Allan Hunt-Badiner wrote:
>
> Kevin Ryan, CEO of DoubleClick, was recently interviewed on CNN fN and
> stated that according to his research, users want to be personally
> targeted with ads. assuming that is true (i dont think most users have
> a clue about cookies yet), then there should be no objection to the OPT
> IN approach (versus OPT OUT) for personal data sharing.
definitely. but let's face it: the likes of doubleclick survive by the
very fact that 99% of their victims are unaware of what's going on.
> 1. disclosure that users are served cookies, and that having cookies
> enabled is optional with no loss in site functionality. (the non-cookie
> user would need only to type in their email address each visit)
I'll come back to that later, but you are, IMHO, way too much picking on
cookies. they're a tool, not an evil in themselves.
> 2. strict confidentiality of all info volunteered by user (registrations
> etc) with no disclosure to third party companies (including ad
> agencies), unless and until user has been informed, and decides to OPT
> IN.
this, btw. is LAW where I live. it has led to almost everything you sign
having a smallprint saying "I agree that my personal data may be shared
with third parties". of course you can strike that out (and they can't
withhold service because you did) but how many people do?
> 3. giving users who do OPT IN an opportunity to regularly review and
> edit their profiles
that, too, is law over here (germany). it's just that (again) almost
nobody ever does it.
> one of the best way to guard against invasion of web privacy is to
> completely disable cookies in the browser. contrary to the disinfo
> spread by cookie enthusiasts, most reputable commerce sites do not
I don't think cookies are the problem. I have only recently started to
like them, since they are so useful for one of my own online projects,
as a means to store session information. in my example it's a service to
the user that I use cookies, since otherwise he'd have to continuously
re-identify. (it's an online game, so it's not that important that I
store md5 sums of passwords on the user's harddisk).
look at 7val or my website (http://www.lemuria.org/Software/unpoison)
about their scheme and you will see that you can do more evil tracking
without cookies.
it's not the tool, it's the use.
that said, I *do* like lynx' handling of cookies very much. in lynx you
can not only say "yes" and "no" to accepting a cookie, you can also say
"always" and "never", SITE SPECIFIC. so you would say "never" to cookies
from doubleclick exactly once, while still enjoying the advantage of
using cookies with, say, my game.
