hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to Jason Levine
Re: How 'bad' are spyware cookies??
said by Jason Levine  :However, if you delete adcompany.com's cookie (or refuse it in the first place), you appear to them to be a new person every time. Yes and no. I have detected my IP address in cookies served from various sites (not in a while though). I have also seen sites insert my IP address into the query strings and posted data from form submittal. So while deleting stored cookies will prevent most sites from tracking you it won't help if they are using your IP as a unique id unless your IP address changes frequently.
--
FOUR MORE YEARS!! - of fear. |
|
ghost16825
Use security metrics
Premium
join:2003-08-26
| said by hpguru : said by Jason Levine :However, if you delete adcompany.com's cookie (or refuse it in the first place), you appear to them to be a new person every time. Yes and no. I have detected my IP address in cookies served from various sites (not in a while though). I have also seen sites insert my IP address into the query strings and posted data from form submittal. So while deleting stored cookies will prevent most sites from tracking you it won't help if they are using your IP as a unique id unless your IP address changes frequently. That's exactly it. If your IP address changes frequently and you delete cookies before the IP changes over in all reality what can be done? |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| But who has a dynamic IP these days? My IP hasn't changed since the last time I shut the computer down when I went on vacation. That was Sept 2003. I bought this computer November 2003 and have had the same IP address all this time. I have Road Runner as my ISP. I have noted for years that if you want a new IP with Road Runner you must shut down the computers for at least 96 hours and sometimes it must be even longer. Three weeks will do it.
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to ghost16825
said by ghost16825 :That's exactly it. If your IP address changes frequently and you delete cookies before the IP changes over in all reality what can be done? That's it exactly. I'll take it a step further & ask even if your IP doesn't change frequently in all reality what can be done?
--
Dave said "By the way, 4294967295 is just another way to write -1". |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to Link Logger
Excellent discussion thus far. I would agree that when a cookie is cross linked with personal data then that would be bad. The easy way to deal with that is don't give out your personal information to any site which sells or otherwise cross link your personal data (generally its not a good idea to give out personal data unless you absolutely have to and then only to a highly responsible site). If you have to give out personal data and you suspect the site is bogus, give bogus information as the only thing worse then no information is bogus information. So in short for myself unless some very trusted sites have cough up the pill then its unlikely that my personal information exists in any adware/spyware site. If they did have my email address then any email they send me will be consumed by my ever so hungry spam filters. As for popping up ad-banners based on sites I have previously visited, who cares as I can choose to ignore them as I wish, or I can block that traffic at the firewall for example (and likely pay a performance penalty as its seems that some sites want to persuade you not to block banners or ads).
I think that any company that sells or is otherwise cross linking personal data with adware/spyware cookie companies should be exposed and shot, twice.
Anyone who thinks that cookies should be tossed altogether has no idea as to how the internet works and why cookies are required and I'd like to see PCMag under the artful guidance of Mr. Dvorak eliminate cookies from their site first, good luck.
It would also appear that it is possible to configure just about any browser to reject or otherwise manage cookies, so in my ever so humble opinion anyone who mentions spyware cookies in the same statistic as spyware/malware infections like CWS or keyloggers is likely trying to sell you something based on FUD.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| said by Link Logger :... I would agree that when a cookie is cross linked with personal data then that would be bad. The easy way to deal with that is don't give out your personal information to any site which sells or otherwise cross link your personal data (generally its not a good idea to give out personal data unless you absolutely have to and then only to a highly responsible site).... That's it again. How do you separate the responsible sites from the irresponsible ones? You use cookies.
If a site is setting tracking cookies, that's not a site I'm likely to share anything with. Tracking cookies cut both ways.
--
Dave said "By the way, 4294967295 is just another way to write -1". |
|
antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
| reply to Steve
said by Steve : I pretty much completely agree with this: cookies are very nearly "nothing to think about", Steve ... then it shouldn't matter that I toss 'em almost immediately ... ... my take is simple - the site didn't ask me (directly) if they could plant a cookie, they didn't explain what data they were 'harvesting' or what they planned to use it for, and often the site will work adequately without the cookie - so they (or you) shouldn't mind if I decline the cookie or delete it immediately after leaving the site ... it's no bother to me to clean 'em out, or log in again when I need to ... ... "People who rail against cookies do not belong in the security community." ... that seems a bit harsh, if not absurd ... ... f w i w ... --
... "everybody's somebody to somebody, and nobody to everybody else" ... y.t. ... |
|
Goldengamego
Premium
join:2004-02-22
Okemos, MI
|  reply to Link Logger
Again and again and again.
They are just text files; the websites 'setting' them are not really ever touching your computer in any way. It is simply telling your browser to "help remember this for me" and your browser jots whatever it was down (or a ref ID to it on the server) in a text file aka. the cookie.
They only get what you give them. So don't, or give them BS (I have my Google toolbar preprogrammed with mounds of bogus info for just such occasions).
Who came up with "cookie" anyway? Why not just log or state file?
