Cookies etc.,

elektroda.net NewsGroups Forum Index - Electronics Design - Cookies etc.,

Goto page Previous 1, 2, 3, 4, 5, 6 Next

Nobody
Guest

Wed Sep 01, 2010 4:50 pm

On Wed, 01 Sep 2010 07:45:13 -0700, Joerg wrote:

Quote:

That's what you think. If a website uses GoogleAnalytics, you are
tracked by the pages you visit, and your IP address.

The web site operator has that information regardless of whether they use
Google Analytics and regardless of any privacy extensions in your browser.
You can't view a web page without telling the server which page you want
and where to send it (your IP address).

Quote:

... which changes all the time in my case. Unless I'd leave the modem on
all day, which I don't. So how can they track me?

Having a dynamic IP address makes it harder to track you, although not
necessarily impossible:

https://panopticlick.eff.org/

Jim Thompson
Guest

Wed Sep 01, 2010 4:59 pm

On Wed, 01 Sep 2010 16:30:03 +0100, Nobody <nobody_at_nowhere.com> wrote:

[snip]

Quote:

FWIW, I browse with JavaScript, cookies and Flash all disabled (I don't
mean "blocked", I mean that the options are simply turned off). If people
want to run programs or store data, they can do it on their own computers.

Nobody
Guest

Wed Sep 01, 2010 5:02 pm

On Wed, 01 Sep 2010 12:17:01 +0100, Rui Maciel wrote:

Quote:

Who says cookies can't be evil?

http://online.wsj.com/wtk

If you find cookies to be scary then I suggest that you inform yourself
of a new addition to the WWW called Web Storage, also known as DOM
storage.

In practical terms, the only difference compared to cookies is the
increased size.

DOM storage can only be accessed via JavaScript, which could provide the
same functionality via a combination of cookies and storage on the web
server.

I'd be more concerned about "Flash cookies", as these can't be disabled
through the Firefox options dialog; you have to use a Flash applet on
Adobe's site to control local storage.

Joerg
Guest

Wed Sep 01, 2010 8:45 pm

Nobody wrote:

Quote:

On Wed, 01 Sep 2010 07:45:13 -0700, Joerg wrote:

That's what you think. If a website uses GoogleAnalytics, you are
tracked by the pages you visit, and your IP address.

The web site operator has that information regardless of whether they use
Google Analytics and regardless of any privacy extensions in your browser.
You can't view a web page without telling the server which page you want
and where to send it (your IP address).

... which changes all the time in my case. Unless I'd leave the modem on
all day, which I don't. So how can they track me?

Having a dynamic IP address makes it harder to track you, although not
necessarily impossible:

https://panopticlick.eff.org/

True, but at some point it's like having a lock, a deadbolt, a
Rottweiler and a Shepherd. The effort just becomes too much and the
intruding party choses to move on to easier targets ;-)

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.

Rich Grise
Guest

Wed Sep 01, 2010 9:10 pm

On Tue, 31 Aug 2010 17:15:15 -0700, JosephKK wrote:

Quote:

Who says cookies can't be evil?

http://online.wsj.com/wtk

Ah, heck! I was hoping it was like gingerbread men with swords or
something. ;-)

But just browser cookies? That's such a strawman. A cookie is a little
text snippet that the site offers to your browser, which stores it if
you accept it, and (at least when I learned about them) they can only
be retrieved by the site that set them. A COOKIE CAN'T BE EXECUTED!

To protect yourself from malware, just don't do your day-to-day work
as "administrator" - make a restricted user account, and DON'T CLICK
ON UNKNOWN LINKS!

It's not that hard; you just have to pay a little attention.

Cheers!
Rich

Rui Maciel
Guest

Thu Sep 02, 2010 12:23 am

Nobody wrote:

Quote:

Claiming that the Web Storage database "can only be accessed via JavaScript" can be misinterpreted
as this technology being completely harmless and only used under very specific circumstances. As
every browser offers a JavaScript implementation and some sites even force the user to enable
JavaScript to be able to access their site, claiming that the Web Storage database "can only be
accessed via JavaScript" is essentially the same as claiming that it can only be accessed through
every browser in the world.

