Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Businesses

Death of Cookies, Spyware Greatly Exaggerated? 498

securitas writes "The New York Times' Bob Tedeschi interviews several Internet marketing leaders who debate recent reports that Internet users are deleting cookies en masse and causing serious problems for advertisers. Among the interviewed is Eric Peterson, co-author of the Jupiter Research report that claims 39 percent of Internet users delete cookies. Slashdot has recently had stories about this supposed trend in June and July. A shorter version of the article at IHT. Who is telling the truth and who is deleting cookies? Are you?"
This discussion has been archived. No new comments can be posted.

Death of Cookies, Spyware Greatly Exaggerated?

Comments Filter:
  • Yes (Score:5, Interesting)

    by It doesn't come easy ( 695416 ) * on Tuesday August 16, 2005 @08:22AM (#13329525) Journal
    [...]who is deleting cookies? Are you?

    Routinely and automatically. I don't need any help in remembering my ID, password, or credit card number, thank you. And I don't want any company tracking my every move on the net just so they can turn around and sell information about my personal habits, whatever those habits may be.

    Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.
    • No, but... (Score:2, Interesting)

      by lilmouse ( 310335 )
      I don't allow cookies in the first place; that kind of obviates the need to delete them.

      I accept cookies from about 10 sites (and yes...slashdot is one of them). And even those get deleted when I close firefox!

      When I set up others' computers, I only allow cookies from the orinating website, so that cuts down on cookie retention as well.

      No one needs to track me!

      --LWM
      • Re:No, but... (Score:5, Insightful)

        by Frymaster ( 171343 ) on Tuesday August 16, 2005 @08:49AM (#13329760) Homepage Journal
        I don't allow cookies in the first place;

        i went through a no-cookies allowed period a couple of years ago and i quickly found something out: they're actually useful and in a lot of cases, dare i say it, desireable.

        call me lazy but i actually like my login forms prefilled (name only, of course). i like my template preferences recorded. when i go to ecommerce site 'x' i honestly find it convenient to see what i bought on my last trip.

        and, above all, i want to be able to maintain sessions on a lot of sites. increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.

        • Re:No, but... (Score:3, Informative)

          and, above all, i want to be able to maintain sessions on a lot of sites. increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.

          well... durr... that's what session cookies are for... doesn't ie support them then??? who really cares, Konq and Firefox do... and that means I'm happy ;)

        • Re:No, but... (Score:5, Informative)

          by Jaseoldboss ( 650728 ) on Tuesday August 16, 2005 @09:39AM (#13330153) Homepage Journal
          Here's what I do.

          Get Firefox to turn ALL cookies into session cookies by deleting them "when I close Firefox" in options.

          Then make exceptions for the sites you want to track you. I do this for /. so I don't have to log in everytime.

          From the article;

          This anticookie fervor also hurts the deleters, she says. For example, cookies help a computer limit how many times the user is exposed to annoying ads like a floating, animated message. Since when should you trust a site not to annoy you with ads, block popups and use Adblock and Flashblock.

          "...So cookies are a really good thing for managing the user's experience," she said." If this was true, we'd all be installing adware on our computers to deliver 'interesting relevant and targetted' advertising to enrich our web experiences wouldn't we? Bah!
          • Re:No, but... (Score:3, Interesting)

            Since when should you trust a site not to annoy you with ads, block popups and use Adblock and Flashblock.

            You and I have much the same way of dealing with ads. However, the idea is that if you are going to see ads, you should see a different one each time. That way, instead of having one product shoved under your nose over and over, you get one look at a large number of products. This increases the chance that you will find at least one of the ads useful and lowers the chance that you will get so fed u

            • Re:No, but... (Score:3, Interesting)

              by murukusu ( 893892 )
              I'm only accepting cookies from few sites and blocking all but google's text ads. I must say that since I started to surf like this, my user experience has improved vastly.
        • Re:No, but... (Score:5, Informative)

          by Evil Grinn ( 223934 ) on Tuesday August 16, 2005 @09:41AM (#13330176)
          increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.

          For session tracking, cookies are now the standard, but there are other security precautions that can only accomplished by including a unique ID in every form.

          Go read up about "session riding" or "cross-site request forgery". For example:

          http://shiflett.org/articles/foiling-cross-site-at tacks [shiflett.org]

          See the code sample near the end of the page, under "Force the use of your own HTML forms".
    • Re:Yes (Score:5, Insightful)

      by soma_0806 ( 893202 ) on Tuesday August 16, 2005 @08:28AM (#13329607)

      Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.

