Hacker News new | comments | show | ask | jobs | submit login

This revelation should be front page on every newspaper. That IT companies have been hiding these things inside our computers is a violation of our privacy, even our property rights. How muck electricity has been used by these things, electricity I pay for. Either Google needs to reimburse me for hosting their "cookies" or we need to ban cookies altogether.


How do you think HN logins work? Cookies are the basis of session management. If you don't want to store cookies for Google, don't. It's a feature right there in your browser.

There are lots of shady tracking systems in the world and cookies aren't one of them: they are clear, user-visible, and in the user's direct control both in theory and in practice.

Tor isn't relevant to this. If you're using Tor to block cookies you're Doing It Wrong.

Cookies are the basis of session management.

They are one technique. In, oh, 1996, we did this by simply generating a unique URL for each user. If you wanted to stay logged in you bookmarked it, and if you didn’t you... didn’t. It was right there to see in the address bar as well, no sly hiding it in HTTP headers.

FWIW, cookies started being used for session management in 94. The privacy debate about them was going strong by 96.

> In, oh, 1996, we did this by simply generating a unique URL for each user.

That's certainly one way to do it, but you're not saying it's convenient or great for privacy, right? If the URL is the auth token, then there's no security. Typing URLs, sharing URLS, and bookmarking (logged in, logged out, shared links, server side rendering), all get problematic.


So are you always simulating someone who knows nothing about anything but still thinks something should be done about it, or just in this post?

Since you're proposing banning cookies altogether and I've written a few authentication pages in my time and cookies seem to me to be rather important for managing sessions for users so that they can log in successfully to a web page, can you propose what we should use instead of cookies for boring old session handling?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact