Slashdot Mirror
More Cookie Investigations
FancyKetchup writes "This time, C|Net is caught up in cookie paranoia with their 'special investigation' into use of cookies on the Senate and House representative websites." From the article: "Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that 'I do not use 'cookies' or other means on my Web site to track your visit in any way.' But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035. " Follow up to a story we reported on earlier.
Also, having a go at the White House for using WebTrends to collect and analyse visitor data is nuts. When you've got a busy and important site like that, good quality analytics are vital. If they didn't have them, you'd probably find the media criticising the White House for not knowing about their visitor demographics, popular pages etc etc.
That article really just smacks of lazy journalism. Whatever next.. discovering their PC has a "Temporary Internet Files" directory?
Never email donotemail@WeAreSpammers.com
I know why people get so upset when cookies are stored, but most of the time it is used for useful things. For example it can be a great way to come back to slashdot and already be logged in. I hate typing in my password all the time. Blah.
polliwog (http://polliwog.sourceforge.net/ will tell you exactly what EACH and EVERY visitor to your site did, i.e. what pages they visited. The server logs tell all!
[Fuck Beta]
o0t!
Just because a server sends a cookie doesn't mean that the whole world is tracking what you do. It's precisely this kind of media paranoia that makes development damn near impossible without idiot users bitching about harmless cookies. Guess what. Your ISP has more informaiton about what you do on the net that almost any cookie you can get.
I think the new firefox (1.5) has a Ctrl-Shift-Delete hotkey thing to clear cookies, history, and a few other things. Pretty neat, actually. Haven't found an equivalent quick-stop privacy cleaning thing in IE nor Konqueror...though I must admit I haven't really looked too hard on IE since Firefox came around. :)
Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits.
Unique ID numbers? Cookies are (essentially) text files, that allow the web developer to write the limited amount of information they can gather on you (or more commonly anything they need to track from page to page) onto your machine so that it can be retrieved at a later date by the same web application that stored them.
The Unique ID number they are talking about is actually the Session ID allocated by the server that identifies an individual browser session. Shut down and then reopen your browser, and you'll (most likely) get a different session ID. The completely stuffed thing about the paranoia regarding cookies is that any information that the browser could determine about you (IP, the port you are using, the page you last visited in order to get the the current page) could simply be written to the servers database - irrespective of whether or not you have cookies enabled.
In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.
OMG - that'll end civilisation as we know it! Of course this assumes that some can get their hands on ALL your cookies. Perhaps with Netscape it wasn't so hard given they were all stored in a single file - but I would think (I've never tried myself but the how of it is not obvious) you would need some sort of ActiveX control or an exploit of some kind to be able to access Cookies other than those from your web site.
dnuof eruc rof aixelsid
if you don't want to be tracked, you shouldn't go on the internet or www anyway. in theory people can always "track" you on the world wide web, its not like you dont leave an imprint by a) connecting and b) by accessing a website or server. it's all logged, your IP address, time visited, etc. but the real question is who the heck cares? and cookies? cookies are used to store information, on the USERS computer. sites use cookies for users convenience. they store a value which the site can later access. they have limited potential for danger, and so called "tracking cookies" are redundant, if someone cares enough, they could track you without a cookie. the ONLY real problem I know with cookies is if someone steals them with XSS and then is able to steal a session or something from you. But thats like saying "the only REAL problem with connecting to the internet is that somebody MIGHT ssh to my computer and steal stuff" or "the only REAL problem with going outside is that I might get run over by a bus".
Ben Forte of ColdFusion fame has quite a good reply to the cookie news items.
I wonder if the government anti-cookie rule / recommendation / whatever it is exactly, has caused some developers to avoid even session cookies by using URL strings instead. These are less secure than cookies because they end up in web logs, get bookmarked, emailed etc. Despite what another post said, I don't think cookie values generally end up in logs.
I admit to using session strings myself because a few years ago lots of people were scared into turning cookies off in their browser. That doesn't seem to be much of a problem these days. I hope this misguided publicity is not going to trigger a return of those days. Likewise for Javascript.
One way is to make all cookies session-only, Edit -> Preferences -> Privacy -> Cookies -> for the originating Web site only.
:) That should be Edit -> Preferences -> Privacy -> Cookies -> Keep Cookies: Until I close Firefox.
I think you forgot halfway through what you were trying to do
Originating web site only is good too, but it won't remove the cookies.
Flash is much much much worse. Take a look at this:n /flashplayer/help/settings_manager02.html
http://www.macromedia.com/support/documentation/e
Probably no one will read this since it's below the default level but. In many sites there reference and image and that image comes from a common place like doubleclick, in that case they can track you, albeit anonymously which while probably not a an issue for you it was provide them the trend information they want. No what makes them bad is that if there ever tie you to that cookie they are now tracking you on line. How is that possible you ask, well maybe you filled out a form somewhere or logged into a site. But the real problem is that email sometimes contains HTML and if that page loads images for example your surfing is now tied to your email address.
Make sense?
Auto-population of userid and password is not something that all browsers support, so these sites use cookies to provide this feature for all browsers. Not only that, but some websites include HTML that specifically tells the browser NOT to remember userid and password. Banks typically do this, although the HTML can be overridden with Javascript.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart