Re: Security: Cookies from Antoni Matheu on 2000-03-20 (www-talk@w3.org from March to April 2000)

From: Antoni Matheu <amatheu@ati.es>
Date: Mon, 20 Mar 2000 08:07:35 +0100
To: "Joris Dobbelsteen" <j.p.tdobbelsteen@freeler.nl>
CC: www-talk@w3.org
Message-Id: <200003200708.IAA27843@ati.es>

> Last I heard about privacy violation by use of cookies:
> - They should provide a web server with personal information about you
> - provide Web Server Administrators (and authorized users) with information
> about the web server usage from a specific user or all users.
> 
> The guy was on the radio and complained cookies where a real violation to
> his privacy and turned it off, also he said servers should announce that
> they are using cookies. RFC 2616 (HTTP/1.1 - June 1999) and another document
> discussing HTTP/1.1 did not mension cookies, and they don't see to be
> standard (???) or this is part of HTML (???).
> 
> I desided that monitoring what users like can be done much easier by logging
> the links clicked (redirection) and using counters.
> Maybe other HTTP/1.1 parts provide much greater security vulabilities:
> user-agent, server, via, from, etc.....
> 
> Can I have some more info about this???
> 

I think that cookies do not send any information not previously 
stored in it, and this information has been available to the server 
by other means.

The only value of a cookie is that, as people connect usually via an 
ISP that doesn't give them the same ip address every time, it is 
impossible to relate a person to an ip and store information about it 
using ip as an identifier. So you must send it a cookie and get back 
it later.

I mean that the privacy violation resides on the use of user-agent, 
server, via, from, etc; not the use of cookies.

Regards,


-------------------------------------+--------------------------------
Antoni Matheu                        |
http://vincles.minim.org             |
                                     |   Encara no edites amb L'Ed ?
Promoció gratuïta de pàgines web     |   ¿ Aún no editas con L'Ed ?
Promoción gratuita de páginas web    |   Not editing with L'Ed yet ?
Free web pages promotion             |   http://pagina.de/amatheu
-------------------------------------+--------------------------------

Received on Monday, 20 March 2000 02:07:13 UTC