From that, once we realize that there are companies that collect information on essentially all
WWW users by injecting their own JavaScript code on all the sites they can manage to access (and
as a consequence are able to collect piles on information such as browsing history and personal
profiles), providing a juicy RDBMS for them to store and retrieve information from our very own
hard drives is something which should trouble some people.

Quote:

I'd be more concerned about "Flash cookies", as these can't be disabled
through the Firefox options dialog; you have to use a Flash applet on
Adobe's site to control local storage.

Yes, that's true. Nonetheless, Flash is essentially a gimmick which is essentially losing (if it
hasn't already lost) it's relevance in the web while cookies and this Web Storage thingie is based
on basic WWW standards, it's present in all major browsers and is already indissociable from the
web. To put it in other words, while Flash may be on it's way out, cookies and Web Storage are
deeply entrenched in the web and there is essentially no way around them.

Rui Maciel

Rui Maciel
Guest

Thu Sep 02, 2010 12:33 am

Nobody wrote:

Quote:

It's true that the web site operator can register IPs and monitor the cookies his site sets. Yet,
what Google Analytics and the sort does is far more insidious and overreaching than that. Google is
able to inject Google Analytics scripts on a vast number of sites, which enable it to not only
register IPs and monitor cookies but also to cross-reference that data with all the data collected
by all the Google Analytics scripts running on a vast number of sites. By doing that, Google is
able to create, build up and maintain a profile on every user which, among other things, includes
your browsing history and your web habits.

So, in essence, being able to say that "user X logged into my site at Y day" is a whole lot
different than "user X has these browsing habits and these personal interests".

Rui Maciel

Rui Maciel
Guest

Thu Sep 02, 2010 12:47 am

m II wrote:

Quote:

Is there some assurance that it doesn't report back to head office?

Essentially there isn't. You may try to mitigate this problem my refusing to run scripts that you
haven't explicitly authorized. One way to try to do that is to use NoScript and adblock extensions
and configure your browser to delete all data (cache, cookies, web storage, etc..) when closed.
Yet, even that doesn't guarantee a 100% success rate.

Rui Maciel

m II
Guest

Thu Sep 02, 2010 1:45 am

Rich Grise wrote:

Quote:

A COOKIE CAN'T BE EXECUTED!

This is leading up to it, though...scary.

http://tinyurl.com/2fy6rcn

mike

Guest

Thu Sep 02, 2010 6:30 am

On Aug 31, 7:26 pm, m II <c...@in.the.hat> wrote:

Quote:

JosephKK wrote:

Who says cookies can't be evil?

http://online.wsj.com/wtk

Google will become, if it isn't already, the largest lump of evil ever
seen by mankind. It's already surpassed Microsoft in it's 'Borg' like
behaviour.

I recently installed Adblock plus in my browser. It stopped over 1900
GoogleAnalytics scripts from running, in a three day span.

That company has spying software everywhere on the Web and it all
reports back to head office.

I no longer use Google for a search engine or Google maps for the
phone GPS. They want to use me for data acquisition? The can pay me
for my time and energy consumption, not sneak around my back taking
notes and pictures.

Trywww.ixquick.comfor searching. It seems quite sufficient.

mike

Google is trivial compared to Obamacare. Obamacare truly tracks every
aspect of your life, and puts it in an internet-accessible database.

The 4th Amendment says you have the right to be secure in your person,
house, papers, and effects. Nope, that's changed.

--
Cheers,
James Arthur

Guest

Thu Sep 02, 2010 6:31 am

On Aug 31, 7:37 pm, Joerg <inva...@invalid.invalid> wrote:

Quote:

JosephKK wrote:
Who says cookies can't be evil?

http://online.wsj.com/wtk

Just turn'em off. That how it's set up here. Tedious at times because
some electronics companies require cookies but then I can allow on a
case by case basis.

No snooping and tracking here Smile

They still track you by IP address (if you have a static IP, that is).

Robert Baer
Guest

Thu Sep 02, 2010 10:45 am

Michael A. Terrell scribbled elsewhere and elsewhen:

Quote:

You offered to pay for the hosting of a website a while back. As
long as the number of submissions is reasonable, I'm willing to set up
the website. Post the schematic, and let people point out what is wrong
with it.

Send me a bill or request for funds not in excess of $200 this month
as well as an estimate as to how much more may be required.
Since i am Socially InSecure, i can do only so much a month - which
varies according to expenses for weird things like food.

Fred Abse
Guest

Thu Sep 02, 2010 6:34 pm

On Thu, 02 Sep 2010 00:23:00 +0100, Rui Maciel wrote:

Quote:

every browser offers a JavaScript implementation

Wrong.

Dillo doesn't, for one.

--
"For a successful technology, reality must take precedence
over public relations, for nature cannot be fooled."
(Richard Feynman)

Nobody
Guest

Thu Sep 02, 2010 6:47 pm

On Thu, 02 Sep 2010 00:23:00 +0100, Rui Maciel wrote:

Quote:

In practical terms, the only difference compared to cookies is the
increased size.

DOM storage can only be accessed via JavaScript, which could provide the
same functionality via a combination of cookies and storage on the web
server.

Claiming that the Web Storage database "can only be accessed via
JavaScript" can be misinterpreted as this technology being completely
harmless and only used under very specific circumstances. As every
browser offers a JavaScript implementation and some sites even force the
user to enable JavaScript to be able to access their site, claiming that
the Web Storage database "can only be accessed via JavaScript" is
essentially the same as claiming that it can only be accessed through
every browser in the world.

No, it's can only be accessed if the user enables JavaScript. If a site
has a "must use JS" policy, you can always walk away.

If you do enable JS, the capabilitities are unchanged with or without DOM
storage. A small cookie is enough to store a unique ID to identify the
user. Once you have that ID, any amount of data can be stored on the
originating server.

DOM storage simply replaces the combination of small, local storage plus
large, remote storage with large, local storage. This affects convenience,
not capability.

Quote:

From that, once we realize that there are companies that collect
information on essentially all WWW users by injecting their own
JavaScript code on all the sites they can manage to access (and as a
consequence are able to collect piles on information such as browsing
history and personal profiles), providing a juicy RDBMS for them to
store and retrieve information from our very own hard drives is
something which should trouble some people.

Anything they can do with DOM storage, they can do without it.

BTW, DOM storage is a key-value store, not an RDBMS. The SQL version is
still in the drafting stages, and ultimately doesn't offer any more than
DOM storage beyond convenience (i.e. not having to implement the
relational features yourself in JavaScript).

Quote:

I'd be more concerned about "Flash cookies", as these can't be disabled
through the Firefox options dialog; you have to use a Flash applet on
Adobe's site to control local storage.

Yes, that's true. Nonetheless, Flash is essentially a gimmick which is
essentially losing (if it hasn't already lost) it's relevance in the web
while cookies and this Web Storage thingie is based on basic WWW
standards, it's present in all major browsers and is already
indissociable from the web. To put it in other words, while Flash may
be on it's way out, cookies and Web Storage are deeply entrenched in the
web and there is essentially no way around them.

Well, I browse with JavaScript disabled. Even if you enable it, Firefox
has a options to ask before allowing a script to use DOM storage (Tools ->
Options -> Advanced -> Network -> Tell me when a website asks to store
data for offline use), and to remove any data which is currently stored.

Another thing to be more concerned about is tracking usage through
"visited" link styles. That can be still done even with JS disabled and
cookies blocked, by giving each link a "visited" style with a unique
background image URL. "Private browsing" (aka "porn mode") will prevent
that, but it means that your browsing history isn't available to you
either.

Joerg
Guest

Fri Sep 03, 2010 8:49 pm

dagmargoodboat_at_yahoo.com wrote:

Quote:

On Aug 31, 7:37 pm, Joerg <inva...@invalid.invalid> wrote:
JosephKK wrote:
Who says cookies can't be evil?
http://online.wsj.com/wtk
Just turn'em off. That how it's set up here. Tedious at times because
some electronics companies require cookies but then I can allow on a
case by case basis.

No snooping and tracking here :-)

They still track you by IP address (if you have a static IP, that is).

I don't have a static IP :-)

--
Regards, Joerg

http://www.analogconsultants.com/

"gmail" domain blocked because of excessive spam.
Use another domain or send PM.

Goto page Previous 1, 2, 3, 4, 5, 6 Next

elektroda.net NewsGroups Forum Index - Electronics Design - Cookies etc.,