Book Reviews
Recent reviews from Slashdot readers:
- Advanced Excel for Scientific Data Analysis Learn to turn Excel into something that rivals Mathematica using VBA, brains, and a heaping helping of fortitude.(Jack Herrington's review.)
- Nagios 3 Enterprise Network Monitoring A great book for anyone using Nagios as more than a casual user.(jgoguen's review.)
- Schneier on Security Schneier argues that security is not something you can buy; it is something you must get.(Ben Rothke's review.)
Submitting a review for consideration is easy; please first read Slashdot's book review guidelines. Updated: 2008114 by samzenpus
5373273
story
Comments: 181 +- News: Feds May Soon Be Allowed To Use Cookies on Wednesday July 29 2009, @04:50PM
Posted
by
timothy
on Wednesday July 29 2009, @04:50PM
from the it-looks-like-you're-building-a-bomb dept.
from the it-looks-like-you're-building-a-bomb dept.
background: url(//a.fsdn.com/sd/topics/topicgovt.gif); width:57px; height:80px;
government
background: url(//a.fsdn.com/sd/topics/topicprivacy.gif); width:71px; height:53px;
privacy
background: url(//a.fsdn.com/sd/topics/topicnews.gif); width:60px; height:66px;
news
background: url(//a.fsdn.com/sd/topics/topicpolitics.gif); width:61px; height:43px;
politics
fast66 writes "The White House may lift its policy barring federal Web sites from tracking users' online behavior. In place since 2000, the cookie policy issued by the Office of Management and Budget was intended to protect citizen privacy but has sparked criticism — even from White House officials — for hampering citizen outreach. On Friday, Bev Godwin, the director of online resources and interagency development at the White House's new media office, blogged on the White House Web site, 'We want to use cookies for good, not evil' — and invited the public to comment on cookies through various online channels, including the Office of Science and Technology Policy blog."
Related Stories
Necessity is a mother.
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
No problem (Score:5, Insightful)
What's the problem with that?
Re:No problem (Score:5, Interesting)
I block cookies, javascript and all plugins (with the exception of my whitelist). The problem is that more and more sites annoyingly (and uselessly) require these to work. I'm fine not having a draggable map, but ever since GoogleMaps, every map site has become reliant on Javascript. Half the random sites bitch if I have cookies off. Etc.
Much like the "works best in [Browser X]" these annoying additions are being used in the place of, not as a suppliment to, standard webfare.
Parent
Re:No problem (Score:5, Insightful)
(not trolling just being blunt)
Parent
Re:No problem (Score:5, Funny)
He's not complaining about not having electricity. He's complaining about being forbidden from whacking sabertooths on the head unless he's using a newfangled club that shouts "I AM A CLUB!" while you wave it in the air and it shoots out orange and yellow flames.
If he were asking for the Google Maps website to send him directions via telegraph, then he would be complaining about electricity.
This post brought to you by the Mixed Metaphor Society: Keeping the Home Fires on Track since 1962.
Parent
Re: (Score:2, Insightful)
unless he's using a newfangled club that shouts "I AM A CLUB!" while you wave it in the air and it shoots out orange and yellow flames.
I wonder if Think Geek sells those? WANT.
Re:No problem (Score:4, Funny)
Your post hit that bull's-eye, and the dominoes fell like a house of cards.Checkmate!
Parent
Re:No problem (Score:4, Insightful)
Parent
Re:No problem (Score:4, Insightful)
Um, I dunno why your tin foil hat is so large, but seriously, you're living in the 90's. There is - and never was - anything wrong at all with Javascript or cookies. Flash can be annoying, but the benefits far outweigh the "risk". Java is the only thing I don't particularly trust, since it's pretty much an open gateway to malware today.
Javascript, though? Seriously? Javascript is "standard webfare" in the modern world. Cookies are, as well. Every single modern web browser supports them, and enable developers to do some pretty cool things, like draggable maps, real-time page updates (AJAX), etc.
Put simply, you've got more to worry about in your web history than you'd ever have to worry about in cookies. With cookies, what are you protecting yourself from? A company trying to improve their product? What about Javascript? Protect yourself against... dynamic webpages? You're doing yourself more harm than good with these old principles. Should've left them at the door with Firefox 1.0... welcome to the Internet of the 21st century.
Parent
Re: (Score:3, Interesting)
Stop spreading those lies. Cookies can be hijacks and can be leveraged for an attack.
I know, I was paid to do that when I did security.
Ever see the expression on a financial CEO's face when you hand them a list of customer information, account balances and passwords you get after 30 minutes of being on the job?
Priceless.
Re: (Score:2, Interesting)
Re: (Score:2)
The main reason I don't do this is... Take that blog comment form. Yes, it should work without Javascript. However, with Javascript enabled, it shouldn't require a page reload, and could even provide realtime updates of comments other users are posting.
And if it's a proper, gracefully-degrading website, the only way you know about that is to turn Javascript on and test it.
Re:No problem (Score:5, Informative)
Cookies should be replaced by a standard for web page preferences, where the web page specifies which options there are and what the possible values are. Then the users can set the preferences they care about in their browser and leave others (like tracking IDs) unset. Logins should never be implemented with cookies.
