I think this might have been done on Slashdot more for performance reasons (no DNS lookup0 than for preventing people from changing the IP association...
As much as I love photo.net, this is another example of paranoia feeding paranoia.
There is no evidence anywhere that any company has ever started merging databases containing user information with a database containing browsing habits. In order for this to work, the people obtaining the information (the site you're giving this information to) would have to KNOWINGLY provide your contact information to the sites doing the tracking in such a way that they could associate your information with the "browser-ID" they have on file (difficult).
If you're giving them your information, chances are you're buying something from them, which means they have a *LOT* to lose if knowledge of this behavior ever got out. Do you have any idea what kind of PR mess this would cause? Legal issues? It's not good business sense. For this reason, unless you're doing business with an irreputable company, you can usually put some stock in their online privacy statements (which I tend to read before giving them my personal information, don't you?).
Further, WHY WOULD THIS BE OF ANY VALUE? All marketing companies care about is marketing their products. ALL they want to know is a person's shopping habits. Information such as your name, address, phone number, etc. is MEANINGLESS to them. It does not help them dole out banner ads, so it's useless information. Why would they spend so much money and time merging these databases when the gain is nil? Companies don't tend to do things unless there's a potential for profit (in public image or hard cash). I don't see the line to profit here.
Just as importantly, no server can read another server's data, each site reads only its own cookies
This isn't true if you leave Netscape's cookie settings at the default of "Accept All Cookies". You need to change it to "Accept only cookies which get sent back to the originating server" to prevent sites from "stealing" cookies of other sites with malicious javascript. I'm not sure how it works on IE but I'm sure it's just as easy with ActiveX giving out access to your entire hard drive to whomever wants it.
Your correction isn't entirely accurate. (Or maybe it is, but it sounds like you're saying something slightly different)
To illustrate the difference between these two cookie settings in Netscape, you need to be aware that in a cookie, the creator can specify things like an expiration date, a relative URI path to which the cookie will apply, and a "domain" setting which determines which hostnames the cookie will be sent to. The domain can never be more generalized than a 2nd-level domain in the case of the generic TLD's (I can't set the domain to '.org' but I can set it to 'slashdot.org' or 'subdomain.example.com'). Naturally, the originating site must lie within this domain.
This allows you to set a cookie from, say, www3.example.com using a domain of 'example.com' and have the cookie be sent back to www2.example.com, which is a very good thing. If you don't specify a domain, or use the Netscape cookie option you recommend, cookies will only be sent back to www3 and never www2 (which has to create a new cookie), which will likely break example.com's web site's use of cookies.
This setting has nothing to do with JavaScript. I remember vaguely some talk several months (years?) back about a vulnerability in Netscape's JavaScript that allowed a malicious coder to retrieve cookies as you suggest, but I believe that was fixed a long time ago.
P.S. What web site's scripts actually put your username and password in the URL string? That sounds incredibly stupid to me, for precisely the reasons you indicate. Any high school web-head knows better than this. Sounds like you need to write a letter.
If implemented, you'd either have to use this button pretty frequently (esp. since a lot of page failures might not be obviously attributable to this setting) or just give up and leave it turned off.
Just implement an "intelligent" cookie management system. Instead of just having options for enable/disable/prompt, have your "prompt" option have a checkbox that says "Don't ask me about cookies from this site again." Your accept/decline preference would be stored. That way you can decline cookies from Doubleclick and accept cookies from Slashdot without getting pelted with prompts for *every* cookie..
This is pretty silly if you ask me. Disabling the ability to get cookies via image requests would break a great deal of existing sites that use cookies. There *are* legitimate reasons why you'd want to set a cookie when the browser requests an image.
And it isn't just images. Any HTTP query has the opportunity to set a cookie. It's part of the *HTTP* spec which has nothing at all to do with the contents of the query itself. The "Content-type:" header (values such as "text/html" and "image/gif") is an HTTP header, just like "Cookie:". There are valid uses for cookies in HTTP requests that don't ultimately serve up HTML pages.
