Re: Security: Cookies

> Last I heard about privacy violation by use of cookies:
> - They should provide a web server with personal information about you
> - provide Web Server Administrators (and authorized users) with information
> about the web server usage from a specific user or all users.
> The guy was on the radio and complained cookies where a real violation to
> his privacy and turned it off, also he said servers should announce that
> they are using cookies. RFC 2616 (HTTP/1.1 - June 1999) and another document
> discussing HTTP/1.1 did not mension cookies, and they don't see to be
> standard (???) or this is part of HTML (???).
> I desided that monitoring what users like can be done much easier by logging
> the links clicked (redirection) and using counters.
> Maybe other HTTP/1.1 parts provide much greater security vulabilities:
> user-agent, server, via, from, etc.....
> Can I have some more info about this???

I think that cookies do not send any information not previously 
stored in it, and this information has been available to the server 
by other means.

The only value of a cookie is that, as people connect usually via an 
ISP that doesn't give them the same ip address every time, it is 
impossible to relate a person to an ip and store information about it 
using ip as an identifier. So you must send it a cookie and get back 
it later.

I mean that the privacy violation resides on the use of user-agent, 
server, via, from, etc; not the use of cookies.


Antoni Matheu                        |             |
                                     |   Encara no edites amb L'Ed ?
Promoció gratuïta de pàgines web     |   ¿ Aún no editas con L'Ed ?
Promoción gratuita de páginas web    |   Not editing with L'Ed yet ?
Free web pages promotion             |

Received on Monday, 20 March 2000 02:07:13 UTC