OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Valdis.Kletnieksvt.edu
Date: Mon Nov 12 2001 - 12:14:44 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri, 09 Nov 2001 21:20:29 EST, Oliver Petruzel <opetruzelcox.rr.com> said:
    > This brings to mind a question: has anyone collected a list of the most
    > revealing KNOWN cookies in the wild? Is there a resource (site)
    > available with a list for me to use in order to perhaps blacklist the
    > URL's personally? I often find myself studying my local cookies and
    > have noticed repeat offenders from very popular sites that I avoid now
    > because of this; and I believe such a public list would serve as a way
    > to prevent cookies from becoming too powerful or revealing. A cookie
    > reporting service possibly. Anyone with a link for this if it already
    > exists or with the energy to compile it yourself, go for it, and plz let
    > us know.

    A far better approach is to use software that blocks *all* cookies, and
    then have an exemption list for those sites that *YOU* visit that specifically
    need cookies in order to function.

    Remember - cookies as data harvesting tools only work because a large
    percentage of people allow cookies. If the *default* behavior of people
    was to tolerate only cookies that allow (for instance) session management
    of a single visit, or only retain very basic cross-session information,
    then the site operators wouldn't have much reason to use cookies.

    Something that's a *bigger* issue is probably the infamous "web bug", which
    usually shows up as a 1x1 transparent pixel. Now *THERE* is a area where
    a "black list" might be more useful (because you can have an <IMG> tag
    that points off-site to a tracking service, where the user may have
    said "only allow cookies from this server").

    There's Unix software for all this at www.junkbuster.com. I have *NOT*
    tried their Windows software. It's not a *total* solution, but it's
    a start. 

    -- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

    -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Exmh version 2.5 07/13/2001

    iQA/AwUBO/ARlHAt5Vm009ewEQJLKgCgn/JqpbJNxVvgm+1+JcfO6hYK/5AAoOdQ CS67ZvYU6iHOC7AjGWeDdTBp =9MA4 -----END PGP SIGNATURE-----