Slashdot Mirror
More Cookie Investigations
FancyKetchup writes "This time, C|Net is caught up in cookie paranoia with their 'special investigation' into use of cookies on the Senate and House representative websites." From the article: "Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that 'I do not use 'cookies' or other means on my Web site to track your visit in any way.' But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035. " Follow up to a story we reported on earlier.
This is a job for the Cookie Monster!
Its simply amazing that after being posted for a few minutes, mccain.senate.gov is now down. Hmmm...think we can take down www.microsoft.com if we all go there at exactly 4:00pm Pacific Standard Time and hit F5 20 times??
Click Click Bloody Click PANCAKES!
I wonder how many people who think that cookies are horrible intrusions into their privacy really dig websites that auto populate their username and password when they visit them.
Also, having a go at the White House for using WebTrends to collect and analyse visitor data is nuts. When you've got a busy and important site like that, good quality analytics are vital. If they didn't have them, you'd probably find the media criticising the White House for not knowing about their visitor demographics, popular pages etc etc.
That article really just smacks of lazy journalism. Whatever next.. discovering their PC has a "Temporary Internet Files" directory?
Never email donotemail@WeAreSpammers.com
I think that if NSA or others decides to keep eye on you - they don't need cookies at all :-)) They have also other more effective technologies in the pocket... So why so big bang around cookies while your phones are being tapped without the court approval?
Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
"Sen. John McCain, R-Ariz., for instance, has been a longtime advocate of strict privacy laws to restrict commercial Web sites' data collection practices. In a statement posted on his own Web site, McCain assures visitors that 'I do not use 'cookies' or other means on my Web site to track your visit in any way.' But visiting mccain.senate.gov implants a cookie on the visitor's PC that will not expire until 2035. "
Because, as we all know, all politicians are fully versed in technology and its myriad uses.
The theory of relativity doesn't work right in Arkansas.
That all depends on what the meaning of "is" is.
I am unamerican, and proud of it!
Just because a server sends a cookie doesn't mean that the whole world is tracking what you do. It's precisely this kind of media paranoia that makes development damn near impossible without idiot users bitching about harmless cookies. Guess what. Your ISP has more informaiton about what you do on the net that almost any cookie you can get.
got a link for that thing about the government-marijuana-cookie-tracking thing you menationed?
//mmmm marijuana cookies
not that I don't believe you, i'd just like to read more on it.
If CNet is so concerned about the government using cookies why does CNet use cookies? Why does CNet allow their advertisers to use cookies? Why does CNet and their advertisers use Flash?
Oh, you didn't know that Flash is the new favorite means of tracking you? Hold onto your seat Tonto, you're about to get a wake up call! Flash is far more effective than any cookie ever was and no one seems to notice. Have a look at the contents of:
~/.macromedia
or
C:\Documents and Settings\User_Name\Application Data\Macromedia\
Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits.
Unique ID numbers? Cookies are (essentially) text files, that allow the web developer to write the limited amount of information they can gather on you (or more commonly anything they need to track from page to page) onto your machine so that it can be retrieved at a later date by the same web application that stored them.
The Unique ID number they are talking about is actually the Session ID allocated by the server that identifies an individual browser session. Shut down and then reopen your browser, and you'll (most likely) get a different session ID. The completely stuffed thing about the paranoia regarding cookies is that any information that the browser could determine about you (IP, the port you are using, the page you last visited in order to get the the current page) could simply be written to the servers database - irrespective of whether or not you have cookies enabled.
In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.
OMG - that'll end civilisation as we know it! Of course this assumes that some can get their hands on ALL your cookies. Perhaps with Netscape it wasn't so hard given they were all stored in a single file - but I would think (I've never tried myself but the how of it is not obvious) you would need some sort of ActiveX control or an exploit of some kind to be able to access Cookies other than those from your web site.
dnuof eruc rof aixelsid
Ben Forte of ColdFusion fame has quite a good reply to the cookie news items.
I wonder if the government anti-cookie rule / recommendation / whatever it is exactly, has caused some developers to avoid even session cookies by using URL strings instead. These are less secure than cookies because they end up in web logs, get bookmarked, emailed etc. Despite what another post said, I don't think cookie values generally end up in logs.
I admit to using session strings myself because a few years ago lots of people were scared into turning cookies off in their browser. That doesn't seem to be much of a problem these days. I hope this misguided publicity is not going to trigger a return of those days. Likewise for Javascript.
The trick is that the cookie can be linked to your personal information.
The class "compromising cookie" scenario involves a cookie set by an embedded image from a different server.
Say that Evil, Inc runs a banner server banners.evil.com, which puts ads on kinky.xxx and on yourchurch.org (or maybe just an invisible "web bug" on either site). When you visit kinky.xxx, your browser requests the banner from banners.evil.com, which sets a cookie saying "I went to kinky.xxx and all I got was this lousy cookie". That cookie will be sent along with any request your browser makes to banners.evil.com.
Then you log in to yourchurch.org. Their home page has an image tag with a source like "http://banners.evil.com/spyonme.php?username=your name". Your browser makes this request to banners.evil.com, sending along the cookie that server set eariler. Your browser thus tells Evil, Inc your yourchurch.org username (in the image URL) and the fact the you visited kinky.xxx (in the cookie it).
Evil, Inc phones up your pastor and lets him know so that he can shame you in front of the parish the next Sunday (turns out this is all part of your church's anti-porn crusade).
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood