ing. http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=% 22I%20do%20not%20use%20'cookies'%20or%20other%20me ans%20on%20my%20Web%20site%20to%20track%20your%20v isit%20in%20any%20way.%22
This is actually media coverage about something very small to distract the media and common users from the real point and what is actually happening around us (the scandals around the wiretapping for example... what do you mean already forgotten???)
Custom electronics and digital signage for your business: www.evcircuits.com
From http://mccain.senate.gov/
:-)
Sorry, the http://mccain.senate.gov/ web page you have requested is experiencing technical difficulties. The Webmaster has been alerted.
You will be automatically redirected to the http://mccain.senate.gov/ Home page after 10 seconds.
I love sites that slashdot themselves. It takes the work away from actually havign to pound the refresh button
Now, they don't know it' YOU, persay. They know your IP address, though and the time you visited and you now have a cookie with an ID that matches an entry in a database. The next time you visit, they track where you go on the site and notice you're researching smuggling laws or something... ding ding ding. Off go the bells if someone's actually watching.
Just one (extreme) example, imo. Nonetheless, cookies aren't allowed on public government sites without approval.
---John Holmes...
Not only that, but the error page has you reload it every 10 seconds.
If people leave it open in a spare tab and ignore it. The site might be down for quite a while
Wow. They're 'hypocrites' for 'not understanding the technology'. Wrong, wrong wrong. They might, at worst, be stupid, and we've all been there. How many people can honestly say they knew everything about a product they used for the first time?
Please, give me more Google stories, at least those were somewhat thought provoking.
Web cookies actually derive their name from a drug reference, since the terminology comes from the old X11 MIT-MAGIC-COOKIE feature. I am reliably informed that, in certain circles, a "magic cookie" is an eatable which contains cannabis, LSD, or some other such substance. Of course, I grew up in the 1980s, so I have always Just Said No.
I cannot believe we are having this cookie debate again! The reason any media outlet even discusses cookies is they know the fear and panic which can be stirred up using phrases like "Track you movements on the web" and then we throw in "I can find out more about you in my server logs than I can with cookies". - It's all about creating headlines which get people to click!
Let's start with server logs, not cookie based reporting systems like Google Analytics or those available through software like WebTrends. I am talking raw server logs.
Depending on the server, you can set the logs to track a great deal of information. IP address, web browser, platform, DateTime etc... The one piece of information which is going to help me find you is your IP address. Now knowing your IP address I can find out (95% of the time) which service provider you are using and possibly in what part of the country, maybe even down to the state. For example, an IP address could tell me you are logged in with Road Runner somewhere in Southwest Ohio.
But I want to know more about you, so I call Road Runner and ask them to tell me who was using the IP address at the time you were visiting my site. Do you think Road Runner is going to give me your name and address as well as e-mail or any other personal information? HELL NO! Not without a court order and how many times have we seen court orders fought tooth and nail?
Alright, so Road Runner isn't going to give me your personal information, So now I wait for you to register at my website. You register, fill out the form with your email address, your home address, phone number and full name. Now I have all the information I want, and guess what, YOU gave it to me. First of all, WHY did you give me all this information to look at some nude photos of Angelina Jolie? Your privacy must not really be that important to you.
Second - Now I can use my log files to track you by the IP address I recorded when you registered. But wait, most IP addresses are not static. You get a new one from a DHCP server every week or two. So at best I can track your every move on MY websites for a couple weeks. If you go through a proxy server everyone else who uses that proxy will have the same IP address (example - all AOL users have the same 'public' IP address), If you have a static IP address, I can track you for longer periods of time. - You really are NOT that important!
Verdict - Server Logs - Good for aggregate data - Not very good for tracking!!
On to the scare of the day - Cookies
All I can say again is WOW! You should be as afraid of cookies as you are of choking on a chocolate chip. Cross domain cookies, I look forward to that day. I have been developing websites for over 10 years and that would make my life a whole lot easier!
This crap about the marijuana ad from the government - PLEASE, PLEASE, PLEASE, Please, please, please, please - educate yourself rather than believe the people who right this crap. I do not want to spend anymore time on the phone or answering emails from pissed off customers who have heard from the local 'privacy advocate' (their 16 year old son who just read the above mentioned crap) that cookies are horrible and I can change that customers Will to read I am the primary beneficiary.
I can only read from cookies what you tell me. If it's important information, I will store it in a database rather than in a cookie on your hard drive. If you never come back to my site, how will I ever get the information back? Can a third party read my cookie? Only if they install something on your PC to do it.
Most, Dare I say - all, legitimate websites use cookies to do one thing, to give you a better experience on that site. If you have no interest in my widgets, I would like to know that so the next time you come back to my site, I don't populate the homepage with Widget pictures, news and product information. You don't want to see it but your not going to call me up and say "Hey, I don't want to see your damn widgets"
If yo
If you do not wear gloves and mask when you go to voting booth, you shouldn't worry about cookies.
If you drive on a highway with license plate and untinted window, you shouldn't worry about cookies.
If you send out your personal information to IRS about your income, you shouldn't worry about cookies.
If you give out your social security number for governement grant and loan, you shouldn't worry about cookies.
If you do not hide your face and walk the other way when police is near by, you shouldn't worry about cookies.
If you are willing to enable JavaScript and Java and cookies from 3rd party domain just so you can download some porn off internet, you really shouldn't be worrying about cookies.
Matter of fact, unless your definition of "home alone" involves underground bunker in secluded mountain side or an island, you shouldn't worry about cookies.
"Don't let fools fool you. They are the clever ones."
