Re: cookies and privacy

• To: hfinney@shell.portal.com
• Subject: Re: cookies and privacy
• From: dmk@allegra.att.com (Dave Kristol)
• Date: Tue, 16 Jul 96 14:49:26 EDT
• Cc: www-security@ns2.rutgers.edu

Hal <hfinney@shell.portal.com> wrote:
  > My suggestion was intended to address the shopping cart example, where
  > I can see that state is useful.  However I do not agree that the
  > automatic response is essential for this application, as I suggested in
  > my earlier mail.

If the user selectively enables sending a cookie back to the origin
server while shopping, how can the origin server keep aware correctly
of what's in the shopping basket?  You shouldn't assume that you can
tell, by looking at the cookie, when it needs to be returned to the
server.  (It may be encoded, for example.)

  > I would really prefer cookies to be rare on the web, used only for
  > specific, well defined purposes, made visible to users, and with enough
  > documentation associated with the cookie offer that users can make
  > informed consent.  I am afraid that with both current Netscape
  > implementations and the proposed I-D, cookies will instead become
  > ubiquitous, invisible, and used primarily for purposes which are harmful
  > to the user's privacy.

I think cookies are yet another case of a technology that can be used
for both good and ill.  I think that user interfaces need to be tuned
to insure privacy while preserving the worthwhile aspects of cookies.

Dave Kristol

• Previous: Re: cookies and privacy
• Next: Re: cookies and privacy
• Index(es):
  • Index
  • Thread