Re: Smart Fine Print

To: Michael Brennen <mbrennen@fni.com>
Subject: Re: Smart Fine Print
From: William Perry <wmperry@spry.com>
Date: Tue, 9 Jul 1996 08:01:12 -0700
Cc: William Perry <wmperry@spry.com>, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.LNX.3.94.960709093653.14106H-100000@ns1.fni.com>
References: <199607091325.GAA00307@monolith.spry.com> <Pine.LNX.3.94.960709093653.14106H-100000@ns1.fni.com>
Reply-to: wmperry@spry.com

Michael Brennen writes:
>On Tue, 9 Jul 1996, William Perry wrote:
>
>> Michael Brennen writes:
>> >Just edit the cookies.txt file to be empty (or delete it and touch it),
>> >then set the read only attribute on the file. I wish I could say this is
>> >cleverly ingenious of me, but it is not.  I picked it up from someone
>> >else, and it works.  I went to doubleclick.net and ran around -- with nary
>> >a cookie set.  They may keep other info, but cookies seems rather critical
>> >to their scheme.
>> 
>>  Most cookie implementations do not try to write to the cookies.txt file
>> until you _EXIT_ the application - they are still floating around in
>> internal storage and will be sent during THAT session.
>
>cookies.txt was clear after Netscape was closed -- still is.  The cookies
>won't be remembered across sessions, and it was my understanding that this
>is what doubleclick's scheme depended on.  They need the cookies laying
>around to know what they think I want to see next.  Have I missed
>something?

  My point was that this might protect you against doubleclick's scheme
(possibly, would have to see their code to know exactly, and that's not
very likely :), but not against all possibly nasty/sneaky/rude uses of
cookies out there, especially if you keep your browser running for a long
time.

-Bill P.

PS: snide comment about certain browsers being able to run a long time left
    out. :)