While your concerns are certainly warranted, new strains of plant life don't just go spreading uncontrollably unless they have some sort of evolutionary advantage over their "normal" siblings. I can't think of any reason why a bioluminescence would increase a tree's chance at reproduction, but I suppose the engineering could have some unexpected side-effects as you indicate.
Plus, as another poster mentioned, it would probably be pretty easy to engineer them sterile.
I'm seeing a lot of posts here that I think are a but unfair against the author. Just because he's touting this as advice for the "Lovelorn Geek" does not mean all lovelorn geeks are his target audience. Naturally each and every "geek" will have his own level of social abilities and may or may not need any of this advice. Figure it out.
Some of his advice did sound a bit "old school" or un-PC to some of you, but face it: there are both men and women out there who would be perfectly happy in such a relationship. They're not trying to oppress feminism, they're just trying to get into a "traditional" relationship, which may have been the way they've been raised. Personally, that isn't me, but the advice STILL APPLIES.
I've sought and dated a couple of "geek" girls in my time, and I doubt that I would intentionally seek out another. It's not that we didn't get along great or didn't have a good time while we were together, but these women didn't *challenge* me in the ways I wanted to be challenged. Now, I'm not saying that there *aren't* geek girls out there who can still geek it up but have an immensely healty appetite in other things, but in my experience a person tends to only have one major hobby, and if computers are it, computers are it. When you put two of these types geeks together in the same place for the rest of their lives, you (as a pair) tend to lack any desire to do anything else but geek.
Find a woman that's your *complement*, not your *supplement*. Nobody's perfect, and if you can find a partner that is strong in the areas you are weak, and you can accept and love each other despite (or by way of) those inconsistencies, together you can do anything.
THAT's the kind of relationship I want, and his advice applies.
Given the complexity of IPv6 addresses anyways, DNS will probably play a greater role under IPv6 than IPv4, where static IP's were common. If an IP address changes every few weeks, it's probably a lot easier just to use already standard dynamic DNS to keep track of the new IP address.
So even if your machine *does* act as a server, so long as it isn't a major Internet infrastructure type of thing (such as a name server), so long as the hostname was kept updated with the correct IP you shouldn't really need to worry...
But yah, IPv6 doesn't *remove* administrative options in the least for selecting IP addresses, so you're always free to manually specify an IP if you need to.
If your NIC dies, and you need to put in another one, you're going to need to restart the machine anyways, so the only reason you'd even need the same persistent IP is if the machine itself were a server.
In that case, just manually set up your IP address so that it's the same as the old one. No MAC modifications necessary. Remember: the MAC address suggestion was just meant to be an easy method for obtaining a link identifier that didn't require manual intervention. If your machine is acting as a server, you'd probably want a manually specified IP address regardless.
Nowhere in the IPv6 specification does it say, "All users must have a static IP address."
Just like in IPv4, this is ENTIRELY UP TO YOUR ISP. The growth of IPv6 address space merely makes it easy for your ISP to use a static IP address should they so desire. If you don't want one, let your ISP know that static vs dynamic IP addressing is a factor in your decision to continue doing business with them.
Of course, the alternative to keep people from performing their various DoS attacks on you is not to try and flex your IRC penis and piss people off, but hey...
Contrary to what you seem to think, not every Internet host is owned/used by a dialup user. Things like routers, web servers and people that secretly know their IP address isn't being cross-referenced in some database along with their sexual orientation, want and in many cases require their IP address to be static.
Now, to generate these static IP addresses, the IPv6 address specification says that there's this huge link identifier part of the address that conveniently is able to hold a MAC address, thus instantly guaranteeing a unique IP address on the local subnet (where it needs to be unique). No administration headaches involved.
OBVIOUSLY this will not be the best solution for all IPv6 hosts. There are reasons certain IP addresses would need to remain unique, such as in the event of a machine upgrade (swap-out) where the IP address is important (such as a name server).
An "Internet cafe" does not need cryptographically-secure random link ID's for each of its machines. MAC addresses would work perfectly with a minimum of administration.
The people responsible for implementing IPv6 are not idiot buffoons. They tend to be highly educated network and electrical engineers. No offense to you, but I really think they're smart enough to figure out how to implement IPv6 on their own. I sincerely doubt they've all been reading the IPv6 spec and saying to themselves, "well err durrh.. it sez mac address so let's use mac address!" If you're really concerned that vendors are going to implement IPv6 in this fashion, perhaps you should write them a letter and ask them.
I suppose you pay cash and wear rubber gloves so as not to leave fingerprints behind too, yes?
This thread is growing very old and very stale. MAC addresses were never a requirement of the IPv6 address specifications, and the IETF is essentially pointing this out. If you don't want your ISP to assign you a static IP address (in any form, which would, in IPv6, involve a fixed link identifier), just as you do today, ask them for a dynamic one or take your business elsewhere. IPv6 provides no additional "anonymity" constraints over IPv4.
The truth of the matter is that the privacy nuts blow everything out of proportion whenever somebody whispers "hmm, couldn't this keep me from being totally anonymous?" regardless of how informed the speaker truly is. The people who know better then have to deal with migrains as we struggle to find small enough words to explain what's really going on, only to have said privacy nuts say, "well you're speaking on behalf of the evil corporations, so you must be lying or you are an evil anti-first-amendment communist bastard!"
It's a no-win game, and frankly, I'm sick of playing.
they could just as easily recommend - which goes a long way - that no packets carry a persistent identifier other than an IP address. let vendors and sysadmins build in optional peristent IDs for those who want them or situations where they're needed
This is implicit. As far as I know, this is precisely what they're doing. Admins can create/generate the link identifier however they want. It was only a *suggestion* that they use the MAC address, since it was already there, and essentially guaranteed to be unique. Sysadmins can use numbers from 1 to a billion for all of their machines, or generate random numbers to fill in the link identifier.
Most of you have no clue what "FUD" means. You just see other people using it and think it's a nifty cool Linux hacker buzz-word that other people don't know. Just because somebody doesn't know that the MAC address can be changed in many ethernet cards doesn't mean he's trying to spread "fear, uncertainty and doubt" about Linux.
Do you honestly think Dell does this? How many IP addresses do you think on the 'Net actually map back to a domain name owned by the person browsing on that IP? Count the number of domains with unique contacts and divide by the number of total people that use the Internet. It would not make good business sense to pursue this incredibly small marketing target. I have dealt with Dell several times over the past few years, and visit their web site at least a few times per year. I have never once been contacted by Dell at the address listed in a contact for any of the domains I own.
If Dell has your address (likely purchased from a computer-related list elsewhere, assuming you never gave it to them in the past), they're not going to wait until you browse their site one day before the send you out a mailer.
The two incidents are almost certainly unrelated. Dell sent you a mailout because you either gave them your address or you've given your address to somebody that in turn gave it to Dell. Your web site visit had nothing to do with it.
Contrary to what you seem to think, web sites out there aren't going around automatically track your IP addresses and through some feat of network magic find postal addresses for every person browsing their site just so they can send out mailers. There are much more efficient ways to do marketing.
I'd suggest you take a look at Dell's posted online privacy policy at http://www.dell.com/policy/privacy.htm. If you don't trust them and think they're lying, don't do business with them.
Ethical/moral arguments regarding the voting status of minors is out of the scope of this thread. The fact is that minors are not permitted to vote. The parent has final say in what their child can and can not have, which includes property and money. I may not have been totally accurate in my last post when I said the children weren't earning the money themselves, but they ARE earning that money with the permission and under the umbrella of their parents.
It's not a matter of two or more people "combining their say". The parents are the voters, not the children. The parents can certainly base their decision on what their child has to say, but they're naturally under no obligation to do so.
