IE "Persistence" Tracks Without Warning 227
A reader writes "Never mind if you've shut off cookies. If you are using IE 5+, the browser can still be used to track you, with no warning. An IE 5+ feature, "persistence", allows the browser to remember information, such as search queries. Which of course means that you can be uniquely identified and tracked. And since it is a feature, there is no warning either that this information is being stored or when it is given. Shutting off scripting in theory stops it.
More on the story at www.news.c om ."
Re:Turning off scripting...? (Score:2)
yeah, its called "view source". read the source, decide if its worth the effort to figure out what they intend to do with scripting, then go from there.
the only good thing about jscript is that you can always view source. can't say the same with java ;-(
--
Re:I have to say it... (Score:1)
The point is that some one just might read you bad code! You really think that a spy program or dangerous code would last long in the Open Source world? If there are not many users of the said product, then sure, you might get a way with it. But if you are successful and have lots of users, you will have lots of lines. So if 1000 people read 50 lines of code, then you have aprx 50000 lines read. Of course that is assuming that the same lines have not been read.
I'm saying that I feel safer that code is not a problem if it is open. I'm not saying that it is safe. But as I mentioned, it takes alot more nerve to post code that has mischievious actions. But it doesn't take much for closed source to do so (!seineew era sreenigne epacsteN).
It's just common sense....
But common sense ain't too common!
Steven Rostedt
Repetitive redundancy (Score:3)
From Microsoft: "The consumer that enables first-party cookies is even more exposed. This should only be an issue for someone who has disabled all cookies and is concerned about unique identification."
Translation: only people who care about their privacy care about their privacy. Gee whiz, mister, that makes it all okay!
That's just friggin spiffy.... Windows AND Mac? (Score:1)
I'm sorry folks, say what you will, but after three years of Macintosh useage, after running AOhelL, Lynx, Navigator 3-4, Communicator 4.XXX, IE 3, IE 4, Mozzila PR14 [I ran it three times, it crashed twice and refused to get past startup once], iCab, and iCab 2.x, Mac IE5 is the ONLY browser that meets my needs both aesthetically and from a work environment standpoint. And to have that comprimised? Hell, I may as well get a job in a steel mill or shoot myself in the head.
With as little privacy as I have on the net, I'm starting to wonder why my phyiscal life is so empty.
ONE BIG PROBLEM WITH THAT (Score:4)
Re:This is news?? (Score:1)
That amazes me, I noticed this feature the second time I typed in "slashdot.org" in the address field. Look at that! User persistence!! Same thing when I noticed all of my previous searches on google. Or for that matter the second time I type in my username to login to slashdot. It was a pretty easy thing to see that "something" was different. And I was amazed when I realized that it kept happening after I closed IE and brought it back up. I love this feature.. I'm not turning it off.
Re:Am I the only one? (Score:2)
You don't have too... feel free to unplug your computer.
Re:Am I the only one? (Score:1)
If I frequent an online shop I want them to know I'm back so they can show me the things I care about and none of the crap.
Tired of the paranoia (Score:1)
Re:Paranoid loosers! (Score:1)
Re:In related news (uSoft unSecurity) (Score:1)
Re:This isn't as important as.... (Score:3)
Check out these <A href=3D"http://bigstar.ad6.net:8080/jsp/t/bigstar
It points to some server which records that you have clicked on this link, using that funky long string as your identifier. The string possibly holds some sort of demographic information.
There's also a 1x1 gif that comes with the spam...
<IMG src=3D"http://bigstar.ad6.net:8080/jsp/t/bigstar.
who knows what that does
i'll let you judge for yourself if this is evil or not. i just wanted to point out a specific exmaple of where its being used. bye
Re:For the Mac IE too? (Score:1)
I think Gates is past that phase; now its all about control...
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
IE is evil (Score:1)
Combined with passport redirect cookie sharing [editthispage.com] and now persistent tracking, IE is a menace that should be eradicated from your computer.
I wrote this [11st.com] article in August. After that I installed 98lite [98lite.net] and linux on my laptop.
I'm also scared about the
Just think every document running on an asp server run by MS. (shudder)
- from the windows-help.net web site...
