Tell me more x
, there is a new speed test available. Give it a try, leave feedback!
dslreports logo
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
6705
share rss forum feed

eburger68
Premium,MVM
join:2001-04-28

IE6 and Cookies (Here we go again...)

Hi All:

Although it's been a while, some of you may remember the two long threads from last year in which a number of DSLR members hashed out the new Privacy settings in Internet Explorer 6.0:

"IE6 and Cookies"
»IE6 and Cookies

"IE6 does not handle cookies the same"
»IE6 does not handle cookies the same

A number of good resources resulted from those discussions, including several pages on my web site devoted to IE 6.0...

"P3P & Internet Explorer 6.0 Privacy Info"
»www.staff.uiuc.edu/~ehow ··· nfo2.htm

"Internet Privacy w/ IE6 & P3P: A Summary of Findings"
»www.staff.uiuc.edu/~ehow ··· -p3p.htm

...as well as downloadable files that you can use to configure IE 6.0's handling of cookies:

Internet Explorer 6.0 Resources
»www.staff.uiuc.edu/~ehow ··· rce5.htm

One thing that I never got around to doing during those original discussions, though, was putting together a comprehensive summary of the failings and shortcomings of IE 6.0. With the help of R2, however, I've returned to the question of Internet Explorer 6.0's Privacy settings and its handling of cookies, and finally assembled that summary list of problems with Internet Explorer 6.0. You can find this summary on my Privacy Policy page (which is more of an anti-Privacy Policy than anything else):

»www.staff.uiuc.edu/~ehow ··· #ie6-p3p

The most significant result of this decision to revisit the question of IE 6.0 is that R2 and I were able to gain a better understanding of the Privacy Settings slider bar. In fact, after looking again at Microsoft's (confusing) documentation, we decided that the table that R2 originally put together to document the effects of the various slider levels on cookies...

»IE6 and Cookies

...needed to be re-worked. You can find an updated version of that table on the Privacy Policy page mentioned above.

Once we re-worked R2's table in the light of our better understanding of what Microsoft considers "acceptable" "consent" on the part of web surfers, several important things immediately became clear:

First, the slider bar blocks EVEN FEWER COOKIES than we had originally thought it did. It's even clearer now that the slider bar is without question the WORST method IE 6.0 offers to configure cookies. And yet most users will go for the slider bar because of its apparent simplicity, as well as the vapid, reassuring descriptions it offers for the various slider levels.

Second, the default Privacy settings for Internet Explorer 6.0 are lax and provide no meaningful privacy protection. At the default "Medium" setting, most cookies are accepted, even those from major third-party advertisers and marketers like Doubleclick. Thus, IE 6.0 puts the onus on users (not the web sites) to put a stop to privacy invasive practices of web sites. And to take back their privacy, those users -- who might have initially thought IE 6.0 would significantly improve their privacy protection straight "out-of-the-box," given all the hype -- will have to figure out IE 6.0's complicated Privacy settings themselves. And just how clear and helpful are those Privacy settings? Not very.

Third, the Privacy Settings slider bar treats opt-in and opt-out policies *identically.* With but two exceptions, IE 6.0 regards both opt-in and opt-out provisions within compact policies as sufficient "consent" to classify the compact policy as "acceptable" or "satisfactory," even when "personally identifiable" information is used. This is a *major* concession to the online marketing and advertising industry inasmuch as it effectively values the commercial needs of marketers and advertisers over the privacy of web surfers. (The two exceptions are at the "High" level in first-party and third-party contexts, and the "Medium-High" level in third-party contexts.)

Fourth, the privacy levels used by Privacy Settings slider bar provide less useful control over third-party cookies than they could or ought to. The handling of cookies from major third-party advertisers and marketers like Doubleclick (who will almost always have "acceptable" compact policies) is especially problematic. With the Privacy Settings slider bar, there is no way to block these cookies (or even "downgrade" them to session cookies, rendering them worthless for the marketers involved) except by choosing the "Block All" setting, which for most users who surf the net is not a viable option.

What Microsoft's reasoning for this arrangement might be is puzzling, as third-party cookies almost never provide web surfers with direct, substantive benefits; they are almost exclusively designed and used to benefit marketers and advertisers. (And, no, "personalized" advertising and direct marketing do NOT count as significant benefits to the end user or web surfer.) To the skeptical, it would at least appear that IE 6.0's Privacy Settings slider levels were explicitly designed to protect the cookies of major third-party advertisers and marketers like Doubleclick.

