Site Privacy issues

From: vrs <>
Date: Fri Sep 17 10:06:28 2004

> I don't know, it just seems that it's people who either don't understand
> how web browsers and non-static sites work, or relative newbies to the
> Internet, seem to shout and rave about cookies "OMG, that site sent me a
> *cookie*! I'm being hacked! They're going to steal my credit card
> number and my pr0n stash!"

I'm going to jump in here (hopefully briefly). I am not a fan of cookies,
and run with them turned off by default. I am also a user of cash, for many
of the same reasons.

I'd like to draw an analogy between cookies and meatspace transactions.

When I go into a a store to buy something, I like to whip out my cash, pay
for the item, and be on my way. I am not interested in forming a
"relationship" with the shipkeeper. Likewise, I like my web browsing to be
quick and anonymous, unless there is a good reason for the interaction to be

To me, cookies are the web equivalent to those obnoxious shopper cards that
have been all the rage lately with store owners. Now when I go to buy
coffee at the store, the clerk asks if I have a store card, even though (or
especially because?) I am paying in cash. If I don't have one, (s)he
immediately offers me one.

Why does (s)he do this? Is it because they want to identify repeat
customers, and offer them all kinds of discounts? No. That might be why
customers do it, but it isn't why stores do it. (S)he does this because the
store wants to de-anonymize the transaction. They want to track my buying
habits and offer customized advertising (not to me, to the advertisers!), in
the form of coupons on the back of the sales slip, junk mail, and (in the
case of Safeway and Amazon, at least) later when I browse the web.

This is the real reason many sites want to place a cookie -- they want to
identify me, profile me, and offer me tailor made propoganda for a variety
of causes. This always sounds like a great idea to them. No thanks.

I am also aware that transparent GIF images and other technologies replace
cookies, and are much more difficult to suppress.

> Pretty much any site that does anything "cleverer" than serve up static
> pages is going to need some means by which the server can keep state -
> HTTP doesn't really have a mechanism for this, since the connection is
> closed once the page has been sent. Now, if you want the server to have
> some idea of where a given client has come from *within your own site*,
> you can either fake it with hidden form fields (not always possible, but
> worth a try), a big long identifier in the GET request (ugly, and prone
> to error), or use a cookie. It's not a fantastic way of doing it, but
> it's the "least worst" in the absence of properly stateful connections.

The number of sites that need to do anything "cleverer" than serve static
pages is quite small. If I am actually going to do business with a web site
(and I do, with a few), then I will turn on cookies, etc.

My especial peeve is with the sites that really are only serving static
pages, but want to place a cookie anyway. There is no good reason why I
should want them to do this.

One of the assumptions that lurks behind this mindset is that, although our
needs converge on a particular interaction, it is important to remember that
others have their own interests at heart, not mine (rightly so), and that
their interests and mine will frequently be in conflict.

To summarize, I think of cookies like those store cards, and refuse them for
a lot of the same reasons.

> Just to give you some
> frame of reference, I am probably around the young-to-median point of
> the age range of this list (actually, what *is* the age range? It would
> be interesting to know) - old enough to remember the days before
> sub-?100 home computers, and *just* old enough to fondly remember
> Honeywell CP-6 at university.

Late 40s, myself. Don't know, but from the small sample I have, that puts
me within a few years of a lot of others.

Received on Fri Sep 17 2004 - 10:06:28 BST

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:37:30 BST