Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds May Soon Be Allowed To Use Cookies

Posted by timothy on from the it-looks-like-you're-building-a-bomb dept.

fast66 writes "The White House may lift its policy barring federal Web sites from tracking users' online behavior. In place since 2000, the cookie policy issued by the Office of Management and Budget was intended to protect citizen privacy but has sparked criticism — even from White House officials — for hampering citizen outreach. On Friday, Bev Godwin, the director of online resources and interagency development at the White House's new media office, blogged on the White House Web site, 'We want to use cookies for good, not evil' — and invited the public to comment on cookies through various online channels, including the Office of Science and Technology Policy blog."

14 of 181 comments (clear)

  1. No problem by religious+freak · · Score: 4, Insightful

    If you don't like cookies, block them. For those that don't even understand what a cookie is, make it clear what the government is doing and prove it through open source. Makes for a better web experience.

    What's the problem with that?

    --
    If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
    1. Re:No problem by Actually,+I+do+RTFA · · Score: 5, Interesting

      If you don't like cookies, block them... What's the problem with that?

      I block cookies, javascript and all plugins (with the exception of my whitelist). The problem is that more and more sites annoyingly (and uselessly) require these to work. I'm fine not having a draggable map, but ever since GoogleMaps, every map site has become reliant on Javascript. Half the random sites bitch if I have cookies off. Etc.

      Much like the "works best in [Browser X]" these annoying additions are being used in the place of, not as a suppliment to, standard webfare.

      --
      Your ad here. Ask me how!
    2. Re:No problem by religious+freak · · Score: 4, Insightful

      If you choose to live in a cave, you can't bitch about not having electricity.

      (not trolling just being blunt)

      --
      If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
    3. Re:No problem by daeley · · Score: 4, Funny

      He's not complaining about not having electricity. He's complaining about being forbidden from whacking sabertooths on the head unless he's using a newfangled club that shouts "I AM A CLUB!" while you wave it in the air and it shoots out orange and yellow flames.

      If he were asking for the Google Maps website to send him directions via telegraph, then he would be complaining about electricity.

      This post brought to you by the Mixed Metaphor Society: Keeping the Home Fires on Track since 1962.

      --
      I watched C-beams glitter in the dark near the Tannhauser gate.
    4. Re:No problem by Falcon4 · · Score: 4, Insightful

      Um, I dunno why your tin foil hat is so large, but seriously, you're living in the 90's. There is - and never was - anything wrong at all with Javascript or cookies. Flash can be annoying, but the benefits far outweigh the "risk". Java is the only thing I don't particularly trust, since it's pretty much an open gateway to malware today.

      Javascript, though? Seriously? Javascript is "standard webfare" in the modern world. Cookies are, as well. Every single modern web browser supports them, and enable developers to do some pretty cool things, like draggable maps, real-time page updates (AJAX), etc.

      Put simply, you've got more to worry about in your web history than you'd ever have to worry about in cookies. With cookies, what are you protecting yourself from? A company trying to improve their product? What about Javascript? Protect yourself against... dynamic webpages? You're doing yourself more harm than good with these old principles. Should've left them at the door with Firefox 1.0... welcome to the Internet of the 21st century.

    5. Re:No problem by C-Dilla · · Score: 4, Insightful

      Oh I don't know, he's free to pick up a good old fashioned stick and do whatever he wants with it. He just can't complain if his leg gets bitten off by the sabertooth while his buddies are munching on tasty sabertooth kebabs thanks to their newfangled flame-shooting clubs.

    6. Re:No problem by CastrTroy · · Score: 4, Insightful

      Simple. Just do what I do. Let cookies be saved, but only until you close your browser. I do this except for my whitelist where I let it store cookies permanently. This is really easy to set up in Firefox. I also have flash block installed, which is the only plugin I have installed. As far as Javascript goes, I let that run, but there's only so much it can do with cookies disabled, along with a good popup blocker. Never really had much of a problem with Javascript.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    7. Re:No problem by Anonymous Coward · · Score: 5, Informative

      I posted a response to a comment on the parent griping about flash and javascript--they are a security risk. I'll ignore cookies--that gets a bit...difficult to explain.

      But because you don't seem to get it--let's make the javascript answer so simple even a programmer can understand it...

      1) go to www.slashdot.org
      2) hit view source
      3) search for "ad.doubleclick.net"
      4) you should see a call to document.write at a dynamic URL slashdot doesn't control
      5) understand that a LOT of these go out through resellers--who go through other resellers--and so on...and all you have to do is buy a single script that gets into an ad rotation at a site like CNN or /. to be loading content off of another site--that can edit my DOM and run the driveby exploit du-jour.