Fifth, IE 6.0's reliance on P3P compact policies strongly suggests that the mere existence of privacy policies is the most important standard in determining how privacy friendly a web site is. Thus, IE 6.0 paradoxically presents major advertisers and marketers like Doubleclick -- who will almost always have "acceptable" compact policies -- as more privacy friendly than small web sites that collect very little if any data at all about users but who don't have compact policies. Strange days indeed on the increasingly corporatized WWW.

There are still more reasons to doubt the efficacy of Internet Explorer 6.0's Privacy protections, and you can find them detailed on my newly revised Privacy Policy page:

»www.staff.uiuc.edu/~ehow ··· #ie6-p3p

By the way, that page discusses corporate privacy policies and the use of privacy seal programs more generally, and it even includes a gloss of Yahoo's latest privacy policy.

Internet Explorer 6.0's Privacy settings are complicated and confusing, so please don't hesitate to ask questions about any of this new material on IE 6.0. Hope you all find it interesting and useful.

All the best,

Eric L. Howes

Harold7

join:2002-01-31
Plattsmouth, NE
Interesting reading... I use IEClean 6.0 to manage security for IE 6.

It controls everything to do with IE 6 privacy, cookies etc., I hardly trust my security and personal information to M$, so IEClean takes that worry away.:)


gt7697c
Premium
join:2001-02-16
The Hive
reply to eburger68
What happens if you override automatic cookie handling, and then override cookie handling for individual Web sites.

Will cookie handling for individual Web Sites still work????
--
Just my 2 bits.


gt7697c
Premium
join:2001-02-16
The Hive
reply to Harold7
Harold7, can you provide a link to that program. I would like to read more about it. Thanks.:)
--
Just my 2 bits.

dangme

join:2001-09-15
San Francisco, CA
reply to eburger68
I have opted to enlist an app called Cookie Pro to handle my cookies and Norton Internet Security to handle privacy settings. Yes, it's more expensive, but both programs work extremely well, giving me peace of mind without having to delve in to all the documentation that eburger68 was magnamimous enough to provide.

As far as I can tell, my Internet security settings are safe. Anybody know of a good site to test settings to make sure I don't have a false sense of security?

eburger68
Premium,MVM
join:2001-04-28
reply to gt7697c
gt7697c:

You asked:

said by gt7697c:
What happens if you override automatic cookie handling, and then override cookie handling for individual Web sites. Will cookie handling for individual Web Sites still work????
Yes, that is one viable strategy. The conclusion of the IE6-P3P section of that document mentions three different alternatives to the Privacy Settings slider bar:

1) override the default Privacy settings with the Advanced Privacy Settings (ideally with all third-party cookies blocked) and then add trusted web sites either to the Per Site Privacy Actions box or the Trusted sites zone;

2) employ custom block lists to load known advertisers, marketers, and purveyors of spyware into the Restricted sites zone;

3) use free, third-party filtering software, such as ad blockers, cookie crushers, and pop-up stoppers.

Hope that helps.

Eric L. Howes


gt7697c
Premium
join:2001-02-16
The Hive

You da man!!!! Thanks!!!!:):):)
Implementing it as soon as I finish typing.

Edit

Where does one get the customize cookie block list of web marketers????
How does one import that list without having to manually type it in????
--
Just my 2 bits.

[text was edited by author 2002-04-02 22:01:14]

eburger68
Premium,MVM
join:2001-04-28
reply to dangme
dangme:

You asked:

said by dangme:
Anybody know of a good site to test settings to make sure I don't have a false sense of security?
You can links to a number of sites that will test ad blocking, active content filtering, and general browser privacy on this page:

»www.staff.uiuc.edu/~ehow ··· fo17.htm

Best,

Eric L. Howes


cjsmith
Premium
join:2000-11-03
Villa Rica, GA

Egads Eric.. You have done it again.. I must seriously consider the installation of IE 6, since I have reviewed those threads initially as they were in progress. Yes I have been hesitant, and I have often pondered the install upgrade from 5.5 SP2 to 6.0, but...

Eric have you heard anything in relation to Microsoft releasing an SP package to rectify the IE6 shortcomings?

Thank you and "R2" for both the time and diligence that went into this remarkable insight to the MS IE6 mystery.

As far as third party apps of course I use the "p" word. /*Shameless Plug*/ ad blocker, cookie crusher, and pop-up stopper all rolled in to one and much, much more!!!
--
ZXList | Computer Cops | Proxomitron Discussion



[text was edited by author 2002-04-03 02:35:34]

eburger68
Premium,MVM
join:2001-04-28
reply to gt7697c
gt7697c:

You asked:

said by gt7697c:
Where does one get the customize cookie block list of web marketers????
How does one import that list without having to manually type it in????
Well, there are two different "lists" you can edit.

First, you can add sites to the Per Site Privacy Actions list on the Privacy tab. You can export that list from the Registry and then add to and edit it from there. To help you along I added two sites to my Per Site Privacy Actions list and then exported it:

this-is-allowed.com (Allow)
this-is-blocked.com (Block)

What follows is the complete Registry file for the resulting Per Site Privacy Actions list:

-----snip-----------
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\this-is-allowed.com]
@=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\this-is-blocked.com]
@=dword:00000005
-----snip-----------

Watch the wrap on some of those lines -- everything between [ brackets ] is one line.

As you can see, a value data of 1 = "Allow" and a value data of 5 = "Block."

If you need more info on this, see this thread:

»Add another security zone to IE6?

...where R2 discusses a number of different IE 6 Registry settings, including the one above.

Now, you can also add sites to the Restricted zone (where cookies are always blocked). There's a pre-made list of known advertisers and marketers for the Restricted zone here:

»www.staff.uiuc.edu/~ehow ··· #IESPYAD

Hope the above helps.

Eric L. Howes

eburger68
Premium,MVM
join:2001-04-28
reply to cjsmith
cjsmith:

You wrote:

said by cjsmith:
Eric have you heard anything in relation to Microsoft releasing an SP package to rectify the IE6 shortcomings?
I haven't heard a thing about a specific fix for shortcoming in IE 6.0's Privacy settings. I have heard that there is a SP1 in the works, but I don't have specifics. I do look forward to it, as IE 6.0 has strange effects on ZIP drives in Windows Explorer (won't completely refresh when you take one out and put another one in -- the directory contents of the previous ZIP disk still show until you close and reopen Windows Explorer).

said by cjsmith:
Thank you and "R2" for both the time and diligence that went into this remarkable insight to the MS IE6 mystery.
It's been an interesting couple of days. I always wanted to revisit the question of IE 6.0 because I've had a nagging sense since last fall that we never quite finished the job. Still haven't now, but we're closer.

All the best,

Eric L. Howes

eburger68
Premium,MVM
join:2001-04-28
reply to gt7697c
gt7697c:

You asked:

said by gt7697c:
Can you provide a link to that program. I would like to read more about it.
Here's a link to IE Clean:

»www.nsclean.com/ieclean.html

By the same folks who make BOClean, the anti-trojan app.

ELH


cjsmith
Premium
join:2000-11-03
Villa Rica, GA
reply to eburger68
Thank you this thread is "Marked" accordingly!


gt7697c
Premium
join:2001-02-16
The Hive
reply to eburger68
Nope don't think I will be trying IE Clean any time soon. Most of it what it does I already have on my system. Either in O/S or through a third party app.

Thanks for IE-SPYAD.
--
Just my 2 bits.


Time Out

@tnt6.myrtle-beach.sc
reply to eburger68
Eric,
It is not cast in concrete..but the lid is on the box.
Do you have any comment or information to share?????
__________________________________________________________

The Platform for Privacy Preferences Project (P3P) enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit.

The Draft
»www.w3.org/TR/2001/WD-P3 ··· 0010928/
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification
W3C Working Draft 28 September 2001

The Latest
»www.w3.org/TR/P3P/
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification
W3C Proposed Recommendation 28 January 2002

One of the products.

»www.alphaworks.ibm.com/t ··· 3peditor

Update: February 21, 2002
Bug fix for compact policy generation; files generated are now compatible with the P3P Proposed Recommendation.
What is P3P Policy Editor?
The IBM P3P Policy Editor is a visual tool, with an easy-to-use interface, for creating a Web site's privacy policy in the P3P language, which can be interpreted by Web browsers and other user agents that support the Platform for Privacy Preferences Project (P3P) specification from the W3C. P3P allows users to automate the acceptance or rejection of a Web site's requests for information, based on user preferences set in browsers or client devices. Users are assured that their privacy is protected without having to read each Web site's privacy policy.

Comments on P3P-Policy-Editor
»www.alphaworks.ibm.com/f ··· Document

"Another Microsoft con"

"Why bother with this java platform ? microsoft do not support it and they WON the browser war people."

Opt-out
"When using the template that collects user information for contact details I cant find anywhere to select and Opt-in or Opt out option for that data collection as I need to specify for 3rd party cookies.

Do I need to manually change the compact policy adding 'i' or 'o' to each entry."

__________________________________________________________--

Thanks you for all your information>

OFP_Guba$

join:2002-02-27
SE
reply to eburger68
If you want to solve your cookie problem you can start
using a browser that support cleaning of cookie/cache/URL history, when the browser is closed down!

»www.crazybrowser.com is one alternative. Another is
"my IE browser" that can be found at.
»www.webattack.com/Freewa ··· er.shtml

Both is built upon MOZILLA so there is no compatibility problem, supports WIN UPDATE & HTTPS for example.

Here are some of the features of the crazybrowser! (My IE is similair)!

* Security: This has full support for P3P privacy notifications and zone-based security assignments, are very easy to operate.
* Can be set to clear the cookies,cache...etc when browser is closed.
* Built in Popup Filter/Stopper: Annoying ad windows can be removed automatically.
* Browser Tab Interface: Web pages are organized on tabs to prevent your screen from getting cluttered. Browser tabs may be aligned at the top, the bottom, the left or the right of Crazy Browser and may be displayed on either one or multiple rows. (This feature alone makes it worth downloading, if you ever try surfing with TABS you will not live without it again)
* Multimedia Data Loading: Easy Turn off loading of multimedia data on/off with just one click.
* Multiple Engine Searching: Crazy Browser comes with many preconfigured search engines, but you can extend it to use your own.
* Works great with HTTPS services, 128 crypthations.
* It is faster than IE.
* Works with Windows update.
* Absolutely Free and NO SPYWARE or ADWARE.

I guess this was the way IE was supposed to work

Try one of these browsers and your cookie and other Microsoft security problems are long gone!

DenFortapte

join:2002-01-25
reply to eburger68
Hi folks,
I have always used CookiePal to manage my cookies - because I like the program . It reads the cookie alert window's caption. After the last update (MS) My Danish caption contains about the whole FAQ about cookies and there is no way CookiePal can capture the whole string. Leaving it hopeless unuseful. Where is this string located? Anybody know? I have searched for it as ascii string in all files on my computer, but can't find it. Meanwhile I have tried every cookie program I can think of, but none of them are able to catch anything anymore. Now I use Proxomitron's cookie function, but I don't like it, even though I love the rest of proxomitron

Arne
Proxomitron Forum
»asp.flaaten.dk/pforum/


R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
kudos:1
reply to eburger68
Thanks for bring this up again -- although it causes my head and neck to have random twitches and spasms just thinking about it!:) Wading through all that garbage was quite challenging. This is a perfect example of a simple idea -- improving privacy control -- can have a disastrous outcome if you put enough people to work on it.

What the W3C and MS have separately and sequentially created has got to be one of the most confusing, user-unfriendly arrangements possible. I am not sure anyone could create something more obscure or unintelligible for the average web surfer. And then Microsoft packages all this behind something with beautiful simplicity -- the infamous Privacy Slider. Dang, that looks SO easy! Just slide it up, and you get more privacy. NOT!:)

The reality is that the number of cookies that are actually blocked when moving the slider from Medium to High is essentially unmeasurable. This is for various reasons -- primarily the incredible laxity of the "acceptance" policies at each slider level -- but also due to the fact that the majority of third-party advertising web sites can easily make a Compact Policy that Microsoft will ALWAYS consider acceptable. The result is, NO site will EVER be stupid enough to make a Compact Policy that is unacceptable, so ALL third-party sites can use cookies!

The overall effect is to give the users the illusion of Privacy Control, while giving third-party advertisers carte blanche to set and retrieve cookies -- and your data. The winners in this arrangement are quite obvious.

While using a different browser is good for some people, the reality is that IE is the dominant browser on the market -- so we must learn to live with it. Many of us may not have a choice -- due to business constraints, etc. I also have no insight into any modifications being made in SP1. However, given the minimal level of complaints about the IE6 Privacy Slider (present company excluded), I doubt Microsoft sees this as a problem. I think in general the wool has been pulled over most people's eyes and it remains securely in place.
________________________________

All this being said, what do I do? I have an imported XML file that is my first line of defense. You can find out about how to use these in one of Eric's links above. He has done a superb job of creating a huge collection of XML files that you can download and use. I highly recommend any one who is serious about privacy to at least consider this option.

Next, I have AnalogX's CookieWall as a second line of defense. Why? Because my computer is not used just by me. My family members are all adept at adding sites to the Trusted zone (they use the buttons). Therefore, CookieWall lets me quickly see what made it through my XML import settings.

Regardless, I believe a cookie program (such as CookieWall, Jason Levine's CookieJar, and CookiePal) is still a VERY viable means to control cookies. If you *only* plan to use the 'slider' for privacy control, then a cookie program should be considered essential.

DenFortapte, I know of no program that reads the cookie alert window caption -- but I have never used CookiePal. One would think that CookiePal would update their product to fix this anomaly. (?)

Lastly, other full-featured 'blocking' or 'screening' programs like Proxomitron would be considered an excellent choice as well. The point is, you need to do something other than rely on the slider. Anything is better than that.

eburger68
Premium,MVM
join:2001-04-28
reply to Time Out
Time Out:

You asked:

said by Time Out:
Eric,
It is not cast in concrete..but the lid is on the box.
Do you have any comment or information to share?????

Thanks you for all your information>

Errrm...I guess I'm not sure sure just what you wanted me to comment on. The latest draft of P3P? IBM's P3P Policy Editor (which I haven't had time to play around with)? The comment about this being just "another Microsoft con"?

One observation about these policy editors: having looked at a few of them, I note that so many of them are presented as simply tools to generate yet another web page element that will allow cookies to be accepted by IE 6.0 users. In other words, IE 6.0's implementation of P3P is regarded as just another low hurdle on the way to setting cookies on users. The problem is presented as one of generating a compact policy that will allow the cookies to be set, not as one of a company's underlying privacy practices.

But those are just random observations.

Eric L. Howes

jacour
Premium
join:2001-12-11
Matthews, NC
Reviews:
·voip.ms
·Time Warner Cable
reply to eburger68
Some cookies are good so it is nice to have a solution that allows some, but not all, cookies. CookieWall is a nice little freeware program that puts cookies into one of three categories: Delete, Keep, or New.

As new cookies arrive, you decide whether to keep them or not. If you decide not, all future cookies from that site are automatically sent to electron hell. If you decide to keep, it does nothing. Presently, I have kept 35 and have 384 set to delete and CookieWall has killed almost 4,000 cookies since the last time I reset the statistics.

True freeware, no nags, no anything, well behaved, less than 100K. Get it here:

www.analogx.com

They have other cool, and free, stuff too. Check out POW! which does the same for those annoying pop-up windows.


Sentinel
Premium
join:2001-02-07
Florida
kudos:2
reply to R2
Thanks so much to R2 and Eric for hashing this out for us. I remember going over all that back then and I got lost in the first round. I appreciate all the work that was done and I know others do as well.

I love having the ability to control how IE 6 works with no third party programs necessary. I now prefer IE 6 over older versions because using these XML files I have more control over what goes on behind my back.

Thanks guys.
--
AL


cjsmith
Premium
join:2000-11-03
Villa Rica, GA
reply to eburger68


Eric I was just browsing and I had come across this XML file that is to be used for data protection purposes. Of couse this program is only good for IE6. I just thought that you might want to take a look at it being how you are now once again atuned to IE6 privacy settings.

The name of the XML file is:

Dataprotection settings on Internet Explorer 6.0

Here are a couple of paragraphs as take from the web page itself:
  • For a simple dataprotection configuration you have the option to import the dataprotection settings as file.

    Our configurationfile will make your browser accept Cookies just for the current session. Hence, if you visit the homepage once again you will not be recognized.
    These settings will prevent Cookies from being saved on your harddisk but since Cookies are accept for a short time, you can still access these websites normally....



Why aren't the builtin capabilities good enough to configure IE?
  • The decision to accept or reject a Cookie in Internet Explorer 6.0 is based on what the cookie setting party does with the collected data. Or more precisely, what they declare to do with the data.
    This declaration is made in a machine readable Privacy-Policy (following the P3P-standard). That policy is downloaded from the respective website and compared to the users's preferences.
    Unfortunately this preferences can only be set quite coarsely with the Internet Explorer. There is only a ruler with these positions:

    • Accept all Cookies.
    • 4 levels from "high security" to "low security"
    • Reject all Cookies.