In my opinion, lowering the voting age would be dangerous. Children tend not to have any real world experience with respects to how the world works and the ramifications of their decisions. It would be foolish to give them the ability to influence the government in such a way.
At sixteen, you're still a minor, and everything you make is technically the property of your parents. Your parents have the "say" (thus the right to vote), not you. If you'd like a say in where the taxes go, take it up with your parents.
Huh? How can Dell mail you a catalog unless you've given them your address? It's possible that you gave your address to some other computer-related site (or a real live business) that in turn solid it to Dell, but it's presently not possible for a web site to retrieve this kind of information from you merely by visiting their privacy page.
You DO have a right to privacy. DON'T GIVE YOUR PRIVATE INFORMATION OUT. The moment you give it to somebody else, they can do whatever the hell they want with it. The only guarantee you have otherwise is in their posted privacy policies. If you do business with a company that has no privacy policy, write them. When you freely give information to somebody else, they are under no obligation to treat it confidentially unless they explicitely say so on their site.
You still have a right to your own privacy, but you simply waive that right by posting your private information on a web site.
One particular appointment I wholeheartedly support is the lifetime appointment for superior court judge. With positions like this, it's nice to know that the judges don't have an ulterior motive (re-election or appeasing a new elected official to keep their appointment) when they issue their decisions.
Read the privacy policies on the sites you do business with, and if it's clear that the site intends to sell your information, don't do business with them. Send them an e-mail address stating that.
Cookies are only sent to the site that created them. It's certainly possible for a "generic" web server to host multiple children-oriented "sites", and for one of those sites to create a cookie that would be readable to the other sites hosted on that server, but that's less of a feature and more of a stupid design than anything else, as cookies can even be further limited in scope to a particular path on a given server.
Presumably they're not restricting access to the site itself, only to information gathering mechanisms. If a kid desperately wants to give a web site his e-mail address or phone number, going to the extents you suggest, there's not much that can be done about it. The site operator made an honest attempt to verify the child's age and/or get parental permission. It's not his fault that the kid makes an enormous (and/or clever) effort to side-step that.
IMO, if parents want the ability to supervise this sort of thing, it's time they started supervising instead of making our government pass legislation that means they don't have to.
Like it or not, parents have become very apathetic with children these days. This is why we have l33t packet kiddies on IRC and why we have the bulk of our "web site defacements" that we do. If parents really gave a rats ass what their kids were doing online, your suggestion would work.
Now, I don't disagree with you that this is the way things SHOULD work, with parents being able to supervise and guide their child in their online activities, the real world just doesn't work this way.
Instead, parents would rather whine loudly to the government until said government passes legislation that lets the parents take yet another step away from parenting their children.
Quite sad, yes?
Personally, I would much rather the government pass a law making parents increasingly liable for their child's behavior and activities online. If their child bids in an eBay auction, the parents should be liable for the costs. If their child breaks a law by way of insufficient parental supervision, the parents should be considered negligent and tried accordingly.
OK I think I'm starting to rant a little bit, but really this is just another symptom of the problem, and instead of solving it, the government is just patching up the effects, allowing it to grow worse as a result.
The FTC is an executive body. Congress passed legislation required them to come up with these rules.
Contrary to what you seem to think, appointed positions are in fact a very necessary part of our government. The people we elect make these appointments. If you don't like the appointments, elect somebody else to make them next time. The reason we don't elect every major official position in our government is precisely the reason people seem to loathe "politicians" nowadays: they seem to be more concerned with the upcoming elections than they are about the job they're supposed to be doing.
People appointed to these positions have no elections to worry about, only the job they're doing, so they have more of a reason to do it well.
The idea is that non-children are smart enough to read (or read into) a site's privacy policy and know when their information might be sold for marketing, thus allowing us to make these decisions for ourselves.
No offense, but we don't need laws protecting adults from things they should see coming. You do realize what those car givaways in malls are funded with, yes?
Slashdot Mirror
I think this might have been done on Slashdot more for performance reasons (no DNS lookup0 than for preventing people from changing the IP association...