      I think there is an even better solution. The only reason I have a problem with the whole cookies thing is that what is being taken from me has a commercial value. If the people collecting my preferences can sell them to larger companies or profit by them by tailoring product lines and advertising, then money is being exchanged for my opinion.

      If money is being exchanged or made from my opinion then the one individual that most deverves some or all of that financial gain is the original owner of the opinion/preference (me). However, through the cookies scheme, I'm the only one not getting paid.

      If I own something that has value and someone else takes it and prevents me from profitting myself from it, that is theft, plain and simple. I don't want someone else's prefences in exchange for mine. I want the monetary value of my opinion.

      • Re:Yes (Score:5, Funny)

        by SB5 ( 165464 ) <freebirdpat@noSpam.hotmail.com> on Tuesday August 16, 2005 @08:35AM (#13329661)
        "I want the monetary value of my opinion."

        Here's your two friggin' cents... Some people, I tell you!
      • Re:Yes (Score:5, Insightful)

        by BlogPope ( 886961 ) on Tuesday August 16, 2005 @08:36AM (#13329671)
        If I own something that has value and someone else takes it and prevents me from profitting myself from it, that is theft, plain and simple.

        And how do you figure you "own" the information? You visit site X, doesn't the list of people who visit site X belong to site X? Do you "own" the fact that you drive to work every morning at 8am? Do you "own" the fact that I saw you walking your dog in front of my house this morning? Did the traffic reporter steal from you when he reported the congestion you were stuck in? Did the newscaster steal from you when he reprted the headcount of the "Million Moron March"?

        You want to block cookies, fine. I'm sure you accept the consequences of your actions, no problems. The the concept that someone who is taking the effort to aggregate the behavior of millions is stealing from you personally is stupidity.

        • Re:Yes (Score:3, Insightful)

          The number of people who visit site $x belongs to site $x. Any identifying information about those people belongs to the individual people who visit the site.

          The fact that you saw "someone" walking "a dog" in front of your house this morning is fairly innocuous. Be very careful, though, when you start identifying who, or whose dog.

          A good body of privacy law will be based on the notion that any and all identifying information about me, belongs exclusively to me, and my not be used, published, stored or

        • Re:Yes (Score:5, Interesting)

          by dajak ( 662256 ) on Tuesday August 16, 2005 @10:38AM (#13330679)
          If I own something that has value and someone else takes it and prevents me from profitting myself from it, that is theft, plain and simple.

          : The concept that someone who is taking the effort to aggregate the behavior of millions is stealing from you personally is stupidity.

          It's just as nonsensical as the concept of advertisers losing money if people delete cookies. Or the concept of losing money on non-sales because of piracy. No money is changing hands, and no goods are stolen. Just business models that reach the end of their useful life.
      • Re:Yes (Score:4, Insightful)

        by Bad to the Ben ( 871357 ) on Tuesday August 16, 2005 @10:06AM (#13330382)
        However, through the cookies scheme, I'm the only one not getting paid.

        Yes, you are getting paid. You get to use the website. Unless of course you'd like to pay for each time you click on a hyperlink?

        Hosting a large website can be expensive, so I don't really object to SOME advertising / cookies. As long as the information is reasonably harmless to me, and the ads not too intrusive, I consider it fair.
      • by zippthorne ( 748122 ) on Tuesday August 16, 2005 @11:26AM (#13331102) Journal
        "I want the monetary value of my opinion."

        Yet you post it to slashdot for all to see for free. Possibly you've even paid for the privilege. /. makes money from all the suckers who paid to read your post as well as the ads on the page whose impressions are generated by.. people reading your post.
    • Hey, is there any browser that denies all requests to read cookies except if you are actually visiting that domain at that particular time? Or extensions to accomplish this?
    • Re:Yes (Score:3, Insightful)

      by Anonymous Coward
      Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.

      As a Slashdot reader who routinely removes all cookies, I don't have a problem with people that delete cookies for whate
    • Re:Yes (Score:3, Interesting)

      by sporktoast ( 246027 )

      Both accepting every cookie (as the marketers would prefer) and blindly deleting them all, (the simplest response) are just too extreme. The sweet spot for me is in the middle.

      My cookie file is read-only at the file system level. It has fewer than 10 cookies in it, all of them hand filtered. This effectively makes every other cookie a session-based cookie, without having to to be nagged about it every time.

      Each time I come across a site that offers me the opportunity to remember my login, I consider wh

  • by Thanatopsis ( 29786 ) <despain.brian@gmai l . c om> on Tuesday August 16, 2005 @08:23AM (#13329529) Homepage
    If 40 % of the market is deleting their cookies (no doubt as part of a regular anti spyware cleaning) that's a problem no matter what spin you put on it.
    • by Anonymous Coward
      That's ironic. He gets labeled informative and doesn't tell why it's a problem.

      I don't see any problems, aside from advertising dollars drying up. But that's a moot point considering bandwidth is so cheap and if you want to throw up some kind of large, bandwidth consuming site you can generally run it on donation. That, and anywhere that has a decent product or service seldom needs to advertise it and when they do they don't make the big bright flashy "YOU WON A FREE PIECE-OF-SHIT" bouncing all over the
  • FireFox deletes cookies automatically for me, whenever they "expire" (whatever that means).
    • by Dogers ( 446369 ) on Tuesday August 16, 2005 @08:33AM (#13329643)
      Some don't actually EVER expire..

      Some, like Googles cookie, don't expire for ages!

      (Googles cookie implodes some time around January 2039)
      • That's only because that's the limit of what they can set it to. The time is typically kept in a signed 32-bit long integer, representing the number of seconds elapsed since midnight 12/31/69-01/01/70. This counter will overflow (go negative) on January 19, 2038. By then, we will have moved that counter to a 64-bit number.
    • Good luck with the Google cookie.

      http://www.google.com/search?q=google+cookie [google.com]
      (See result #1)
    • by plover ( 150551 ) * on Tuesday August 16, 2005 @08:42AM (#13329709) Homepage Journal
      Out of the box (or out of the 'download' folder, I should say) Firefox has really poor cookie management. I have it set to prompt, but once I deny a site permission and realize I want to do business with them it takes many mouseclicks and a lot of stupid scrollbar searching to hunt down the cookieblock and delete it.

      There are some cookie management extensions out there, but for "normal" people to better manage their privacy (or even to realize they have privacy right that they can manage) I'd like to see "prompt always, deny third party" turned on by default, and a cookie toolbar/rightclick option that allows you to accept/decline/delete them. As a matter of fact, that would be a nice option for the Firefox installer: a checkbox that says something like "[ ] Help me manage my privacy rights online." We could debate whether or not it should be on or off by default.

      Or, weirder yet, what about something like the infamous Clippy? "Hi, I'm Foxy, and I'm here to help you with online privacy so you don't become a victim of identity theft, or a pawn of corporate marketing strategies!"

  • by Sodki ( 621717 ) on Tuesday August 16, 2005 @08:23AM (#13329533)
    Cookies are delicious delicacies.
  • by BlackCobra43 ( 596714 ) on Tuesday August 16, 2005 @08:23AM (#13329534)
    I simply deleted all my cookies, visited every site I *want* a cookie from and then set my cookies to be read-only. Worry-free AND all the benefits of good cookies!
    • by Jugalator ( 259273 ) on Tuesday August 16, 2005 @08:50AM (#13329770) Journal
      Yeah... The same worry-free experience while still allowing cookies where you want them can be set up in Firefox like this:

      To allow new cookies
      (when visiting new forums, etc)

      - Allow sites to set cookies = on
      - Keep cookies = ask me every time (when asked, obviously don't accept the ad cookies, to 99% easily identifiable)

      To allow modifications to cookies earlier allowed to be set, and block the rest
      (the by far most common and dialog-free setting)

      - Allow sites to set cookies = off

      ^--- This configuration works, because that setting does not disable cookie usage to 100%, but still keep cookies you've allowed before to be both read and modified. You can review which those are later via "View Cookies". I always thought Firefox documented this behavior poorly in the dialog. :-/

      If something slipped in by you allowing too much, simply remove the cookies from the whitelist at "View Cookies" in Firefox. Cookies either not listed, or listed as "block" will be blocked by Firefox with "allow sites to set cookies = off", and the others listed as "allow" will always be allowed despite this setting.
  • by maxwell demon ( 590494 ) on Tuesday August 16, 2005 @08:23AM (#13329538) Journal
    ... because I already don't let the browser set them.

    Does the advertising industry also "lose" money because it cannot track if I am watching their ads on TV?
    • You're stealing the internet!!
    • by hacker ( 14635 ) <hacker@gnu-designs.com> on Tuesday August 16, 2005 @08:56AM (#13329812)
      Does the advertising industry also "lose" money because it cannot track if I am watching their ads on TV?

      It must suck being only able to get 13 basic channels. What kind of antenna are you using?

      Yes, this was said with tongue-in-cheek, but if you have any sort of digital cable (or cable television at all for that matter), they know exactly what you're watching, for how long, and what channels you switch to, and at what intervals.

      Sure, they might not yet be able to tell when you get up and work on your motorcycle in the garage for 2 hours while the TV is on in the house, but soon enough they'll be able to do that too.

  • I have been recently making it so that every site that I goto it pops up and I can accept or reject the cookie. Initially it was terrible but after some time I have found that most sites are no longer popping up the cookie information. If the site does not work I put on a allow per session within Firefox.
  • I'm not deleting cookies. They're pretty useful. They remember stuff for me. The fact that they've gotten a bad name is mainly because a lot of win32 antispywareprograms identifies them as such.
    • Re:Kewkies good (Score:3, Insightful)

      by RingDev ( 879105 )
      I agree whole heartedly. Cookies got a bad name in the late nineties and have never recovered from the uninformeds' position that they must be evil.

      I also agree with the AC who said that the vast majority of 'average' users don't even know what cookies are, let alone block or delete them.

      -Rick
  • by nearlygod ( 641860 ) on Tuesday August 16, 2005 @08:24AM (#13329549) Homepage
    Cookies are a sometimes food.
  • Firefox... (Score:2, Informative)

    by gowen ( 141411 )
    The "Allow Cookies For Session", along with the Allow Persistent Cookie Exceptions in Firefox solve all my problems. Along with AdBlock and BugMeNot.

    I guess that makes me a bad person.
  • Adblock (Score:2, Insightful)

    by culler ( 214890 )
    Delete? Just deny them in the first place, Firefox + Adblock extension!
  • I choose (Score:2, Interesting)

    by mporcheron ( 897755 )
    I set my settings in my browser to ask before saving a cookie, most I deny but some, for example, logins I allow. You'd be amased how many websites set a cookie every time you visit their website and how many times. Advertisments are the worst, because they always set several cookies per advert but now I've go into the trend of just blocking whole domains, I hate the feeling that some body is sitting at a computer monitoring how many different people are seeing his adverts/
  • Personally, i do. (Score:2, Interesting)

    by domipheus ( 751857 ) *
    But not because of security concenns, it is mostly because I have got into a nervous habit of clearing my cache and cookies every day.

    A few months ago this was a different story, seeing about 400MB of cache/cookies taking up around a gig on the hdd because the files were so small changed it; and I dont mind having to re-login to sites every time, it means I am less likely to forget my various passwords!
  • Delete on exit (Score:2, Insightful)

    by jla0 ( 644106 )
    I have Firefox setup to delete cookies on exit. Also, it only accepts cookies from originating site as well. Remind me why I should KEEP cookies again? Oh I know.. it's probably for Amazon to start charging me more because I'm "loyal" customer!
  • The article is mentions the rise of anti-spyware and how it usually cleans up suspect cookies.

    From my experience with average users, clients, co-workers and family, most users have no clue what the anti-spyware is actually doing, they just follow along blindly. Personally I think this a great improvement over the truely clueless who don't practice safe browsing of any sort.

  • "So cookies are a really good thing for managing the user's experience" says a USA Today markedroid.

    Clueless. Absolutly clueless. This goes straight to the heart of the matter. They can't understand why people don't want their 'experience managed'.

    I can manage my own goddamned experience, thanks anyway. Keep your filthy paws offa me.

    • Clueless? I don't think so.

      The majority of their users probably DO want (or don't care about) their "experience managed". They most likely think that the small majority of people who oppose it will go ahead and block the cookies anyway.

      I suspect the percentages of people deleting cookies are not people that are actively deleting them because they are worried about their privacy. Its most likely that the cookies are getting caught up in a spyware removal tool.