One might assume that Cookies from advertising companies are blocked on level "high security" - but it isn't so.
The Cookies of one of the most known web advertisers are still accepted without acknowledgement. The reason is simple. For the decision to accept a cookie it is most relevant whether a provider collects personal data, like name, address etc. , or not. Advertisers claim to collect data strictly in referece to a pseudonym and not to a real person. Anyway, users will be recognized whenever they visit a site that belongs to the advertisers customers.

A excerpt of user information collected by the above mentioned advertiser:
Information about your financial situation (account balance, behavior to pay bills),
membership of parties, clubs, religious groups, unions,
information regarding mentally and physically health, sexual likings, buying products of public health.
In the Internet Explorer you can view the P3P-Policy of a website in plain text if that website has a P3P-Policy. Just select menu item "View/Dataprotectionreport...".

Here is the ie_privacy_file.xml file if you want to take a peek.

Here is the direct link to the web page:

»anon.inf.tu-dresden.de/i ··· _en.html

Regards,

-cj.-
______

--
ZXList | Computer Cops | Proxomitron Discussion


gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1
reply to eburger68
Of course, using an application like Proxomitron, it's possible to force all cookies as "session only", which is generally all you need for functionality on your non-trusted sites, and then set the privacy policy, manually, to prompt for persistent cookies, reject all third party cookies, and allow all session only cookies. Still not perfect, but it actually adds some meaningful substance to the otherwise, I quite agree, rather vacuous settings...
--
Aye, sun and moon and star, all,
And further add to that
That, being dead, we rise,
Dream and so create
Translunar paradise.

eburger68
Premium,MVM
join:2001-04-28
reply to cjsmith
cjsmith:

You wrote:

said by cjsmith:


Eric I was just browsing and I had come across this XML file that is to be used for data protection purposes. Of couse this program is only good for IE6. I just thought that you might want to take a look at it being how you are now once again atuned to IE6 privacy settings.
Thanks for the link. I'm familiar with the JAP page -- surprised I didn't see that one.

The file they offer is similar to several of the XML files we put together last fall in the XML-Menu package that you can download here:

»www.staff.uiuc.edu/~ehow ··· tm#files

Their file downgrades all first party cookies in the Internet zone to Session cookies and denies (blocks) all third-party cookies. It allows Session cookies in first-party contexts and denies them in third-party contexts.

XML-Menu has a number of similar files (see the 4*.xml and 4*-s.xml files in sets 1 and 2), but the XML-Menu files configure the Trusted zone as well. Plus, XML-Menu gives you 100 different settings combinations to choose from, not just one. (If 100 seems a little overwhelming, there's a "short menu" of six recommended files to choose from.)

Interesting, nonetheless, to see other folks implementing custom XML Import files, though.

Best,

Eric L. Howes


cjsmith
Premium
join:2000-11-03
Villa Rica, GA

reply to gwion
Proxomitron? Go figure?

gwion or Eric (I think you are familiar with Proxomitron) while 'we' have your undivided attention...

I have often thought of using IE6 along with Proxo, but I am so familiar with IE 5.5 sp2 and am accustomed to it's setting that I have sort of postponed the IE6 install, especially in light of the discoveries noted by R2 and Eric within those archive threads, oh not so long ago!

Why wouldn't I be able to install IE6, and have a small XML from Eric's site included, and use it alongside Proxo? Wouldn't this also be the same as having an 'extra' layer of security? What would be the significance or redundancy by going with the XML import, IE6, and proxo as opposed to your suggestion as noted in your previous post within this thread?

TIA
[text was edited by author 2002-04-04 07:43:06]

eburger68
Premium,MVM
join:2001-04-28
cjsmith:

You asked:

said by cjsmith:
Why wouldn't I be able to install IE6, and have a small XML from Erics site included, and use it alongside Proxo? Wouldn't this also be the same as having an 'extra' layer of security?
That sounds like a plan to me. IE 6.0 isn't without potential. It's all a matter of abandoning the P3P-based Privacy Settings slider bar and moving on to something else (the Advanced Privacy Settings, custom XML Import files, a third-party utility -- something). Once you adopt another strategy, then you're in good shape.

