On Tue, Nov 13, 2001 at 01:59:10PM -0800, Tim Roberts wrote: > > > >I don't think that Javascript is a good idea to solve this problem. Most > >people I know disable cookies for privacy reasons. > > Are you serious? "Most people" you know disable cookies? I don't think I know > a single person who does so. I thought the whole ridiculous cookie scare had > finally blown over, and good riddance to it. It's a red herring.
I surf without cookies unless they're necessary for a site I really want to access. Not because I'm afraid of remote sites peeking into my hard drive. Cookies can't store anything the original server can't calculate, and unless you fill out a form, the only information they have are things like your IP/domain, browser type, request URL and time of request. Still, sites have no business sharing this info with ads.doublecick.net (and thus to other sites) unless they put a big red warning on the home page. The amount of stealth tracking also makes me suspicious of sites that only use the cookie internally. Our sites use the cookie just to track the session ID and provide authorization levels to registered users, but we don't track how much a user uses the non-anonymous services. Other sites may be just as innocuous, but the point is you don't know. You also don't know whether they will really honor their privacy statement. The fact that I could sue them for breach of privacy statement is small comfort, because I wouldn't go through the time and expense of taking them to court anyway. It's really a question of not wanting to be a willing participant in the sites' covert data tracking schemes. If they said exactly what information they're tracking and how they're using it, and it was clear to all surfers, I wouldn't complain. But general statements like, "We may share some information with others," doesn't tell me *which* information they're sharing or *to whom* and *why*. If they won't tell me that, I don't want to give them the info. > >They often disable Javascript for security reasons, too. > > That's just boneheaded. Javascript lives in a restricted environment. It > can't get out. It can't read or write files. Java is an entirely different > story, but Several of the recent security alerts have been related to Javascript, if I remember right. Especially if the browser automatically launches or installs downloaded programs, opens downloaded Word/Excel documents, etc. Not all of this is Javascript's fault, but Javascript has many tentacles through which somebody is always discovering a new way to exploit. > Several of the recent security alerts have been related to Javascript. > disabling Javascript serves no purpose other than to make ones web > experience more painful. Only badly-designed sites that don't gracefully degrade if Javascript is disabled. I expect to lose some optional features when I disable Javascript. I don't expect it to make the site unnavigable. And those sites that use Javascript to do things that could have been done in HTML (like displaying an image or switching to another page), grr. -- -Mike (Iron) Orr, [EMAIL PROTECTED] (if mail problems: [EMAIL PROTECTED]) http://iron.cx/ English * Esperanto * Russkiy * Deutsch * Espan~ol _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