--- x1 2006-01-07 01:01:49.000000000 -0600 /* to don't look stupid if they discovered something bad on my site */) ); /* to don't look stupid if they discovered something bad on my site */
+++ x2 2006-01-07 01:02:10.000000000 -0600
@@ -1,7 +1,7 @@
if (REFERER == "http://slashdot.org") {
- bring_site_down();
notify_senator();
send_to_lawyers(download_slashdot_article(REFERER
spoof(404);
+ bring_site_down();
}
-
You are being MICROattacked, from various angles, in a SOFT manner.
The Unique ID number they are talking about is actually the Session ID allocated by the server that identifies an individual browser session
No, actually, 99% of the time, the cookie is there to allow for unique identification, getting around the fact that http is stateless. This could be storing a username or a user id or something else. Session IDs are also often stored in cookies, but that really is not what they're talking about here.
Yes, you are correct, storing a unique ID for a session (be it the session ID - which may repeat - or an application/database generated value) in a Cookie would be one use for a cookie - but it is not a cookie.
dnuof eruc rof aixelsid
... whats all the fuss about? Cookies are incredibly harmless compared to everything else floating around the internets. Right?
The fuss, at least as far as I'm concerned, is that a) cookies are a means to spy on people and b) cookies can be used to abridge speech.
The first one is pretty simple to prove, as once cookies are allowed by the government, it's only a fraction of time before the members of the legislative and executive branches will conspire to track people who visit both sites. Why? Well, more than likely for reelection reasons. What better way to find out what people want or need than to track the interest of people in various laws as well as their actual usage of various governmental services. Even better, whoever is in power in the executive branch has the potential to do all of this for effectively free. This gives an incredibly unfair advantage to those in power to be reelected in the future.
But, equally as scary is the use of tracking to figure out hotspots that are anti your campaign. Instead of being able to anonymously read various bills that you support, it'd be possible to specifically target people through tracking and "free speech zones"--such are illegal, AFAI am concerned, anyways--to further distort public perception. The Founding Fathers might have never envisioned a 1984-esque world or thought the 4th amendment was necessary to prevent such, but when it's possible for the government to secretly monitor you (and seeing how cookies are on by default, with further the point that there was a guideline (and the Constitution) that made keeping cookies around for tracking), it's possible for the government to manipulate you or others.
So the big deal is stopping what would almost certainly happen if we just let the situation slide because it doesn't seem to be a big deal.
Eurohacker European paranoia, gun rights, and h
Yes, looks better. :-)
public function bring_site_down() {
apachectl -k graceful-stop
}
Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
- mccain.senate.gov (from earlier visits on my other computer)
- schumer.senate.gov
- durbin.senate.gov
- kerry.senate.gov
- judiciary.senate.gov
- kyl.senate.gov
- frist.senate.gov
- hsc.house.gov
- appropriations.house.gov
At least it's a bipartisan issue. I'd better delete them quickly or people might think I stay informed about my government. Good thing aljazeera.net doesn't set a cookie or my name might appear on the [...this text censored by the NSA...] list.This space intentionally left blank.
No, like I said in my comment, it's not "one use", it's the use 99% of the time. The whole point of cookies is to supplement stateless http with stateful information. Whether that statful information is a number identifying further state info in a database or whether it is the stateful info itself doesn't matter.
I mentioned this in the first place because of your apparent misunderstanding of unique identification of cookies, here:
The things you list can of course be written to the server's db (and are automagically written to server logs anyway, most of the time), but then that's not why people use tracking cookies.
Awww, did my post tick off some Democrats? I'm so sorry.
This just in...
GOVERNMENT SECRETLY TRACKS CITIZENS
Washington, D.C.-- A secret group of contractors, hired by the White House, have started tracking the movements of citizens in an information kiosk set up outside the Capitol building.
"This is a blatant violation of privacy," said Murtaugh King, privacy advocate and internet blogger. "What they are doing fundamentally violates the constitution."
According to a White House spokesman, the information kiosk was set up outside the capitol building as a way to give visitors important information about various branches of government. "We set this thing up completely free of charge, as a service to our citizens. People are able to find lots of useful information about Washington in there."
When asked about the secret tracking of citizens, the spokesman replied, "Well, yeah. We have a Welcome Clerk named Cookie sitting at the front desk. She assigns each visitor a number, logs the number and the time of the visit in a book, and gives the visitor a name tag with the number printed on it. This is used to help each visitor gather information. If they find a bit of information they would like to keep, the Welcome Clerk marks it next to their number, so they don't have to carry a lot of heavy books and papers around. When the visitor leaves, the Welcome Clerk helps them gather all the information they marked in the book."
"The book itself is very secure. We have a Secret Service detail, codenamed H.T.T.P., watching it, and it is guarded from the air by Apache helicopters."
Some privacy advocates are very worried about the implications of such a numbering scheme.
"This is totally insecure," said Professor Richard Weede, an Assistant Associate Professor of Advanced Snooping at Georgetown University. "When these unwitting visitors enter another kiosk, the Welcome Clerk there can read all the nametags already on the visitor's shirt. They could very easily track the other kiosks this person was visiting and use that information against them."
When asked how this tracking would be accomplished since none of the kiosk sites publish the name of their kiosk on the nametags, Professor Weede replied, "Well, I suppose they could steal the big book at the other kiosk or something."
The Professor was also asked about the security implications of removing the nametags before entering another kiosk, at which point he mumbled something about "spy satellites" and said he was late for a meeting.
Senators Orrin Hatch (R, UT) and Ted Stevens (R, AK) called for an emergency session of Congress to battle this new breach of privacy.
by AeroIllini. Additional reporting by anonymous internet heresay.
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.