Best,

Eric L. Howes


cjsmith
Premium
join:2000-11-03
Villa Rica, GA
said by eburger68:
cjsmith:

You asked:

said by cjsmith:
Why wouldn't I be able to install IE6, and have a small XML from Erics site included, and use it alongside Proxo? Wouldn't this also be the same as having an 'extra' layer of security?
That sounds like a plan to me. IE 6.0 isn't without potential. It's all a matter of abandoning the P3P-based Privacy Settings slider bar and moving on to something else (the Advanced Privacy Settings, custom XML Import files, a third-party utility -- something). Once you adopt another strategy, then you're in good shape.
Thank you Eric...Well, it looks as if I am about to take the dive. I shall take "another" peek at the XML files that you have posted on your site that I can use to integrate with The Proxomitron, Zhen-Xjell's ZXList, and IE6.

==> Of course this will involve another trip back here as well.

Regards
--
ZXList | Computer Cops | Proxomitron Discussion


Time Out

@tnt6.myrtle-beach.sc
As all this progresses...some of you might also want to keep an eye on SOAP.
»lists.w3.org/Archives/Pu ··· 022.html

___________________________________________________________
Alteration of data schema semantics of P3P. Preliminary investigations have shown that the existing data schema semantics can be significantly improved.

Development of the possibilities of P3P as a distributed web service, as well as a client application. We wish to investigate how P3P works as a proxy service and especially the commercial implications of this, in terms of consumer confidence in trusted 3rd parties. Also, the possibilities for using the new SOAP »www.w3.org/TR/SOAP/ protocol to create a highly distributed version of P3P. For example, the creation of an APPEL evaluator class as a web service.

Use of the P3P protocol to cover communication protocols other than http. E.g. smtp,nntp.

»p3p.jrc.it/aboutthisproject.php


R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
kudos:1

reply to cjsmith
CJ, the XML file from that site is this:

<MSIEPrivacy>
.<MSIEPrivacySettings formatVersion="6">
..<p3pCookiePolicy zone="internet">
...<firstParty noPolicyDefault="forceSession" noRuleDefault="forceSession" alwaysAllowSession="yes" />
...<thirdParty noPolicyDefault="reject" noRuleDefault="reject" alwaysAllowSession="no" />
..</p3pCookiePolicy>
.</MSIEPrivacySettings>
.<flushCookies />
</MSIEPrivacy>

As Eric stated, this only addresses the Internet zone -- not Trusted sites. For First Party cookies, ALL are "forced" into being session cookies (they will not be written to your hard disk). Session cookies themselves are allowed. Third party cookies -- session and persistent -- are rejected outright. Any cookies that are on your computer when you install this are wiped off ("flushed").

This is not bad, but since it neglects the Trusted sites zone, it is much more limited than the ones Eric created. Personally, I don't want third-party cookies in either zone, so Eric's files are more complete.

I do agree with that page's viewpoint. In reality the slider has two positions that look like six. Either you block all cookies, or you accept all cookies. No site is stupid enough to write a P3P Compact Policy that IE6 will block! Why would they? Oh yeah, maybe they don't want you to receive their cookie -- sure. And maybe advertisers are honest -- sure. The key point is to NOT trust the slider.

There is no reason that I can see as to why you could not use an XML file in addition to Proxo. I use an XML file and CookieWall.

[text was edited by author 2002-04-04 14:25:05]


cjsmith
Premium
join:2000-11-03
Villa Rica, GA

R2:

Okay the IE 6 install is completed. I am a just a tad bit leary here, so as a start until I can configure IE 6 to my own personal tastes can you please point me to the XML import file that "you" are using?

There are three sets available, two of which are attributed to yourself as taken from the xml-menu.txt file?
  • *****************************************
    * Set # 1 (restrictive session cookies) *
    *****************************************

    Note: alwaysAllowSession="no" for both zones in first-party and third-party contexts. This
    option forces ALL session cookies to be evaluated in the same way as persistent cookies.

  • **************************************
    * Set # 2: (liberal session cookies) *
    **************************************

    Note: alwaysAllowSession="yes" for both zones in first-party contexts only. This option
    unconditionally permits session cookies in first-party contexts. Third-party session
    cookies are still evaluated in the same way as persistent cookies.


This shall provided ample enough time for me to explore Eric's site in a more detailed fashion that I may find my own comfort zone.

BTW: By default I had noticed that the "enable install on demand [Other]", and the "Enable third party browser extension" radio button are activated? MS Security? Oh the irony...

Thank you,

-cj.-
_______
--
ZXList | Computer Cops | Proxomitron Discussion


[text was edited by author 2002-04-04 15:33:23]