Message-Id: <199602170143.TAA01108@library.wustl.edu> Date: Fri, 16 Feb 1996 19:27:56 -0600 From: Heath Rezabek <mailto:hrezabek@FIAT.GSLIS.UTEXAS.EDU> Subject: Cookies for persistent information between/across sessions? To: Multiple recipients of list WEBCAT-L <mailto:WEBCAT-L@WUVMD.WUSTL.EDU>
strange bit of info from abroad; it struck me that, if used the way it was [benefit-of-the-doubt, here] *intended,* such a thing could preserve session information. any implementors have thoughts on this?heath m rezabek mailto:hrezabek@gslis.utexas.edu
---------- Forwarded message ---------- ++++ start quote ++++++++++++++++++++++++++++++++++
Leading Web Browsers May Violate Privacy of Users' Computers, Activities
By Lee Gomes, San Jose Mercury News, Calif. Knight-Ridder/Tribune Business News
Feb. 13--Attention, Web surfers: You'll probably be surprised to hear this, but the Web sites you're visiting may be spying on you and using your own computer's hard disk drive to keep detailed notes about what they see. A little-known feature of Netscape's Navigator, as well as other World Wide Web browser programs, including Microsoft Corp.'s, allows Web sites to store any information about your visit that they want to by way of a file on your own hard drive. The file theoretically can be up to 1.2 megabytes big - - the size of a medium-sized computer program. The feature is called "cookies," and while Netscape said the features have many legitimate uses, the company admitted its use could evolve to pose serious questions involving privacy and other issues. In response to queries Monday, the company said it is considering changing the way the feature works. "This is a very legitimate issue that people ought to know about," said Len Feldman, a Netscape Communications Corp. product manager. "It's certainly something for us to consider." Cookies -- the name is entirely whimsical -- allows any Web site that so wishes to store any sort of information they want about your visit, such as what specific pages you looked at and how long you looked at them. So far , very few Web sites are using the feature, although an industrywide forum is on the verge of standardizing the cookies technology. It does not mean Netscape monitors every step a user takes. Instead, a company with a Web site, for example, could monitor a person's use while on that individual site. Web sites store the information by way of a file called "cookies.txt" on Windows machines and "MagicCookie" on the Macintosh. The information usually resides in the same directory as the Navigator program. These are standard text files that can be read using any word-processing program. Once the information is stored, the site will know you have been there before; it may also have an indication of what your interests are. Because of the way that connections are made on the Internet, cookies will not tell a Web site your name or address -- only that you, or someone using your computer, had visited the site before, along with whatever other information it wishes. Of course, it stores this information if you voluntarily "registered" at the site, giving it your name and address. From then on, all of your comings and goings could be recorded and linked to you, specifically -- even if on a subsequent visit you do not sign in using your name. That information, in turn, could be sold to others, such as consumer marketing organizations. Even while cookies don't explicitly betray your identity, the feature seems to violate two nearly universal assumptions held by computer users: One is that exploring the World Wide Web is an entirely confidential and anonymous experience that leaves no record of itself. The other is that users' hard disk drives are, in effect, their castles, and shouldn't be tampered with -- without an owner's explicit knowledge and approval. Cookies are built into browsers and cannot be turned off. While deleting the cookies file on your computer will erase any information that's been stored there, if in your next session with the browser a site wants to store information, it will simply create a new cookies file. Feldman said cookies were designed to allow information to last from one Web visit to the next, something that is now impossible because of the way the Internet is set up. That capability would have many legitimate uses on the Web. For example , the Internet version of the Microsoft Network relies on cookies to allow users to customize the "home page" they first see when they visit the site with various stock quotes and the like. Feldman said, though, that the use of cookies has grown without the company going back to consider some of the privacy and related questions that are raised -- especially since most browser users probably don't even know the feature exists. One possible solution, he said, would be to allow cookies to be turned off, on a permanent or per-session basis, by users via the program's "options" menu. Feldman said that Netscape's software prevents one Web site from seeing the cookies information stored by another Web site -- for example, competitors looking to see what a rival had stored. But he said it is technically possible, although difficult, for one Web site to pretend it is another site and therefore get access to information. Occasional grumblings about cookies have been a feature of several Internet discussion groups -- one Netscape user complained on-line that he felt as though he had been "electronically tagged like an animal." The cookies feature was also described in an article in Monday's Financial Times of London.
++++ end quote ++++++++++++++++++++++++++++++++
------------------------Administrative-Notes------------------------------- To post an hwg-main - relevant message to the list, send to: mailto:hwg-main@ml.rpmdp.com To unsubscribe: mailto:majordomo@ml.rpmdp.com body of message: unsubscribe hwg-main