As much as I love photo.net, this is another example of paranoia feeding paranoia.
There is no evidence anywhere that any company has ever started merging databases containing user information with a database containing browsing habits. In order for this to work, the people obtaining the information (the site you're giving this information to) would have to KNOWINGLY provide your contact information to the sites doing the tracking in such a way that they could associate your information with the "browser-ID" they have on file (difficult).
If you're giving them your information, chances are you're buying something from them, which means they have a *LOT* to lose if knowledge of this behavior ever got out. Do you have any idea what kind of PR mess this would cause? Legal issues? It's not good business sense. For this reason, unless you're doing business with an irreputable company, you can usually put some stock in their online privacy statements (which I tend to read before giving them my personal information, don't you?).
Further, WHY WOULD THIS BE OF ANY VALUE? All marketing companies care about is marketing their products. ALL they want to know is a person's shopping habits. Information such as your name, address, phone number, etc. is MEANINGLESS to them. It does not help them dole out banner ads, so it's useless information. Why would they spend so much money and time merging these databases when the gain is nil? Companies don't tend to do things unless there's a potential for profit (in public image or hard cash). I don't see the line to profit here.
Just as importantly, no server can read another server's data, each site reads only its own cookies
This isn't true if you leave Netscape's cookie settings at the default of "Accept All Cookies". You need to change it to "Accept only cookies which get sent back to the originating server" to prevent sites from "stealing" cookies of other sites with malicious javascript. I'm not sure how it works on IE but I'm sure it's just as easy with ActiveX giving out access to your entire hard drive to whomever wants it.
Your correction isn't entirely accurate. (Or maybe it is, but it sounds like you're saying something slightly different)
To illustrate the difference between these two cookie settings in Netscape, you need to be aware that in a cookie, the creator can specify things like an expiration date, a relative URI path to which the cookie will apply, and a "domain" setting which determines which hostnames the cookie will be sent to. The domain can never be more generalized than a 2nd-level domain in the case of the generic TLD's (I can't set the domain to '.org' but I can set it to 'slashdot.org' or 'subdomain.example.com'). Naturally, the originating site must lie within this domain.
This allows you to set a cookie from, say, www3.example.com using a domain of 'example.com' and have the cookie be sent back to www2.example.com, which is a very good thing. If you don't specify a domain, or use the Netscape cookie option you recommend, cookies will only be sent back to www3 and never www2 (which has to create a new cookie), which will likely break example.com's web site's use of cookies.
This setting has nothing to do with JavaScript. I remember vaguely some talk several months (years?) back about a vulnerability in Netscape's JavaScript that allowed a malicious coder to retrieve cookies as you suggest, but I believe that was fixed a long time ago.
P.S. What web site's scripts actually put your username and password in the URL string? That sounds incredibly stupid to me, for precisely the reasons you indicate. Any high school web-head knows better than this. Sounds like you need to write a letter.
- This would break a bunch of sites.
- This would break a bunch of sites.
- This would break a bunch of sites.
- If implemented, you'd either have to use this button pretty frequently (esp. since a lot of page failures might not be obviously attributable to this setting) or just give up and leave it turned off.
Just implement an "intelligent" cookie management system. Instead of just having options for enable/disable/prompt, have your "prompt" option have a checkbox that says "Don't ask me about cookies from this site again." Your accept/decline preference would be stored. That way you can decline cookies from Doubleclick and accept cookies from Slashdot without getting pelted with prompts for *every* cookie..This is pretty silly if you ask me. Disabling the ability to get cookies via image requests would break a great deal of existing sites that use cookies. There *are* legitimate reasons why you'd want to set a cookie when the browser requests an image.
And it isn't just images. Any HTTP query has the opportunity to set a cookie. It's part of the *HTTP* spec which has nothing at all to do with the contents of the query itself. The "Content-type:" header (values such as "text/html" and "image/gif") is an HTTP header, just like "Cookie:". There are valid uses for cookies in HTTP requests that don't ultimately serve up HTML pages.
