Re: Smart Fine Print

• To: www-security@ns2.rutgers.edu
• Subject: Re: Smart Fine Print
• From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
• Date: Tue, 09 Jul 1996 15:42:37 -0700
• Organization: Hewlett-Packard Co.
• References: <199607082007.NAA23638@netcom.netcom.com>
• Reply-To: www-security@ns2.rutgers.edu

Nick Szabo wrote:
> 
> The main thing offensive about cookies and cookie sharing is not that these
> features link information about the user's usage patterns (some users care
> about this, some don't) but that they undertake this important
> activity without the user's knowledge or consent.
> 
> For example:
> 
> > And when you click on it, you go to the connected site via DoubleClick (I
> > think - do they use HTTP Status Code: Found 302 to redirect the browser?)
> 
> Even many of us technically proficient people seem to be in the dark
> about this one; it is a well-hidden feature.
> 

I went to Doubleclick and can't get them off my back.  Every time I 
exit they make a cookie and I don't even visit them anymore.  Do they 
map your domain or I.P. and then keep sending out some kind of signal?  
After leaving them, closing Netscape and deleting cookie, I reloaded 
Netscape and went about surfing, NOT going to any ads, and guess 
what, doubleclick's cookie appeared!  Their cookie has been pestering 
me for 2 days now, and I'm determine to find out just how they do it.

It implies there's a way to put a cookie on any server out there 
without their visiting you.  If true then I could run a program that 
cycles through everyone who is logged on in the whole wide world and 
add their latest cookie file to my database.

> > Woohoo.  Maybe I'll do that here to Australians :)
> 
> This is not funny, it is offensive.  Users may not usually be able to
> detect redirects, or find or trace their cookies, but the nature of the
> Internet community is such that users will at some point figure out
> that these pieces of smart fine print hidden inside their software
> have not been written in their interest.  The result will not be
> intelligent use of software and services (for by hiding features
> important to the user we have worked against that), but a crude
> judgement -- that Internet software and services that use cookies
> are often duplicitous, designed for unscrupulous vendors rather than
> for end customers, and not to be trusted with either one's personal
> information or one's business.  The big gains to be made from
> client-side persistence could be lost.
> 
> Nick Szabo
> szabo@netcom.com
> http://www.best.com/~szabo/

I remember how a boss from way back in the late 70's told me how 
he ``seeded'' mailing lists to get the best offers.  He said you 
send away for offers that fit a profile of someone who is ``upper 
crust'' (it *also* helps to have a good demographic zipcode), and 
consistently answer questionaires the right way etc. etc..  He 
got the best free offers and freebies.  A perfect cookie could 
serve that purpose, you just copy it into your .netscape directory 
and you get the best free offers as you surf the net.  My point 
being one has to question how much businesses will gain in the 
long run from cookie technologies if anyone can seed their cookie 
with whatever ``profile'' will get them where they want to go.  It 
cuts both ways.  Thanks to the person who gave that tip on setting 
my read-only attribute also.

Gene

-- 
___
 | ._  _ ._ _.._ _    ``I do not fear computers
_|_| |(_|| (_|| | |     I fear lack of them.''  -Isaac Asimov
_____  _|  _______________________________________________________
Key fingerprint:  93 E1 15 E6 35 BC B2 84  B2 7B 39 76 29 72 32 72
 [Signature lettering created by ``Figlet Ascii Font Converter''
  http://mediacube.datacom.de/cgi-bin/moniteurs/figlet]

• Smart Fine Print
• From: szabo@netcom.com (Nick Szabo)

• Previous: Re: Smart Fine Print
• Next: Re: COMMENT: Cookie dough (fwd)
• Index(es):
  • Index
  • Thread