Not to sound trollish, but seriously, are you a web coder? Strict online security in connection with login-protected content is simply not possible without a cookie*. Cookies are so standard that ASP even places cookies without telling the coder it's doing so (the 'application' variables).
:-P ;-)
Cookies are a necessary part of the Internet. The only problems with them is that they 1) aren't encoded by default, 2) can be set to expire whenever the coder wants, which can fill directories quickly if you do much browsing, and 3) can be made accessible to websites other than those who issued them.
If web browsers would just encode all cookies by default, then decode them whenever sending them back to a server, that would keep spyware from reading their contents from your computer. Then, if the browsers would store a 'touched date', and automatically delete all cookies over X age (configurable by the user?), many useless cookies would go away automatically. Finally, if cookies were only able to be read/written to by their issuing server, there would be no possibility for exploit (except to track your movements through pages which contain some content served by the issuing server, such as the much beloved doubleclick.net cookies -- which could easily be done-away-with by adding the rule that cookies cannot be accessed by any page displayed within an iframe/object/etc.)
Everyone always seems to believe that cookies are small programs or some such nonsense. Cookies are nothing but tiny databases stored on the user's computer. How much damage can that do?
* If you think you can have strict security by only tracking a user's IP address and/or passing a variable from one page to the next, you are sorely mistaken.
p.s. I know, I know.... ASP is m$ft. Get over it.
Parent
Re: (Score:3, Insightful)
There you go again, displaying facts and ruining what might have been perfectly good flamebaiting based on suspicion, FUD and paranoia.
If you want to surf anonymously, it's not that hard.
Re: (Score:3, Informative)
I mostly agree with you. I would very much like a browser with the privacy settings you described. There is already the "Accept third-party cookies" option (I think all modern browser have a similar option), but I am not sure exactly what that does.
On the other hand, cookies are not needed for logins. In fact, they are a rather insecure way to do logins as anyone who can see your cookies can take over your session. For example, if you are on an open Wi-Fi hotspot and view any website that uses cookie logins
Re: (Score:3, Insightful)
From the perspective of a web designer/developer who uses Javascript to enhance and optimize the user experience: people like you drive me up a frickin' wall. There's no need to disable all that stuff, unless you have a paranoid personality disorder.
Look, it just takes some common sense. Don't surf to sites that may be malicious. 99% of the time, it's completely obvious what those sites are. Also, it helps to not use IE, which is more susceptible to attacks than Firefox and other browsers.
Someone please giv
Re:No problem (Score:5, Informative)
I posted a response to a comment on the parent griping about flash and javascript--they are a security risk. I'll ignore cookies--that gets a bit...difficult to explain.
But because you don't seem to get it--let's make the javascript answer so simple even a programmer can understand it...
1) go to www.slashdot.org /. to be loading content off of another site--that can edit my DOM and run the driveby exploit du-jour.
2) hit view source
3) search for "ad.doubleclick.net"
4) you should see a call to document.write at a dynamic URL slashdot doesn't control
5) understand that a LOT of these go out through resellers--who go through other resellers--and so on...and all you have to do is buy a single script that gets into an ad rotation at a site like CNN or
Even if the script was safe when they checked it--it might not be safe five hours later when my browser pulls it down from a different IP address or netblock. The javascript isn't the risk--the third party javascript writing to my DOM to open an iframe with a driveby exploit is.
(and FWIW, there are actual javascript vulnerabilities--but I figured I'd stick to the obvious in this post)
As long as people continue to use things this way--they're a security risk.
Parent
Last Measure (Score:3, Informative)
Someone please give me a valid reason why anyone should be blocking cookies (1st party, NOT 3rd party) and disabling Javascript, other than paranoia and/or a bad case of nerd grump.
The site http://paranoia.on.nimp.org demonstrates this, but do NOT visit this site unless you've turned OFF JavaScript and plug-ins for this domain.
Re: (Score:2)
Leave cookies on, just make the directory that they go in is read only.
The site will think you allow cookies.
Re:No problem (Score:5, Insightful)
Parent
Re: (Score:3, Insightful)
The site I'm building now won't bitch if you have cookies off. But if you try to login, you'll find that subsequent requests will be handled as if you have not logged in. If the web ever gets a better login scheme standardized, implemented, and widely deployed, then maybe cookies won't be needed as a half-arsed way to achieve login sessions. Also, if you disabled Javascript, the site will not lay out nicely. But that will fall under the same "degrade gracefully" principle as if you disabled CSS.
Re: (Score:2)
I block cookies, javascript and all plugins (with the exception of my whitelist). The problem is that more and more sites annoyingly (and uselessly) require these to work.
The proposal specifically prohibits restricting access to information or discrimination of services based on opting out of cookies.
Re:No problem (Score:4, Funny)
You should do what I do...leave everything turned on, but to poison all the DBs in the world, spend at least 90% of your time browsing stuff that doesn't interest you. This absolutely foils their plan to get to know you through tracking. There's just no way they can get around it at all for 'em.