- According to Microsoft, Office 10 will also offer significant new security features, including a central security panel; advanced password encryption; higher default security settings for Excel and PowerPoint; the option to not install Visual Basic for Applications with Office; and the functionality of the Outlook Email Security Update
Makes you wonder...because (Score:1)
So this explains... (Score:1)
Ease of use. (Score:1)
You whipe out the user and create a new one. Brand new slate.
Every Joe can do this.....
If you like to tinker with files you can just edit the cookie file, etc.... :^).
Re:Turning off scripting...? (Score:1)
Long answer: in the example, replace ""http://www.stupidsite.com/" with the domain name in question. The pithy comment substituting for the path is obviously going to generate a 404. All of these sites are marketing driven (or they wouldn't annoy a geek) so someone will be examining the logs. If no one is examing the logs, then they're Clueless and Doomed anyway, so don't worry about it.
Short answer: RTFM
This is absolutely sick... (Score:1)
In the meantime, IE users can turn off the browser's scripting capabilities, on which IE persistence depends.
The first thing to do immediately after installing ie5+ (before it uploads the contents of your hard drive to microsoft ;) is to disable scripting support! We've learned this from past experience with the never ending barrage of virii (viruses for the layman) that are in reality scripting exploits!! Since 'persistence' depends on scripting support, can we assume it's a virus? Maybe. Maybe not. The best bet is to not use m$ software. Period.
This really stinks.
--cr@ckwhore
Re:Not surprising, but not a big deal (Score:1)
Re:I have to say it... (Score:4)
Mozilla will never take the market from IE, unless someone starts paying folks to use it. Most people don't give a rat's ass about features/loopholes/etc. like the one described in the story. What percentage of web users browse without using cookies? I don't know the answer to this, but I'd put money on it being a relatively small minority.
Re:I have to say it... (Score:1)
-G
Linux is only Free if your time is worth Nothing
Chicken Tracks (Score:1)
Re:In related news (uSoft unSecurity) (Score:1)
Re:Oh for some privacy (Score:2)
Hehehe... You definitely bring up a good point. But remember here that the major issue is that when people go to the local porn shop, they know the privacy issues involved. What we're talking about here is that people have no idea what privacy issues are involved when they launch their browser. Most people will think that everything they're doing is totally anonymous, when in fact it's not. It is the responsibility of the software provider to make sure the user knows the privacy issues involved. That is the whole point of this discussion... (Well, I'm pretty sure anyway).
"Page Hit Counting" in IE 5.1 (Score:5)
I use IE 5.1 and there is an option in the advanced tab called "Enable Page Hit Counting". Here is what the Help says about it (emphasis is mine):
Specifies whether you want Internet Explorer to allow Web sites to track your Web page usage. Selecting this check box allows sites to create a log on your computer of which pages you view, even when you are viewing Web pages offline. That log is sent to the site the next time you go to it. By tracking the usage and popularity of specific Web pages, content providers can tailor future content to match your interests.
Looks like this has been around a while as M$ fishes for the most innocuous name possible.
"I will gladly pay you today, sir, and eat up
Re:Turning off scripting...? (Score:2)
fwiw, I've done plenty of dynamic gifs on my servers (for network management stuff) and I've never seen it become a major load.
--
Re:Turning off scripting...? (Score:2)
It should be possible to get rid of all the non-functional buttons by finding url's imbedded in the javascript.
"rollover" buttons should be detectable by the multiple images in the javascript.
And otherwise, try to pick out quoted strings and display them as text.
Re:It looks to me like this can be easily disabled (Score:2)
"No.. YOU'RE WRONG. OK U mite be Rite dood... but M$ STILL SUX!!!!!!!!! F.U.!! M$ sSXuXSxuSux. It's SUXK! Why? Because M$ is SuKkY!!!!!!!"
That's about it, except in different words.
ScriptBusters! Yeah! (Score:2)
Turning off scripting...? (Score:2)
Lately, I tried to turn off java-script in IE, but then turned it on within a few days again, after wondering why so many buttons and links didn't work. First thought my connection was just crap, but it wasn't...
So, if turning off scripting is not an option for you (as it is for many people), what can you do against this?
Re:Turning off scripting...? (Score:2)
A solution I found is to add this site to the 'trusted' zone and turn on javascript in that zone, leaving it off in the 'internet' zone. Works great for me, and you can keep track of which site can possibly track you.
