[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-usability
Subject:    Re: Security and usability
From:       "Aaron J. Seigo" <aseigo () kde ! org>
Date:       2003-08-18 19:31:16
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 18 August 2003 12:40, Roland Seuhs wrote:
> Wow, I write 2 pages of reasons why to remove the cookie popup and now you
> propose replacing it with 2 popups.
>
> Did you even read what I wrote?

ok, enough with the flame-worthy material. calm down ....

you are both right and wrong, IMHO:

there HAVE been problems with cookies in the past, both security and privacy 
related. the latter is the larger issue, but the former has occurred. why do 
you think so much emphasis has been put on using session id's instead of 
storing the username/password in a cookie? that's right: there's been abuses.

you are also wrong to assume that everyone turns it off. most users won't 
simply because most users don't mess with their settings that much and just 
go with the defaults. many sophisticated users keep it on because it IS very 
useful.

but you are right in that worthless popups cause people to start ignoring 
them. the cookie popup doesn't suffer as badly as others since the 
information in it is dynamic and more extensive than usual: this tends to 
give people pause.

making the defaults something in between such as "Automatically accept session 
cookies" and "Only accept cookies from originating server" would probably be 
enough, no? this means you only see cookie popups on occasion, and often only 
when they are a privacy issue. of course, those are already the current 
defaults.

making things ultra-lax for fear of annoying the user is what leads to 
situations such as Microsoft's horrible security record with things such as 
email clients and web browsers.

making things ultra-locked-down without care for the user isn't good either, 
of course.

- -- 
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA  EE75 D6B7 2EB1 A7F1 DB43
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/QSmE1rcusafx20MRAtp5AJ9uiThBN5yp30/DoIkcxtOkOGme7QCfZbXa
aHw/JUJPVZUMQStezI8Ah7k=
=LoAm
-----END PGP SIGNATURE-----
_______________________________________________
kde-usability mailing list
kde-usability@mail.kde.org
http://mail.kde.org/mailman/listinfo/kde-usability
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic