portal.research.bell-labs.com/~dmk/cookie-ver.html | The official draft papers |
www.netscape.com/newsref/std/cookie_spec.html | Netscape's Cookie Implementation |
communication.ucsd.edu/Kbasho/privacy.html | Privacy and the Construction of Online Identity |
www.anonymizer.com/cgi-bin/snoop.pl | I Can See You |
www.epic.org/privacy/internet/cookies/ | EPIC |
www.etrust.org/ | eTRUST |
www.illuminatus.com/cookie.fcgi | Andy's Netscape HTTP Cookie Info w/o nuts |
www.info-law.com/lost.html | Lost and Found in Cyberspace: Informational Privacy in the Age of the Internet |
www.junkbusters.com/ht/en/cookies.html | Junkbusters: |
www.pcworld.com/workstyles/online/articles/oct96/1410forsale.html | Maybe the *best* review of cookies |
www.stack.nl/~galactus/remailers/ | Anonymity and privacy on the Internet |
www.thelimitsoft.com/ | Cookie Crusher |
www.whyron.com/cookies.htm | NO Cookies, Please! |
www.wizvax.net/kevinmca/ | NS Clean and IE Clean [see *What am I worried about?] |
Date: 19970711 From: Clyde Smith-Stubbs <clyde@htsoft.com> Organization: HI-TECH Software, www.htsoft.com/ To: Motorola's 68HC11-Apps mailing list Subject: Re: Cookies
On 19970710, Evan Tuer wrote:
Mike, it *definitely* makes a difference - email addresses can be easily collected from cookie returns - the IP address alone is often not enough to...
No, this is true only if you provide your email address to the Web site - a
cookie works by the server sending a string to be stored in your cookie
file (which you can look at, BTW). That cookie will be sent back to the
same server when you access another page from it (it can be keyed to particular
pages, or the whole server).
BUT! The ONLY information sent back in a cookie is the information that the
server sent in the first place. If you did not give the server your email
address it cannot put it in a cookie, so it can't get it back with a
cookie.
Just make make it very clear - the cookie sent back to a server can only
contain what it sent to you in the first place - no email address dug
out of your browser settings, no system info, no nothing.
There are other ways that servers can get some info about you; the
browser type, which includes the O/S you are running, does get sent
in a page request, so the server can tell you are using Mozilla (Navigator)
on Win95, for example. Also, if you follow a hyperlink, the URL of the
page containing the link will get sent (as the referring URL). IF the
referring URL happens to be a cgi script accessed with a GET method,
the URL can contain parameters - for example if you use a search engine
like Alta Vista, and then follow one of the links returned, the site
you go to can tell what search keywords you used to find that link, because
they are in the URL of the Alta Vista search result page.
But cookies are actually a security benefit to the user in many ways - for
example if you do provide any personal information to a server, would you
rather have it stored on your machine, in your cookies.txt file, or on the
server?
The most common way for spammers to get your email address is if you
post on Usenet newsgroups. Just accepting cookies will NOT* do it.
Clyde Smith-Stubbs
Goto: | Main | Mirror | About | Author |
Register: | Yourself | Company | ||
Feedback: | Correction | Addition | Question | |
Request quote: | Chips (Deutsch) | Chips (English) | Chips (Nederlands) |