As for my working hours, they'd better keep track of them
Re:It looks to me like this can be easily disabled (Score:2)
--
Comment removed (Score:3)
Re:"Page Hit Counting" in IE 5.1 (Score:3)
While you are there, there's a begger's banquet of potential security issues that you can mitigate. Microsoft was nice enough to provide the options, not nice enough to choose the secure default.
Advanced Tab
-----------
Profile Assistant (Allows web sites to upload information about you from somewhere. The Windows Address Book?)
Install on Demand (Web sites can install "Web Components" on demand. Vague enough for you?)
Search from the Address Bar (Unless you want to tell MSN what you are looking for..)
Security Tab
------------
ActiveX control settings (duh)
Tons of Script options which have known issues (which is why they are in this dialog box)
Automatic Logon (Sends your weakly encrypted NTLM network password hash to anyone who asks)
Re:This isn't as important as.... (Score:2)
Re:Oh for some privacy (Score:3)
//rdj
Re:This is why LAW should require source disclosur (Score:3)
Agree with you partially - I think only source code should be copyrightable. Copyrights are intended to protect ideas, not a side effect of those ideas.
There's an interesting loophole in having binary files protected by copyrights: one could write a program that analyses an executable file, identifying all functions and respective calls. This software would then scramble the code, changing the position of the functions and fixing the calls accordingly. Would this be a copyright violation? To characterize a copyright violation should both files be absolutely identical, or would a certain sequence of identical bytes constitute a violation? If the latter, what about libraries -- a binary compiled with a certain library would make all subsequent programs linked with the same library illegal?
Re:If disabling works... (Score:2)
Re:Cancel My Subscription to Bugtraq (Score:2)
Of course, they (that conglomerator of OSS sites, Andover.Net Inc) would much rather throw a beefy, meaty Microsoft bug at the starving flamers, err...
I mean you have to go *three* dialogs down to turn that feature off! Unbelievable! If RMS had designed IE, there would have been an option right there in ~/.ierc! Of course it would have been tab-sensitive and in ~/.ierc's unique little syntax, but you could definitely find it with a good man page and a text editor...
Double standards; not just for Redmond any more.
Re:Turning off scripting...? (Score:2)
the only good thing about jscript is that you can always view source
Bzzzzzt. Do not pass go:
<script language="JavaScript" type="text/javascript" src="fux0red.js"></script>
"I will gladly pay you today, sir, and eat up
Re:This isn't as important as.... (Score:2)
Persistence pays off! ;) (Score:2)
"How much truth can advertising buy?" - iNsuRge [insurge.com.au] - AK47
Re:You have a lot more to worry about (Score:3)
Announcement: IE Calls Spouse, Parent W/O Warning (Score:5)
The capability, described as a "feature" by Microsoft, came to light on the BugTraq mailing list three days ago after an angry user revealed that his copy of IE 5.1 had phoned his wife to tell her about his subscription to hotmonkeylovin.com.
"This is a perfectly standard feature of any web browser," said a Microsoft spokesman. "As with all aspects of life on the internet, there is a tradeoff here between a very valuable capability and a vanishingly small, almost theoretical loss of privacy."
Free Software Foundation guru Richard M. Stallman was unavailable for comment. A source close to the programmer said that Stallman was "busy reformatting his Windows partition."
Re:It's a Feature! (Score:3)
<babblefish>Unless you find all the other security problems we built into IE, there's not much reason to worry about this one. If you use IE, they're going to get the information, one way or another.</babblefish>
--
Re:Turning off scripting...? (Score:2)
Re:Better Documentation A Start? (Score:3)
While I agree, I think you're expecting too much from Microsoft's documentation group. They have different -- and Annoying(tm) -- ideas about what should go in a help system. Let me say up front that I neither agree or misunderstand why they dumb-down the docs -- we aren't thier main clients!
It's like an anti-man-page attitude; say How to do something not What something is or Why it is valuable. Much of the help provided is along the lines of "Print prints somethig to a printer" or worse "This button prints". In context, these might be OK...but the lack of extra details anywhere is just part of the design goal. Less is better...since it's not really necessary, is it? Anything more detailed would be confusing to a typical user.
MS is, after all, the company that don't document the switch /MBR for thier fdisk program (try it - fdisk /?)...why give detailed help on something that is much more of a user-level tool then a disk partitioning tool?
Re:It looks to me like this can be easily disabled (Score:4)
Re:Turning off scripting...? (Score:2)
Re:Repetitive redundancy (Score:3)
Seriously, this must be a Microsoft corporate policy. Maybe a Microsoft-employed Slashdot reader can spill the beans, and point us to the internal web site or policy manual that says: Or something like that. Come on, give it up, we know it's in there somewhere!
Torrey Hoffman (Azog)
Re:This is why LAW should require source disclosur (Score:2)
a) They are afraid that someone will actually see how shitty they made the program
b) Have no idea there is an open source movement out there
c) They want to keep all their eggs in one basket so to speak.
And don't forget:
d) Such decisions are made by lawyers and managers, who have no idea how software is created.
This isn't as important as.... (Score:3)
Better Documentation A Start? (Score:5)
From the article [cnet.com]
Hint, the link is there to remind you to read it
Not to rant, but I cannot understand how such specious reasoning would find its way out of the mouth of a Microsoft representative. How could they possibly argue that since users are already at much greater risk from other features/exploits, one more "minor" inconvenience shouldn't matter?
Clearly documented explanations of the security features that one can toggle in the Internet Options -> Security tab would be one thing, but the lack of context-specific, right-click help (try it and see) or even the word persistence in the indexed help file (search and see) is somewhat silly.
Why would I have to journey to the developer's corner [microsoft.com] (link lifted from article) to learn what features are present in my browser? Maybe it's time that end-users insist on better [more immediate] documentation from Microsoft, especially with regards to things categorized under the heading of security
ps - SlashDot still has its woes when dropping in long URLs. God bless the preview button
Re:For the Mac IE too? (Score:2)
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
A few privacy tidbits to ponder.... (Score:2)
Think about how much this goes on in every day life......
If you have a supermarket discount card (like a Star Market Card), everytime you use it for purchases, retailers use it to track exactly what you've purchased, how much you spent and how often you shop. This information can then be shared (as with what website you visit) with product manufacturers who the feel you may be interested in their products.
Insurance claims. The information on your medical records is not protected by federal law, but something as inane as a video rental records are. Everytime you make an insurance claim and signing the form, you authorize doctors to release sensitive information to insurers and other third parties, like the Medical Information Bureau, which keeps records of health problems on some insurnace applictions and forms and informs insurers about pre-exisiting conditions, making it potentially harder to receive quality insurance. These records can be shared with various companies, but in half of the states in the US, you don't have the legal right to see your own medical records.
A practice that is picking up speed in restaurants is the use of cameras spying on diners. The chefs then watch the diners so they can time when to serve the next course. I find this pretty scary that someone is watching my every bite.....
Everyone knows that cell phones aren't safe, don't say anything on them or on portable phone that you don't want your worst enemy to hear. It can easily intercepted, and I know this from first hand experience, living in a dorm, a few of suitemates would sit around every night and listen in on numerous conversations going on the dorm every night!!!!
Consumer advocates and the Clinton Administration say financial privacy has been further endangered by a federal law passed last year that made it easier for banks to merge with other financial firms, such as brokerages and insurance companies. Though the law includes provisions to protect consumer privacy, critics say that there are loopholes that could lead, for example, to a bank denying a loan to a customer because its health-insurance affiliate's data reveals that he or she is being treated for a life-threatening illness.
There are hundreds of ways that the private citizen is becoming less and less private, and it is sickening.
For more, check out LHJ.
No, they use C-notes (Score:2)
Re:You have a lot more to worry about (Score:3)
I would've used Emacs for this, but I cannot trust LISP (the language's emphasis on parenthesies is antithetical to a prototypical architecture of a secure steganographical system) and I am worried that RMS may one day demand that the pages I view be switched to the GPL since I am using a GPL program to look at them.
I am now working on a kernel patch for
Explorer kicks ass, BTW.
Re:This is why LAW should require source disclosur (Score:2)
So why should software be copyrightable if the part that permits the most significant advancement (the source) is kept under lock and key? They don't even need to supply it to users directly - just being required to deposit a copy with the Library of Congress in order to register the copyright would be enough to make me happy.
We already require this for patents; software is an amalgamation of a creative written work (copyright) and a functional device (patent) so why not require it? It's not as though it would be hard to find out who was copying the source code for non protected purposes (Fair use would of course apply)
Re:If disabling works... (Score:2)
How's that again? That doesn't seem likely. I've used IJB for a while as my proxy on my home firewall, IE doesn't have any other way out of my home LAN (masq set up for lots of things,
I do agree with the sentiment, 'when in doubt, diable'.
Re:In 3 steps (Score:2)
---
What is this "E" browser? (Score:2)
--
Re:You have a lot more to worry about (Score:2)
The real worth of your post, however, is this idea with Python used to use VI as your browser. Perhaps you have the source of this work up somewhere?
Oh for some privacy (Score:4)
--
In related news (uSoft unSecurity) (Score:2)
Ah, well. We should have known Microsoft had an, uh, innovative definition of "locked".
--
Re:Better Documentation A Start? (Score:2)
Let's all laugh at the funny Microsoft man.
Re:You have a lot more to worry about (Score:3)
The process is quite nicely automated by [98Lite] [98lite.net] which, despite the site name, actually has utilities that will remove MSIE from Win95, Win98, WIN98SE, and WinME. It'll nuke MSIEv3 through v5.x, and it does it safely.
Worth a shot, at any rate!
--
Re:Not surprising, but not a big deal (Score:2)
My personal hate is a numbered list where I want 1,2,3,3a,4 and Word wants 1,2,3,4,5.
Re:Turning off scripting...? (Score:2)
BZZZZZZZT! Browser cache????
URL ??? "www.somedumbasses.com/callMe/Leeet.js"
Save As ???
It looks to me like this can be easily disabled (Score:4)
Re:Better Documentation A Start? (Score:2)
Ummmm...we are talking about a Microsoft representative here
Maybe it's time that end-users insist on better [more immediate] documentation from Microsoft, especially with regards to things categorized under the heading of security
<facetious mode%gt; But Microsoft's applications are so easy to use, they don't need documentation. I mean, you know, Linux is so much harder to use than Windows, so they actually need it, but Microsoft....nahh...it's just point and click. </facetious mode>
So? (Score:3)
rm -rf /
Re:In related news (uSoft unSecurity) (Score:2)
Now, it would be easy to make the screen saver kick in and lock the computer, but what happens in the event of a reboot (malicious or power failure). The idea of this knocking out my Rational server until somebody walks into the room and types a password is rediculous. I can't have it automatically log in as Administrator, because in the minute before the screen saver kicks in, the malicious guest 0wnz me.
Maybe I'm just dumb. I'm a software developer, not a network administrator. But, in my limited experience, I haven't found a way to auto-run anything without a login.
Overall, the idea of locking a WinNT computer is that the user can't start altering settings/data easily. But, applications should certainly continue running. If Palm decided that they don't mind protecting their data when running on a "Locked" computer, I don't fault Microsoft.
For the Mac IE too? (Score:2)
You have a lot more to worry about (Score:2)
I work with a government forensics lab, and you wouldn't believe how easy it is to find out exactly where you've been, locally. IE stores everything you do in index.dat/user.dat/temporary internet files/cookies/application data, and a dozen more places in un-readable locked files, and in the registry.
You would think, if it's THIS easy to grab from the local side, how many places are left open for the outside world to read?
Just drop IE. Use opera, then you just have to erase your vlink4/cache4, and a few other things to clear up most of your activities.
Not just draw graphics! (Score:2)
Re:Oh for some privacy (Score:2)
-----------
"You can't shake the Devil's hand and say you're only kidding."
They will be (Score:2)
Re:In related news... (Score:2)
-----------
"You can't shake the Devil's hand and say you're only kidding."
Re:Chicken Tracks (Score:2)
And as far as the other response, "Local means Local Computer"... No, local means local network. I'm sure you knew that, but....
~Hammy
That Win95 Jump & Jive!
Re:This is news?? (Score:2)
You're missing the point. Although news.com did not do a very good job of explaining the problem. You should read the security advisory and the related links at the advisory page. Basically, the web page author can put MS scripting into the page that loads and saves data in the persistence object just like you can do in cookies. A quote from the MS web page regarding this technology:
Sounds just like cookies, eh? I can tell you that I didn't know that IE5+ had this feature before reading this article. Did you?
In related news... (Score:3)
And no, it wasn't IIS.
Re:Am I the only one? (Score:2)
Re:In related news (uSoft unSecurity) (Score:2)
Surely the blame doesn't lie with the manufacturer of the device that doesn't check with the OS for what it should do. Or the author of the program. Because "they" are Palm Computing, which is a *good* monopoly, because of course they are not Microsoft.
I see now.
Re:This is why LAW should require source disclosur (Score:2)
Only your last point (about why not just pirate the software) is at all valid, and even it is total nonsense. Your other points are merely worse.
If you have the source, you can more easily remove any copy protection methods. You think you see "cracks" of programs to remove a CD-check quickly now? Just watch how quickly that software hits the warez sites/newsgroups when the malicious "give-away-other-people's-software" types get their hands on the source.
Comparing people having the source to people having schematics for electronics or the plans to a car is also complete nonsense. With those things you have to acquire and frequently fabricate parts, and then go through a lengthy assembly process. Surely some people actually did this back in the day with those schematics of amplifiers and so on, but for the most part, it was not the case. But all you have to do to compile something from the source is to put it into the development environment and click (or select from the menu) the "Make" option. A few minutes later, you have all the libraries and executables, assuming their project/make files are set up correctly.
Also, Chilton's manuals are basically based on reverse engineering, but they do not actually tell you how to build a car, only how to service one. Furthermore, they suck compared to a Factory Service Manual, so they can only barely be seen as a competing product. They do not provide the level of detail you get from a FSM. In any case, those manuals are based on a tear-down and rebuild of the car in question, and they don't tell you how to build one - That would be arguably illegal.
In summary:
Mind you, they really ought to give away the source to free software...
Am I the only one? (Score:2)
Re:I have to say it... (Score:2)
But many people who use 'open-source' stuff would never read the source, and never look for things.
The key point is that, these days, if you do not seek to understand what is going on, you are vulnerable.
Cancel My Subscription to Bugtraq (Score:2)
It seems that everytime some minimal flaw in a Microsoft product ignites the idea that much shame should be dropped upon the Redmonian company. Companies don't make mistakes, people do. Companies are made of people.. I am up to betting that developers of Linux and related software products have even introduced far more serious bugs.
anyways .. I'd prefer that Slashdot not obsolete my bugtraq subscription. We have already established that MSIE is introduced 5 bugs for every 1 fixed.. let it be .. and REMEMBER THE ALAMO! (i mean Bugtraq: http://www.securityfocus.com/ [securityfocus.com] TOAST: Here's to hoping for the re-purification of Slashdot -- like in the past!
Anybody else getting the impression that there must not be too much newsworthy submissions in the queue causing Slashdot to resort to such posts as this? Has computing has gotten to the point that many topics are better understood by the "general public" for the niche that Slashdot once filled?
<constructive editorialism!/>
Re: your .sg (OT) (Score:2)
He was a famously bad speller.
A famously creative speller, you mean. An inspiration to us all; in that sense like Shakespeare, who even occasionally mis-spelled (? but wouldn't he be the authority?) his own name as "Shaxpere." You owe it to yourself to violate at least one law a day. I mean, whose language is it, theirs or yours?
Yours WDK - WKiernan@concentric.net
Re:Turning off scripting...? (Score:2)
Simple. It is not totally ignorant of javascript. It knows how to "parse" it. And then it has a bunch of rules like "the tokens "foo" and "(" next to each other mean they are calling foo() and that probably means I should do this...
Actually just seeing all the string contants and assumming they are URL's should work and hardly requires even a "parser".
It is easily fixed (Score:5)
To turn it off, do the following in IE:
Click Tools->Internet Options.
Choose the 'Security' tab.
Click the 'Custom level' button
Search for 'Userdata persitence' (it's near the bottom, in the 'Miscellaneous' section)
Select the 'disable' option.
That's it!
Re:"Page Hit Counting" in IE 5.1 (Score:2)
So, in 5.1, they have "Enable Page Hit Counting" and "Userdata Persistence", and in 5.5 they have "Userdata Persistence", and the page hit counting thing is unlabelled but still present. Damn, I'd like to hear what Microsleaze has to say about this crap. And I wonder, does this all have anything to do with Passport, about which Woody [woodyswatch.com] wrote some nasty shit in his latest newsletter. It would seem that Passport is little more than a cookie circumvention process which provides site owners with way more data than cookies can. As if M$ intends to trumpet the unwashed masses with the news that they are now safe from the evil cookie, leaving unsaid of course that the "solution" is much worse.
"I will gladly pay you today, sir, and eat up
This is news?? (Score:2)
Just mouseover the cached queries and hit the delete key on your keyboard.
Not surprising, but not a big deal (Score:2)
At the same time, I don't see this as that big of an issue. If somebody can come up with a worst-case scenario of an exploit for this 'feature' that will format my hard-drive, then I'll be concerned. Until then, I must accept the fact that I use Windows, and must therefore deal with this kind of crap.
---
Re:Turning off scripting...? (Score:2)
I always have javascript turned off. You know what I do when I find a site that is broken without javascript? I leave and never come back.
"Free your mind and your ass will follow"
Go to Microsoft Knowledgebase... (Score:2)
Enter some search terms and look through the wondrous bugzilla that MS runs... Just give it one or two search terms or something... Now close out, wipe out your History, wipe out your Temporary Files and all the hoohah. Then wipe out cookies.
Now come back in and check Knowledgebase. Hurrah! It remembers your search term, because you've got SECRET INFOES in some XML file buried deep somewhere.
BORING.
Re:Complex problem, simple solution (Score:2)
Unless, of course, they're an Evil Genius [evilgeniuses.org].
The problem with the available open-source browsers is that they don't have IE's functionality. As lame as IE is, it has better standards support (And I don't mean the M$-defined standards, either) and more functionality (And here I am talking about Micro$haft-specific stuff, like activeX and client-side VBscript.) They also support CSS more fully than any other browser, and last I checked, that included arena [yggdrasil.com], the W3C's (now yggdrasil [yggdrasil.com]'s)standards-flagship buggy-as-all-hell featureless browser.
Of course, Arena is basically now all but dead. The only sign of life that I could see is that it still has a webpage. It's been replaced in the W3C with Amaya [w3.org], which claims it "supports HTML 4.0, XHTML 1.0, HTTP 1.1, MathML 2.0, and many CSS 2 features". Amaya has an ungodly slow display engine.
By contrast, in a quote from the W3C website (C&P'd from Amaya, BTW) we see the following: "000327 Microsoft shipped Internet Explorer 5 for the Macintosh. It apparently supports full CSS1, the first browser to do so." IE5.5/windows still doesn't do this, reportedly. I don't have a test suite handy, so I can't verify any of this one way or another.
Mozilla is tres crashy. Netscape is agonizingly slow. Arena is slow and painful, ditto for Amaya. Opera finally has Java working properly, or so I hear (haven't run it recently) so I guess you can take it seriously, but the default layout made me shudder. It's also not as easy to customize (Or at least, to understand what you're doing) as I had thought it would naturally be. I guess the Mac users have a couple of other options, but they're missing major functionality, too, right?
So what's left? If you discount IE for privacy reasons - nothing. Though I do use Mozilla for Mail, and occasionally K-Meleon to check out a small webpage quickly, or to load something that IE has network problems with. And Netscape and Mozilla both have dramatically faster implementations of Javascript and GIF89a animation.
Re:Turning off scripting...? (Score:2)
Java has one thing over jscript: you can draw graphics. Jscript misses functions to draw lines and curves. If you don't want to use java, the server is burdened with generating a gif file for every graphic that's requested, and it takes much more bandwidth to send a gif than it would take to send a set of "moveto/lineto" calls, if they existed in jscript or html.
Re:You have a lot more to worry about (Score:2)
So, yes I am pretty sure
As for the Vim browser: no I haven't done it (I am happily surfing on IE 5.5, thanks), but somewhere on vim.org, I have seen a vim-with-embedded-python. And python does allow you to send and receive stuff through http transparently, so yes, it is theoretically possible to built an entire browser within vi. Why? I dunno. I am using IE, remember?
Re:Better Documentation A Start? (Score:2)
It is amazing what "Public Relations" folks can come up with. This is essentially a "troll"; it attempts to change the focus of a discussion by raising a partially related, but potentially inflamatory point. Most good journalists/interviewers wouldn't let them get away with this without providing a counterpoint.