- From: Marc Salomon <marc@pele.ckm.ucsf.edu>
- Date: Sat, 15 Jun 1996 14:53:41 -0700
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Koen wrote:
|Warning: though this browser tries to help you in protecting your
|privacy, it cannot not offer strong protection against cross-server
|user tracking because several features of the web allow this to be
|implemented.
Why can't strong protection be afforded by a cookie management suite with a
feature to allow toggling a domain's active status within a cookie (but not
adding new domains)?
----------------------------------------------------------------
View Cookie: Journal Browsing Cookie
Contents:
[SiteLicense = Encrypted ticket for you alone to access the distributed
collection. Contains your encrypted internet address and
a time stamp so each site we license with can verify that
you are licensed without knowing your name. Sites would
know your internet address regardless if you connect with
a cookie or not. ]
[Specialty = Radiology]
[Version = 1.0]
[Path = /pub]
Toggle Checkbox to Enable/Disable Domain on Future Transactions
(O) UCSF Library Electronic Periodicals Collection
(*) New England Journal of Medicine
(*) Journal of the American Medical Society [$Path = /sitelicense]
( ) Jeff and Akbar's Demographic Hut [$Path = /spoof]
and Stateful Cookie Shack
[Committ][Reset][Dismiss]
----------------------------------------------------------------
key:
(O) = Cookie Originating Domain - Always on
(*) = Active Cookie Domain - cookie sent if domain-match
( ) = Inactive Cookie Domain - cookie not sent if domain-match
Should descriptive comments be allowed in the Set-Cookie header for each
attribute so that Cookie management software can report an annotated version
of cookie contents, informing the users' Cookie management decisions and
holding server owners accountable for those claims? Fraud is a crime.
-marc
Received on Saturday, 15 June 1996 15:01:58 UTC