W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2010

Re: Cookies - Raising Awareness

From: David Singer <singer@apple.com>
Date: Sat, 24 Jul 2010 11:42:13 +0200
Cc: public-privacy@w3.org
Message-Id: <59ECE7DF-7879-4F63-A5DE-BD917BF52537@apple.com>
To: Jochen Eisinger <eisinger@google.com>
But my basic question remains:  how on earth can I predict what the consequences of a particular cookie are?  "This cookie helps link together your browsing of the site", vs. "this cookie helps us build a personal record of all your interactions, transactions, etc.", and so on.

Sites don't say what a cookie contains, what is associated with it on the server, or what that set of data is used for.  Without that knowledge, I am completely at sea, aren't I?

Tracking can be done in lots of ways, true.

On Jul 24, 2010, at 10:21 , Jochen Eisinger wrote:

> On Sat, Jul 24, 2010 at 10:13 AM, David Singer <singer@apple.com> wrote:
>> !
>> If I am asked 'do you want to accept this cookie?' I would immediately ask back 'what is it tracking?'.  I have no idea what the right answer is...
>> Turning off cookies is somewhat going completely incognito/untrackable;  kind of like wearing a stocking over your head, generic black pants and jacket, dark glasses, and doing all your transactions  using 'ransom notes' and unmarked, used, $10 bills.  it's a bit extreme.
> I'd argue that it mainly breaks logins for you.
> Tracking can be done without HTTP cookies, e.g. using flash cookies,
> local storage, finger printing etc..
> We're however currently experimenting with replacing the cookie prompt
> with a more usable blocking mode. You can test it on Chrome's current
> dev channel. When you block cookies, we'll collect both blocked and
> accepted cookies (and other site data such as local storage). Click on
> the blocked cookie symbol and select "show cookies etc..". This will
> pop up a dialog that displays all cookies for the current web page,
> and lets you create exceptions for accepting/blocking cookies from
> certain domains. It's not yet perfect, esp. the creation of exception
> doesn't give you any feedback, but what do you think about the general
> approach?
> -jochen

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Saturday, 24 July 2010 09:42:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:51 UTC