Cookie conundrum
in [UK Mac]
|
From: Rowland McDonnell on 1 Feb 2010 12:38 Geoff Berrow <blthecat(a)ckdog.co.uk> wrote: > real-address-in-sig(a)flur.bltigibbet.invalid (Rowland McDonnell) wrote: > > >I've just installed the thing. > > > >Ye gods! There's *hundreds* of these bloody local storage objects > >lurking! And did I really visit all those sites? > > Cookies can be very useful to the user as well as the site operator. Can be *slightly* useful to the user, not *very* useful - except for those sites where the site controller, being evil, sets things up so that you've got to have cookies on to permit them to track you more readily and gather more detailed information on you, a behaviour that I find most odious. The problem with cookies generally is that the user doesn't know and can't find out what they are for, in general, nor what information is in them, nor how that information might be used. The user must trust those who put cookies on their computer - which, obviously, only the very stupid would do. The sane user doesn't trust the operators because we know that they're up to no good trying to exploit us to the max. So we have methods of dealing with cookies - i.e., not letting them persist beyond browser sessions. > Some cookies are simply stored in memory and disappear when the > browser is closed. It's wrong to treat them all as works of the > devil. It's a big mistake to assume attitudes like that, because you end up having a totally wrong view of the world. The point is that cookie-like entities *are* the work of the devil when they're totally out of the users control, totally out of sight of the user, and are *NOT* removed when the browser is closed. And I had 255 of the bloody things! Now they get deleted on browser closure, which is what's needed. Firefox with the BetterPrivacy extension: <https://addons.mozilla.org/en-US/firefox/addon/6623> Rowland. -- Remove the animal for email address: rowland.mcdonnell(a)dog.physics.org Sorry - the spam got to me http://www.mag-uk.org http://www.bmf.co.uk UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
From: Geoff Berrow on 1 Feb 2010 12:54 On Mon, 1 Feb 2010 17:38:18 +0000, real-address-in-sig(a)flur.bltigibbet.invalid (Rowland McDonnell) wrote: >> Cookies can be very useful to the user as well as the site operator. > >Can be *slightly* useful to the user, not *very* useful - except for >those sites where the site controller, being evil, sets things up so >that you've got to have cookies on to permit them to track you more >readily and gather more detailed information on you, a behaviour that I >find most odious. Well I must declare an interest here, in that, as a web developer I'm responsible for the odd cookie, though mostly nothing more than session variables. > >The problem with cookies generally is that the user doesn't know and >can't find out what they are for, in general, nor what information is in >them, nor how that information might be used. Pretty easy to find out. > >The user must trust those who put cookies on their computer - which, >obviously, only the very stupid would do. The sane user doesn't trust >the operators because we know that they're up to no good trying to >exploit us to the max. Up to a point, Lord Copper. > >So we have methods of dealing with cookies - i.e., not letting them >persist beyond browser sessions. Suits me. :) > >> Some cookies are simply stored in memory and disappear when the >> browser is closed. It's wrong to treat them all as works of the >> devil. > >It's a big mistake to assume attitudes like that, because you end up >having a totally wrong view of the world. > >The point is that cookie-like entities *are* the work of the devil when >they're totally out of the users control, totally out of sight of the >user, and are *NOT* removed when the browser is closed. Well there /are/ constructive uses of a persistent cookie, usually for storing user preferences. Mostly, deleting them will result in a loss of functionality. You takes your choice. > >And I had 255 of the bloody things! So what? They are tiny and are extremely unlikely to have been doing any harm. > >Now they get deleted on browser closure, which is what's needed. No. See above. -- Geoff Berrow (Put thecat out to email) It's only Usenet, no one dies. My opinions, not the committee's, mine. Simple RFDs www.4theweb.co.uk/rfdmaker
From: D.M Prosciutto on 1 Feb 2010 13:50 On Mon, 1 Feb 2010 17:38:18 +0000, Rowland McDonnell wrote: > Can be *slightly* useful to the user, not *very* useful - except for > those sites where the site controller, being evil, sets things up so > that you've got to have cookies on to permit them to track you more > readily and gather more detailed information on you, a behaviour that I > find most odious. You are an incorrigible nitwit. I suppose you enter your bank card number every time you access the site? But then I suppose you don't trust Internet banking. -- "Another MacOS utter cockup, I reckon - it bloody well ought to work the way we've tried, but it seems broken." Rowland McDonnell on Mac - October 2, 2007