While your concerns are certainly warranted, new strains of plant life don't just go spreading uncontrollably unless they have some sort of evolutionary advantage over their "normal" siblings. I can't think of any reason why a bioluminescence would increase a tree's chance at reproduction, but I suppose the engineering could have some unexpected side-effects as you indicate.
Plus, as another poster mentioned, it would probably be pretty easy to engineer them sterile.
I'm seeing a lot of posts here that I think are a but unfair against the author. Just because he's touting this as advice for the "Lovelorn Geek" does not mean all lovelorn geeks are his target audience. Naturally each and every "geek" will have his own level of social abilities and may or may not need any of this advice. Figure it out.
Some of his advice did sound a bit "old school" or un-PC to some of you, but face it: there are both men and women out there who would be perfectly happy in such a relationship. They're not trying to oppress feminism, they're just trying to get into a "traditional" relationship, which may have been the way they've been raised. Personally, that isn't me, but the advice STILL APPLIES.
I've sought and dated a couple of "geek" girls in my time, and I doubt that I would intentionally seek out another. It's not that we didn't get along great or didn't have a good time while we were together, but these women didn't *challenge* me in the ways I wanted to be challenged. Now, I'm not saying that there *aren't* geek girls out there who can still geek it up but have an immensely healty appetite in other things, but in my experience a person tends to only have one major hobby, and if computers are it, computers are it. When you put two of these types geeks together in the same place for the rest of their lives, you (as a pair) tend to lack any desire to do anything else but geek.
Find a woman that's your *complement*, not your *supplement*. Nobody's perfect, and if you can find a partner that is strong in the areas you are weak, and you can accept and love each other despite (or by way of) those inconsistencies, together you can do anything.
THAT's the kind of relationship I want, and his advice applies.
Given the complexity of IPv6 addresses anyways, DNS will probably play a greater role under IPv6 than IPv4, where static IP's were common. If an IP address changes every few weeks, it's probably a lot easier just to use already standard dynamic DNS to keep track of the new IP address.
So even if your machine *does* act as a server, so long as it isn't a major Internet infrastructure type of thing (such as a name server), so long as the hostname was kept updated with the correct IP you shouldn't really need to worry...
But yah, IPv6 doesn't *remove* administrative options in the least for selecting IP addresses, so you're always free to manually specify an IP if you need to.
If your NIC dies, and you need to put in another one, you're going to need to restart the machine anyways, so the only reason you'd even need the same persistent IP is if the machine itself were a server.
In that case, just manually set up your IP address so that it's the same as the old one. No MAC modifications necessary. Remember: the MAC address suggestion was just meant to be an easy method for obtaining a link identifier that didn't require manual intervention. If your machine is acting as a server, you'd probably want a manually specified IP address regardless.
Nowhere in the IPv6 specification does it say, "All users must have a static IP address."
Just like in IPv4, this is ENTIRELY UP TO YOUR ISP. The growth of IPv6 address space merely makes it easy for your ISP to use a static IP address should they so desire. If you don't want one, let your ISP know that static vs dynamic IP addressing is a factor in your decision to continue doing business with them.
Of course, the alternative to keep people from performing their various DoS attacks on you is not to try and flex your IRC penis and piss people off, but hey...
Joy, another "Big Brother" reference.
Contrary to what you seem to think, not every Internet host is owned/used by a dialup user. Things like routers, web servers and people that secretly know their IP address isn't being cross-referenced in some database along with their sexual orientation, want and in many cases require their IP address to be static.
Now, to generate these static IP addresses, the IPv6 address specification says that there's this huge link identifier part of the address that conveniently is able to hold a MAC address, thus instantly guaranteeing a unique IP address on the local subnet (where it needs to be unique). No administration headaches involved.
OBVIOUSLY this will not be the best solution for all IPv6 hosts. There are reasons certain IP addresses would need to remain unique, such as in the event of a machine upgrade (swap-out) where the IP address is important (such as a name server).
An "Internet cafe" does not need cryptographically-secure random link ID's for each of its machines. MAC addresses would work perfectly with a minimum of administration.
The people responsible for implementing IPv6 are not idiot buffoons. They tend to be highly educated network and electrical engineers. No offense to you, but I really think they're smart enough to figure out how to implement IPv6 on their own. I sincerely doubt they've all been reading the IPv6 spec and saying to themselves, "well err durrh.. it sez mac address so let's use mac address!" If you're really concerned that vendors are going to implement IPv6 in this fashion, perhaps you should write them a letter and ask them.
I suppose you pay cash and wear rubber gloves so as not to leave fingerprints behind too, yes?
This thread is growing very old and very stale. MAC addresses were never a requirement of the IPv6 address specifications, and the IETF is essentially pointing this out. If you don't want your ISP to assign you a static IP address (in any form, which would, in IPv6, involve a fixed link identifier), just as you do today, ask them for a dynamic one or take your business elsewhere. IPv6 provides no additional "anonymity" constraints over IPv4.
The truth of the matter is that the privacy nuts blow everything out of proportion whenever somebody whispers "hmm, couldn't this keep me from being totally anonymous?" regardless of how informed the speaker truly is. The people who know better then have to deal with migrains as we struggle to find small enough words to explain what's really going on, only to have said privacy nuts say, "well you're speaking on behalf of the evil corporations, so you must be lying or you are an evil anti-first-amendment communist bastard!"
It's a no-win game, and frankly, I'm sick of playing.
they could just as easily recommend - which goes a long way - that no packets carry a persistent identifier other than an IP address. let vendors and sysadmins build in optional peristent IDs for those who want them or situations where they're needed
This is implicit. As far as I know, this is precisely what they're doing. Admins can create/generate the link identifier however they want. It was only a *suggestion* that they use the MAC address, since it was already there, and essentially guaranteed to be unique. Sysadmins can use numbers from 1 to a billion for all of their machines, or generate random numbers to fill in the link identifier.
At least this is how I read it..
Most of you have no clue what "FUD" means. You just see other people using it and think it's a nifty cool Linux hacker buzz-word that other people don't know. Just because somebody doesn't know that the MAC address can be changed in many ethernet cards doesn't mean he's trying to spread "fear, uncertainty and doubt" about Linux.
Do you honestly think Dell does this? How many IP addresses do you think on the 'Net actually map back to a domain name owned by the person browsing on that IP? Count the number of domains with unique contacts and divide by the number of total people that use the Internet. It would not make good business sense to pursue this incredibly small marketing target. I have dealt with Dell several times over the past few years, and visit their web site at least a few times per year. I have never once been contacted by Dell at the address listed in a contact for any of the domains I own.
If Dell has your address (likely purchased from a computer-related list elsewhere, assuming you never gave it to them in the past), they're not going to wait until you browse their site one day before the send you out a mailer.
The two incidents are almost certainly unrelated. Dell sent you a mailout because you either gave them your address or you've given your address to somebody that in turn gave it to Dell. Your web site visit had nothing to do with it.
Contrary to what you seem to think, web sites out there aren't going around automatically track your IP addresses and through some feat of network magic find postal addresses for every person browsing their site just so they can send out mailers. There are much more efficient ways to do marketing.
I'd suggest you take a look at Dell's posted online privacy policy at http://www.dell.com/policy/privacy.htm. If you don't trust them and think they're lying, don't do business with them.
Ethical/moral arguments regarding the voting status of minors is out of the scope of this thread. The fact is that minors are not permitted to vote. The parent has final say in what their child can and can not have, which includes property and money. I may not have been totally accurate in my last post when I said the children weren't earning the money themselves, but they ARE earning that money with the permission and under the umbrella of their parents.
It's not a matter of two or more people "combining their say". The parents are the voters, not the children. The parents can certainly base their decision on what their child has to say, but they're naturally under no obligation to do so.
In my opinion, lowering the voting age would be dangerous. Children tend not to have any real world experience with respects to how the world works and the ramifications of their decisions. It would be foolish to give them the ability to influence the government in such a way.
At sixteen, you're still a minor, and everything you make is technically the property of your parents. Your parents have the "say" (thus the right to vote), not you. If you'd like a say in where the taxes go, take it up with your parents.
Huh? How can Dell mail you a catalog unless you've given them your address? It's possible that you gave your address to some other computer-related site (or a real live business) that in turn solid it to Dell, but it's presently not possible for a web site to retrieve this kind of information from you merely by visiting their privacy page.
You DO have a right to privacy. DON'T GIVE YOUR PRIVATE INFORMATION OUT. The moment you give it to somebody else, they can do whatever the hell they want with it. The only guarantee you have otherwise is in their posted privacy policies. If you do business with a company that has no privacy policy, write them. When you freely give information to somebody else, they are under no obligation to treat it confidentially unless they explicitely say so on their site.
You still have a right to your own privacy, but you simply waive that right by posting your private information on a web site.
One particular appointment I wholeheartedly support is the lifetime appointment for superior court judge. With positions like this, it's nice to know that the judges don't have an ulterior motive (re-election or appeasing a new elected official to keep their appointment) when they issue their decisions.
Would you have these people elected as well?
Read the privacy policies on the sites you do business with, and if it's clear that the site intends to sell your information, don't do business with them. Send them an e-mail address stating that.
Cookies are only sent to the site that created them. It's certainly possible for a "generic" web server to host multiple children-oriented "sites", and for one of those sites to create a cookie that would be readable to the other sites hosted on that server, but that's less of a feature and more of a stupid design than anything else, as cookies can even be further limited in scope to a particular path on a given server.
Presumably they're not restricting access to the site itself, only to information gathering mechanisms. If a kid desperately wants to give a web site his e-mail address or phone number, going to the extents you suggest, there's not much that can be done about it. The site operator made an honest attempt to verify the child's age and/or get parental permission. It's not his fault that the kid makes an enormous (and/or clever) effort to side-step that.
IMO, if parents want the ability to supervise this sort of thing, it's time they started supervising instead of making our government pass legislation that means they don't have to.
Like it or not, parents have become very apathetic with children these days. This is why we have l33t packet kiddies on IRC and why we have the bulk of our "web site defacements" that we do. If parents really gave a rats ass what their kids were doing online, your suggestion would work.
Now, I don't disagree with you that this is the way things SHOULD work, with parents being able to supervise and guide their child in their online activities, the real world just doesn't work this way.
Instead, parents would rather whine loudly to the government until said government passes legislation that lets the parents take yet another step away from parenting their children.
Quite sad, yes?
Personally, I would much rather the government pass a law making parents increasingly liable for their child's behavior and activities online. If their child bids in an eBay auction, the parents should be liable for the costs. If their child breaks a law by way of insufficient parental supervision, the parents should be considered negligent and tried accordingly.
OK I think I'm starting to rant a little bit, but really this is just another symptom of the problem, and instead of solving it, the government is just patching up the effects, allowing it to grow worse as a result.
The FTC is an executive body. Congress passed legislation required them to come up with these rules.
Contrary to what you seem to think, appointed positions are in fact a very necessary part of our government. The people we elect make these appointments. If you don't like the appointments, elect somebody else to make them next time. The reason we don't elect every major official position in our government is precisely the reason people seem to loathe "politicians" nowadays: they seem to be more concerned with the upcoming elections than they are about the job they're supposed to be doing.
People appointed to these positions have no elections to worry about, only the job they're doing, so they have more of a reason to do it well.
The idea is that non-children are smart enough to read (or read into) a site's privacy policy and know when their information might be sold for marketing, thus allowing us to make these decisions for ourselves.
No offense, but we don't need laws protecting adults from things they should see coming. You do realize what those car givaways in malls are funded with, yes?