--
Because Goldengamegod won't fit:p |
|
alien8
join:2004-03-03
UK | "Where did the term cookies come from?":
»www.cookiecentral.com/faq/#1.2
--
Tired of spam? Grab www.spampal.org |
|
steveknj
join:2001-05-09
Old Bridge, NJ
| reply to Link Logger
My rule with cookies, which is something I read on a website like CNET or ZDNET years ago (or maybe in a magazine), is I NEVER accept a cookie from a website that doesn't match the website's domain. For example, if I'm at Yahoo and I am prompted to accept a cookie from yahoo.com, then I will usually accept it. But if I'm at Yahoo, and am prompted to accept a cookie from joeswebsite.com, then I WON'T accpet. With that and running spybot, I have managed to stay generally clean. I have also played around a bit with IE6's cookie settings and they seem to help in websites that require certain odd named cookies in order to load (Excite seems to work in this fashion). All in all, if a website doesn't require a cookie to load, I err on the side of caution and don't load. |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs: 
1 edit | reply to Steve
said by Steve :People who rail against cookies do not belong in the security community. I agree. This is almost like the pursuit of "stealth" in the TCP/IP world. The more you know about TCP/IP the less concerned with stealth you become.
This applies to cookies as well, just insert "cookies" and "Internet Security" in place of "stealth" and "TCP/IP".
--
cat knowledge | grep understanding |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| reply to Goldengamego
said by Goldengamego :Who came up with "cookie" anyway? Why not just log or state file? 1) Because nothing about the semantics of a cookie requires it to be implemented as a 'file'.
2) Because programmers have to talk about this sort of stuff, and 'cookie' has a pretty precise meaning, but 'log file' can mean many different things.
|
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to steveknj
said by steveknj :...if I'm at Yahoo and I am prompted to accept a cookie from yahoo.com, then I will usually accept it. But if I'm at Yahoo, and am prompted to accept a cookie from joeswebsite.com, then I WON'T accpet. I don't want to be botherered with it. I block all cookies till a site *I really want or need to use* indicates that cookies must be enabled for the site to be functional. That just isn't the case for the vast majority of sites I encounter in casual browsing. Of course I block scripts as well so that plays a part. Sometimes a script which has little or nothing to do with site functionality will block your access because cookies are disabled. Disable scripting and access is restored. That is a little too harsh for most folks which is why I like The Proxomitron. I can disable scripting using Proxo filters while leaving it enabled in my browsers for sites where I want or need the functionality.
--
FOUR MORE YEARS!! - of fear. |
|
Jason Levine
Premium
join:2001-07-13
USA
| reply to steveknj
said by steveknj :My rule with cookies, which is something I read on a website like CNET or ZDNET years ago (or maybe in a magazine), is I NEVER accept a cookie from a website that doesn't match the website's domain. You can set IE up to automatically block those. So if you are at yahoo.com, you'll still accept/get prompted for yahoo.com's cookies (depending on your other cookie settings) but that cookie for joeswebsite.com will be auto-rejected.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| reply to Link Logger
A lot of software uses 'unique identifiers' besides web vrowsers. And the credit card in your wallet is a cookie too.
The trick is to link all this stuff together. Log into GMail? Don't bother deleting the Google cookie.
Heck you log into this website too right? |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| I don't have Gmail and never will and never will communicate with anyone having such an account. I value my privacy. I don't ever give Google (of all sites!) a cookie!! Besides the fact that all mail is read by Google and kept by them and used for advertising purposes. It think it awful that anyone would get Gmail. My opnion of those who do drops drastically as soon as I learn that. Information about me could end up in Google's hands no matter what I do if I email someone who then forwards the email without my permission to someone who has Gmail. That is awful. So, I am extremely careful now about email. I hardly use it anymore.
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS
| said by Mele20 :Information about me could end up in Google's hands no matter what I do Too late...? |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
1 edit | said by dave : said by Mele20 :Information about me could end up in Google's hands no matter what I do Too late...? Every breath you take
Every move you make
Every bond you break
Every step you take
I'll be watching you
Sting |
|
foxsteve
Premium
join:2001-12-28
Campbell, CA
1 edit | reply to Link Logger
I have read each post in this thread carefully and paid attention on the strange focus this discussion. The participants as Mele20 consider that cookies are potential spyware and explains why and in what case. The participants as Steve consider that
said by Steve :
People who rail against cookies do not belong in the security community.
i.e. try to suppress discussion.
I think the cookie defender should explain why cookie can be html file, why this file can contain scripts and tags meta, OBJECT, link...
BTW, on my professional WEB Site I do not use cookie - all statistics about my client's interest I get with Webalizer. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to dave
LOL But that is information about Mele20 which is my handle on the internet. There may or may not be information connected to Mele20 (such as my interests, age, etc.) that really is true about the "real" me. When I search the internet for information about myself, not my handle, I find none. That is the information that is important and private and is also the sort of information that until GMail one might put in a personal email to a friend or relative or mentor, etc. and have reasonable expectation that the information would remain between the two of them. (I say "reasonable" because without using encryption that is as much as could be expected and most users won't use encryption).
Now, with GMail, one can find private information that was given in an email to a friend in Google's hands if the friend forwarded the email to their son or daughter, etc. who then was unconcerned about anyone's privacy and forwarded it to someone with Gmail because there was one part of the email that had relevance to the son or daughter it was forwarded to who then forwarded it because of that reference never thinking about the consequences to the original sender of the email to their friend. There are other scenarios for how private information will now be ending up in Google's hands ...real information ...not the sort of information found about someone's handle.
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 |
|
