(no subject)

Hello,

rst@ai.mit.edu (Robert S. Thau) wrote:
[example of a site with hacked session ids and its disadvantages]
> 
> To put it another way, the ostrich approach to, say, the privacy
> issues with session-id won't work at all.  If you're concerned, try
> something else.

No sale.  I remain firm in my position that privacy on the Web can be maintained by 
policies like those in Europe and now by MSN that do not allow data fusion with out 
consent.  These policies forgo a lot of the technical issues.

For instance, television has had the ability to be instrumented with the capability 
of monitoring what you watch and when.  Despite market pressures, it has never been 
done (though it may very well happen under our eyes with interactive TV).

The W3C may decide that it wants to help protect the privacy of Web users, and then 
again, it may bow down.  Regardless, within site analysis with consent is more or less 
benign and there are plenty of ways to technically accomplish this.  Enabling the client 
to control and override ids is a must in my opinion, but this again is not a technical 
issue, but one of interface and policy, which the W3C could either decide to impose 
requirements upon their presence or not.  Market pressures, while strong, do not always
prevail.

Regards,
Jim.

Received on Thursday, 27 July 1995 04:48:19 UTC