[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: cookies or redirection?
From:       Lars Knoll <Lars.Knoll () mpi-hd ! mpg ! de>
Date:       2000-04-12 14:33:05
[Download RAW message or body]

On Wed, 12 Apr 2000, Andreas Pour wrote:

> Lars Knoll wrote:
> > 
> 
> [ ... ]
> 
> > > I guess this would break things like linuxtoday.com, which redirects
> > > you to an IP number address, if the cookies still contain "linuxtoday.com".
> > > (Hmm, can't remember if there are cookies there, but you get the idea.
> > > Difficult to be sure the domain name will match exactly, no ?)
> > 
> > It shouldn't. Cookies are anyway bound to one host. So the ip number you
> > get redirected to won't get to see the cooky anyway. But disabling
> > cookies for images not served from the same server as the main page
> > would make it impossible for hosts like ads.doubleclick.net to collect
> > informations about users surf habits.
> 
> To the extent the world is moving toward static IP addresses, that's not
> right -- doubleclick still knows your IP address.  Eventually, due to
> its partnerships and information sharing with a number of host sites
> where you are likely to submit user data (heck, even Linux.com and
> redhat.com use doubleclick ads), it will undoubtedly be able to
> associate IP addresses with actual names/e-mail addresses.

I was just talking about the cookie mechanism as described in the HTTP
specs. This specs makes it impossible for the doubleclick server to read
the cookies set for the main website, where doubleclick has a
banner. But if the doubleclick server is allowed to set a cookie, it can
retrieve it for every page that has a doubleclick banner and, by the
images url relate it to the main page viewed. By this they get
informations about the users surf habits even without explicit information
sharing between the web site you browse and doubleclick. 
This was by the way one of the main reasons why centralized ad servers
were build up. It should at least be possible to kill this easy way for
doubleclick or other ad servers to collect informations about my browsing
habits, by disallowing cookies to be set from servers which just serve an
image, but are different from the server of the main html page.

In the end, who needs cookies on images anyway, except for advertising
purposes? I don't know how good that would work on some servers, but maybe
another possibility is to disallow cookies completely on images.

Lars


> The best solution to privacy I have heard of is a project AT&T has done
> research on involving "crowds".  In a "crowds" world you have a select
> group of individuals -- several thousand -- who cooperate.  All
> communications between crowd members are encrypted.  When you go to make
> a request to someone outside your crowd, your request is randomly routed
> through other members of the crowd, until after some number of hops the
> request is actually sent to the target and returned (the return path
> need not be the same).  Not even other crowd members know what your
> requests are, since if they receive a request from you, they do not know
> if you are simply passing it on, or if you originated it.
> 
> The URL is http://www.research.att.com/projects/crowds/.
> 
> I actually think it would be really cool if Konqueror had built-in
> support for "crowds" :-).  The "privacy browser".
> 
> Ciao,
> 
> Andreas
> 
> 

-- 
Lars Knoll                                 knoll@mpi-hd.mpg.de
  PGP pub key [6DADF3D5]: finger knoll@pluto.mpi-hd.mpg.de 

[prev in list] [next in list] [prev in thread] [next in thread]