      Even if the script was safe when they checked it--it might not be safe five hours later when my browser pulls it down from a different IP address or netblock. The javascript isn't the risk--the third party javascript writing to my DOM to open an iframe with a driveby exploit is.

      (and FWIW, there are actual javascript vulnerabilities--but I figured I'd stick to the obvious in this post)

      As long as people continue to use things this way--they're a security risk.

    8. Re:No problem by stephanruby · · Score: 4, Insightful

      What's the problem with that?

      There is no problem with that, and may be that's the point.

      Let's be really pedantic about cookies, let's waste all our time discussing them, all the while the government (with the help of the private sector) is silently trying to archive, index, and search through all our private emails, private phone conversations, web browsing logs (and search terms), phone graph relationships, travel plans, medical drug and mental health information, dna relationships, and/or anti-war political affiliations.

      And let's not worry about the fact that all the low level city cops (at least in San Francisco) routinely do background checks and get private medical information for any random woman they're interested in dating (without any oversight, without any official reason, and without any logging that they've even accessed that information in the first place).

      Let's talk about cookies instead and let's keep on explaining what cookies mean (because here on slashdot, I'm sure that no one knows what cookies are) -- ignoring all the other ways our privacy is being violated over and over again -- without even us knowing.

    9. Re:No problem by Excelcior · · Score: 5, Informative

      Cookies should be replaced by a standard for web page preferences, where the web page specifies which options there are and what the possible values are. Then the users can set the preferences they care about in their browser and leave others (like tracking IDs) unset. Logins should never be implemented with cookies.

      Not to sound trollish, but seriously, are you a web coder? Strict online security in connection with login-protected content is simply not possible without a cookie*. Cookies are so standard that ASP even places cookies without telling the coder it's doing so (the 'application' variables).
      Cookies are a necessary part of the Internet. The only problems with them is that they 1) aren't encoded by default, 2) can be set to expire whenever the coder wants, which can fill directories quickly if you do much browsing, and 3) can be made accessible to websites other than those who issued them.

      If web browsers would just encode all cookies by default, then decode them whenever sending them back to a server, that would keep spyware from reading their contents from your computer. Then, if the browsers would store a 'touched date', and automatically delete all cookies over X age (configurable by the user?), many useless cookies would go away automatically. Finally, if cookies were only able to be read/written to by their issuing server, there would be no possibility for exploit (except to track your movements through pages which contain some content served by the issuing server, such as the much beloved doubleclick.net cookies -- which could easily be done-away-with by adding the rule that cookies cannot be accessed by any page displayed within an iframe/object/etc.)
      Everyone always seems to believe that cookies are small programs or some such nonsense. Cookies are nothing but tiny databases stored on the user's computer. How much damage can that do?

      * If you think you can have strict security by only tracking a user's IP address and/or passing a variable from one page to the next, you are sorely mistaken.

      p.s. I know, I know.... ASP is m$ft. Get over it. :-P ;-)

      --
      A small comparison of interest:
      Windows: Public School. Mac: Private School. Linux: Homeschool. Assembly: Unschool.
  2. Well... by Rewind · · Score: 5, Funny

    The Cookie monster will most certainly be displeased...

    --
    ?
  3. Re:For the computer savvy, this isn't even an issu by bheer · · Score: 5, Informative

    > such that all the Flash cookies (yes Flash cookies) are also deleted.

    Good point. Too few people even know about Flash cookies. There's also a Firefox extension called BetterPrivacy that'll do this, for those that can't be bothered with scripts.

    I know that some shadier ad networks also use Java local storage to store tracking info, if your browser has a Java plugin. Solution: disable storing temporary files on your computer using the Java control panel icon.

    Honestly, I do all of this, but I wonder how many others would even bother. It's almost like Scott "You have no privacy. Get over it." McNealy was right.

    --
    Go somewhere random
  4. We're donediddily done for by hugi · · Score: 5, Funny

    yup, now our privacy is completely gone. I heard ECHELON is mostly based on cookies.

  5. Whew, that was a close one by Hojima · · Score: 5, Funny

    Thanks for telling me this. You see, I am an inept and computer illiterate terrorist. We all are, since none of us are smart enough to get an education. Hell, I barely managed to read this web page, and all my dumb terrorist buddies simply couldn't. We go to www.I-AM-A-TERRORIST.com all the time, and if I didn't get the heads-up, we would all be in jail now. You guys were smart to allocate resources to this sure-fire way to catch us. Oh well, time to get back to using the internet for evil, not good.

    --
    Help fight spam