W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

RE: Unverifiable Transactions / Cookie draft

From: Phillip M. Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 18 Mar 1997 14:38:33 -0500
Message-Id: <01BC33AB.EB202D70@crecy.ai.mit.edu>
To: 'Steve Madere' <madere@dejanews.com>, "http-wg@cuckoo.hpl.hp.com" <http-wg@cuckoo.hpl.hp.com>
>The "login" model is a serious step back in privacy.  Suddenly, we not 
>only know it is the same person that was here earlier, we know it is a 
>particular person with a particular email address etc.

I disagree. The user is at least aware that they are revealing information
about themselves. What is so offensive about cookies is that no steps
were taken to inform the user of their implications. Indeed little effort
appears to have gone into thinking through those implications.

Attempting to bludgeon the user into accepting cookies by putting up
a noisy dismiss box each time it is recieved is a fraudulent method
of providing "choice". The user is forced to "pay" by dismissing the box
each time. There should either be a switch to turn them off entirely
or some means of selecting which to allow and which not to.

I regard the various promisses from the vendors on this as sophistry.
If they were worried about user privacy then they would have implemented
this long ago.

I'll just point out that Microsoft voluntarily entered into an agreement to
abide by the terms of the European data privacy laws. I don't believe that
cookies meet those laws. 

	Phill
Received on Tuesday, 18 March 1997 11:51:30 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:31 EDT