From: Rowland McDonnell on 1 Feb 2010 14:44 Geoff Berrow <blthecat(a)ckdog.co.uk> wrote: > real-address-in-sig(a)flur.bltigibbet.invalid (Rowland McDonnell) wrote: > > >> Cookies can be very useful to the user as well as the site operator. > > > >Can be *slightly* useful to the user, not *very* useful - except for > >those sites where the site controller, being evil, sets things up so > >that you've got to have cookies on to permit them to track you more > >readily and gather more detailed information on you, a behaviour that I > >find most odious. > > Well I must declare an interest here, in that, as a web developer I'm > responsible for the odd cookie, though mostly nothing more than > session variables. Which means `usually a breach of personal privacy' - and sometimes very much worse than that. `Session variables' - like a username and password pair in some cases, for example. Hardly harmless, these session variables you mention. Especially when they're available between sessions and to anything that cares to look 'em up. > >The problem with cookies generally is that the user doesn't know and > >can't find out what they are for, in general, nor what information is in > >them, nor how that information might be used. > > Pretty easy to find out. I've never been able to figure out how, so I'm certain that you're wrong about that. > >The user must trust those who put cookies on their computer - which, > >obviously, only the very stupid would do. The sane user doesn't trust > >the operators because we know that they're up to no good trying to > >exploit us to the max. > > Up to a point, Lord Copper. Your meaning? > >So we have methods of dealing with cookies - i.e., not letting them > >persist beyond browser sessions. > > Suits me. :) But since the average user has no idea these Flash cookies exist, it's not possible for the typical user to even contemplate doing anything about 'em. I'd spotted that Flash stores persistent data somewhere, and I've been meaning to track the place down for some time. Now I know, and I'm hopping mad at what's been going on behind my back. > >> Some cookies are simply stored in memory and disappear when the > >> browser is closed. It's wrong to treat them all as works of the > >> devil. > > > >It's a big mistake to assume attitudes like that, because you end up > >having a totally wrong view of the world. > > > >The point is that cookie-like entities *are* the work of the devil when > >they're totally out of the users control, totally out of sight of the > >user, and are *NOT* removed when the browser is closed. > > Well there /are/ constructive uses of a persistent cookie, usually for > storing user preferences. Mostly, deleting them will result in a loss > of functionality. You takes your choice. The point is that we have no /informed/ choice, meaning that we have no real choice at all. The only sane user response is to deny all Websites the ability to store cookies at all, unless doing so renders it unusable - and in such cases, cookies must be deleted after each session. Nothing else is sane - the cookie-planters and -users cannot be trusted, because we don't know who they are or what they are doing. > >And I had 255 of the bloody things! > > So what? They are tiny and are extremely unlikely to have been doing > any harm. So you claim - but how could I confirm that they are in fact all utterly benign, not breaching my privacy in any way I object to, and will all of them always prove to be so at absolutely all times in the future? I know *nothing* about what's in them - your judgement that it's `extremely unlikely' that they're harmful is meaningless and useless. The risk exists, no data on the degree of risk exists, they are a totally unknown quantity. That's `So what'. > >Now they get deleted on browser closure, which is what's needed. > > No. See above. What? Explain yourself. They get deleted when I shut down Firefox and that is what's needed. You are wrong to suggest otherwise. If Web developers don't like it, they're just going to have to get used to it: it's how a lot of us behave because we're never going to trust you lot, not ever. If a Website is unusuable because I delete cookies between sessions, I'll simply not use it. That is my choice - you, as a Web developer, need to understand that some of us will simply never ever trust any information planted on our computers by an external anything for reading by an external anything and that's that. Not even TOR... Rowland. -- Remove the animal for email address: rowland.mcdonnell(a)dog.physics.org Sorry - the spam got to me http://www.mag-uk.org http://www.bmf.co.uk UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
From: Woody on 1 Feb 2010 15:43
On 01/02/2010 19:44, Rowland McDonnell wrote: > If Web developers don't like it, they're just going to have to get used > to it: it's how a lot of us behave because we're never going to trust > you lot, not ever. Frankly it doesn't matter much. Most sites user persistent cookies so that people don't have to log in every time they come to the site (normally with a 'remember me' button) but it is entirely there for the users benefit and it is up to them if they want it or not. Shops and forums are normally in that category. Most people want that sort of thing which means they are the people that you have to cater for, the kind that don't are a smaller number, and the ones that are paranoid about cookies are a vanishingly small percentage. Some companies do add tracking - their names are pretty obvious to spot when you look at your cookies. > If a Website is unusuable because I delete cookies between sessions, > I'll simply not use it. Very unlikely it would be, or it wouldn't have worked the first time you went to it. If you don't have cookies it should be the same as when you first used it. > That is my choice - you, as a Web developer, > need to understand that some of us will simply never ever trust any > information planted on our computers by an external anything for reading > by an external anything and that's that. Not really. As you say, it is your choice but it is a very minority choice. If you can accommodate all your users then it is worth doing it, but if some peoples interests are in conflict with other peoples, then you have to go with the majority. As a web developer you are always aware of the fact that you can't please everyone -- Woody |