I even take it to the next step beyond—90% of the money I spent on the web is for stuff I have absolutely no use for and definitely don't want. It's a brilliant, positively ironclad way to screw them over and make sure they get theirs!
Oop...I just used up my 10% time on /. writing this post. Gotta go surf pee-pr0n...disgusting stuff. laterz!
Parent
Whew, that was a close one (Score:5, Funny)
Thanks for telling me this. You see, I am an inept and computer illiterate terrorist. We all are, since none of us are smart enough to get an education. Hell, I barely managed to read this web page, and all my dumb terrorist buddies simply couldn't. We go to www.I-AM-A-TERRORIST.com all the time, and if I didn't get the heads-up, we would all be in jail now. You guys were smart to allocate resources to this sure-fire way to catch us. Oh well, time to get back to using the internet for evil, not good.
Parent
Re: (Score:2)
If you don't like kooties, block them. For those that don't even understand what a kootie is, make it clear what the government is doing and prove it through open source. Makes for a better web experience.
What's the problem with that?
Re:No problem (Score:5, Insightful)
There is no problem with that, and may be that's the point.
Let's be really pedantic about cookies, let's waste all our time discussing them, all the while the government (with the help of the private sector) is silently trying to archive, index, and search through all our private emails, private phone conversations, web browsing logs (and search terms), phone graph relationships, travel plans, medical drug and mental health information, dna relationships, and/or anti-war political affiliations.
And let's not worry about the fact that all the low level city cops (at least in San Francisco) routinely do background checks and get private medical information for any random woman they're interested in dating (without any oversight, without any official reason, and without any logging that they've even accessed that information in the first place).
Let's talk about cookies instead and let's keep on explaining what cookies mean (because here on slashdot, I'm sure that no one knows what cookies are) -- ignoring all the other ways our privacy is being violated over and over again -- without even us knowing.
Parent
Well... (Score:5, Funny)
The Cookie monster will most certainly be displeased...
GODWIN? (Score:2)
"...Bev Godwin, the director of online resources and interagency development..."
So we already know how they plan to respond to our complaints about creeping Fascism... :-)
Re: (Score:2)
For the computer savvy, this isn't even an issue. (Score:3, Interesting)
I delete all my cookies automatically every time I close Firefox. I run Firefox via a script such that all the Flash cookies (yes Flash cookies) are also deleted.
Re:For the computer savvy, this isn't even an issu (Score:5, Informative)
> such that all the Flash cookies (yes Flash cookies) are also deleted.
Good point. Too few people even know about Flash cookies. There's also a Firefox extension called BetterPrivacy [mozilla.org] that'll do this, for those that can't be bothered with scripts.
I know that some shadier ad networks also use Java local storage to store tracking info, if your browser has a Java plugin. Solution: disable storing temporary files on your computer using the Java control panel icon.
Honestly, I do all of this, but I wonder how many others would even bother. It's almost like Scott "You have no privacy. Get over it." McNealy was right.
Parent
Re: (Score:2)
Re: (Score:2)
There's this very old Perl script [tbtf.com], but it was designed for Netscape. I think Firefox now stores its cookies in a sqlite database, but Perl should still be able to handle that.
Re: (Score:2)
Now why didn't I think of that??? Someone mod this guy up!
Re: (Score:2)
Good idea. I'm sure there's also something to be done on OS X. Flash really is obnoxious.
Cookie Monster Loves Cookies (Score:2)
Yum.
Dupe? (Score:3, Informative)
What? (Score:3, Funny)
We want to use cookies for good, not evil' â" and invited the public to comment on cookies
Isn't that like a double oxymoron?
White House good.
Public comment evil.
We're donediddily done for (Score:5, Funny)
Just so we're clear... (Score:2)
Government doing good? What are you talking about? (Score:2)
The government thinks it's doing good while most of the time it's not doing good at all.
It's a very bad idea to let the government folks have any more tracking capabilities than they already have.
Every little cookie crumb you let them track about you gives them more power over your lives. Before you know it they have the entire cookie jar to themselves, including the chocolate chips of freedom! Don't let the cookie monster get all your cookies. Bake a new batch and keep them to yourself and your family and
Re: (Score:2)
The government does good almost all the time. Yeah, thre has been some screw ups,but overall it does good.
Re: (Score:2)
Sure a soldier gets a medal for valor while the people he murdered get put in graves and their families have to figure out how to survive. Yup, your Government State Mass Murderers doing good work every day.
In other news... (Score:2)
...the government spies on people who use the Internet.
This makes no sense (Score:2)
They already monitor and record phone conversations, emails, IMs and pretty much every means of communication, yet tracking cookies arent used?
What kind of a backwards government is this, I want my vote back.
Up to date (Score:3, Insightful)
The next exciting and up-to-date town-hall meeting discussing government's use of technology will be...Webpage Layout: Tables or CSS?
don't care anymore (Score:2, Funny)
Sounds familiar... (Score:2)
Hmm, this story sounds familiar [slashdot.org]...
I love it (Score:2, Insightful)
Careful with the party tag there (Score:2)
Stop the MADNESS!!! (Score:2)