Cookies are all under your control. This is a lot more than you can say about all the rest of the data that is collected about you daily. For people who are concerned about this sort of thing, there are plenty of tools manage cookies to a policy of their choosing. The fact that cookies are automatic just mean things are convenient enough to be useful for average people. If every site required an account that had to be logged in to every time you visited it, you wouldn't fundamentally have any more privacy, you'd just be a lot more inconvenienced.
The bottom line is that if you want real privacy you have to know what you're doing every step of the way and you have to work at it (a mountain cabin off the grid is a pretty good start). On the Internet you already have an advantage over any physical world transaction. Finding unsecured wifi where no one knows you is already more work then clearing your cookies.
Philip Greenspun was referring to the OPS (Open Profiling Standard) and OSCC (Open Standard Content Cookies) cookies . These were browser stored cookies that could not be bypassed. The theory behind these were that every browser had an ID, and that ID could be tracked for profiling purposes without compromising privacy. That magic cookie would be sent to every site so that cross-domain sites in the same network could establish the browser as the same surfer.
archive.org is down for maintenance, but, http://developer.netscape.com/ops/proposal.html is the original proposal. developer.netscape.com is no longer online and mozilla.org never received permission or wasn't able to resurrect the site.
The article says "Revised (lightly) July 2003" but it seems nearly identical to what I remember reading in the book in his 1999. For me, the thing I took away from it, back in 1999, was that privacy on the Internet was limited - it belonged only to those who were willing to jump through considerable hoops to get it. A few things, which Greenspun almost accidentally mentions in another of his essays, aided privacy in some contexts, especially multiple people getting grouped behind one IP address, via NAT or many other gateway interfaces. But the overall trend has been toward less privacy, since the mid 90s.
It is interesting to think of the degree to which privacy has survived in some contexts, since its funeral ode was written 10 years ago.
The nice thing is that browsers provide good control for managing one's cookies, and browsers like Safari ship with pretty sensible, user-friendly defaults (block cookies from 3rd party sites).
The current privacy Valdez is flash cookies, which are shockingly ubiquitous. You can't clear them easily (clearing browser cookies won't work) and they bypass browser cookie defaults. I polled a lot of developers and just about every single one of them had no idea about them -- and if that demographic is oblivious to them, imagine the rest of the population.
After I installed NoFlash in Firefox, I was surprised at how many sites have the Flash cookie thing. I never knew :)
Personally, I don't really care about the tracking all that much. I'm extremely boring :) Which is why these cookies persist. I think most people simply don't care, even if they know about them. The only reason I block Flash is because it crashes Firefox on a regular basis.
alias playFlash='chmod 777 ~/.macromedia/Flash_Player/\#SharedObjects'
alias clearFlash='rm -rf ~/.macromedia/Flash_Player/\#SharedObjects/*'
alias stopFlash='chmod 555 ~/.macromedia/Flash_Player/\#SharedObjects'
The article seems rather old but the basic concepts are still applicable. Just clear your cookie cache periodically, preferably after each browsing session.
This is an important concept that is easy to forget. I would be interested to learn about technologies that could address magic cookie privacy concerns without requiring cookies from being periodically deleted.
I hope a major privacy violation will not be necessary to bring mainstream attention to this issue.
I agree. I had it ask me every time for a while but it was too frustrating. Many sites ask to set five or more cookies because of the different ad providers they use.
Now I just clear the cache and cookies every time after I am done browsing.
Cookies are all under your control. This is a lot more than you can say about all the rest of the data that is collected about you daily. For people who are concerned about this sort of thing, there are plenty of tools manage cookies to a policy of their choosing. The fact that cookies are automatic just mean things are convenient enough to be useful for average people. If every site required an account that had to be logged in to every time you visited it, you wouldn't fundamentally have any more privacy, you'd just be a lot more inconvenienced.
The bottom line is that if you want real privacy you have to know what you're doing every step of the way and you have to work at it (a mountain cabin off the grid is a pretty good start). On the Internet you already have an advantage over any physical world transaction. Finding unsecured wifi where no one knows you is already more work then clearing your cookies.