      In short, they are saying: If you don'
  • by Moraelin ( 679338 ) on Tuesday August 16, 2005 @08:28AM (#13329598) Journal
    Let's put it like this: when you have someone whose very revenue depends on "detecting wolves", they'll cry "wolf!" All the time. They'll cry "wolf" at the neighbour's "alsacian wolf" dog even. I'm talking about anti-spyware and other "security" companies. Do they delete cookies? Well, I briefly had McAffee installed, and among other problems (such as being a piss-poorly programmed POS) it did exactly that. It tried to protect me from all those supposedly dangerous cookies, storing such "personal details" as the session ID on some site. I'm not kidding. Using half the sites that required logon (such as Gamespy's Fileplanet) was suddenly impossible. So based on that I'd say the concern is genuine. But it's probably not the users going through the menus to delete cookies. Joe Average probably wouldn't even know or care what a cookie is. But Joe Average likely has some POS security software installed that deletes the cookies for him
    • Even SpyBot and Ad-Aware offer to delete tracking cookies for you for advertisers like Doubleclick. That's kinda nice, in my opinion. And that's probably what's causing this phenomenon. People are sick of spyware, so when they run Ad-Aware they just tell it blindly to delete everything it finds.
  • Cookieculler (Score:3, Interesting)

    by Dr.Opveter ( 806649 ) on Tuesday August 16, 2005 @08:29AM (#13329613)
    I use Cookieculler [mozdev.org] to protect those cookies I value (cause not all cookies are out there useless) and I delete the rest frequently.
  • For a long time I have taken advantage of Mozilla and then Firefox's ability to pop up and let me know any time anyone hands me a cookie, quickly banning those sites that appear to be nothing but cross-site ad trackers.

    Looking at the content of cookies, which Firefox allows demonstrates some interesting things, like my IP address more often than comfortable. Of course I love the "badly" written sites that try to hand me a PHP or ASP session cookie on the first page of the website. I usually nix those. At
  • They shouldn't have annoyed the visitors anyway with annoying ads.
    Besides, there are other ways to track users without cookies. Or at least, most users don't use anonymous proxies anyway.
  • I think Adaware still marks cookies in its scan, so whenver I clean someone's computer with so much spyware, I just hit select all and then delete. I imagine most people dont go picking through it to save the cookies.
  • by jidar ( 83795 ) on Tuesday August 16, 2005 @08:35AM (#13329658)
    Many many helpdesk employees at ISP's tell users to delete cookies. I worked helpdesk for awhile about 4 years ago and back then although sometimes it did help it was mostly snake oil. Some help desk employees at a large ISP did little else besides tell people to delete cookies and reboot. Regardless of whether it works or not the users have learned to do it on their own. A lot of calls these days will start with "I deleted my cookies already but it still doesn't work.."
  • [...]who is deleting cookies? Are you?

    I wish I wanted to waste that time, but I can't. I recently deleted them.

    What we REALLY need is anti-advercookie features in our browsers, preferably Firefox, so we don't need to delete the advertising, we can have the software do it. Think of it like modern anti-virus, but it scans and removes ad cookies. Oh sure, accept it for a session, but when the session ends, the cookie is deleted automatically

    Advertising / unwanted cookies only. Slashdot cookies must stay. ;)
  • Every month or two (really, whenever something prompts me to think about it, which is infrequent) I go through and delete all of the cookies except the ones I know do something I want (i.e. keep me logged into slashdot) or I personally know the people who run the site & am completely sure that they're not being used for anything I disagree with.

    I tried selectively allowing cookies (making liberal use of the "always accept from this site" and "always deny from this site" buttons), but it was a pain, and
  • I tell Firefox not to accept a cookie unless the site is on my exceptions list. When I add a site to my exceptions list, I always set it to "allow session cookies only."

    I have to re-enter passwords when I restart my browser—but that's what password manager is for.
  • xoftspy and ad-aware tend to remove tons and tons of cookies.

    Personally, I leave them accepted. I don't give a crap if some database somewhere infers what my computer has been browsing.

    I use Opera, which doesn't normally have it's cookies infiltrated by xoftspy and ad-aware.

    But Opera kicks ass anyway.
  • In Soviet Russia (Score:2, Redundant)

    by gtrubetskoy ( 734033 ) *

    ...cookies delete you
  • I personally allow only session cookies.
    Session cookies are a great way for websites to track authenticated users (better than the HTTP authentication mechanisms, anyway). Other than that, cookies are mostly used in ways I don't want them to be used:

    - Remembering authentication information. No thanks. If I wanted that, I'd get some software that remembered authentication information.
    - Remembering preferences. Better stored on the server side in almost all cases, IMO.
    - The privacy-inv
  • Who is telling the truth and who is deleting cookies? Are you?

    No, because it's too much time and effort, I can't be arsed and a whole bunch of sites will randomly break and I'll have to remember all the usernames/passwords and configuration settings again. So i'd have to be selective about what I delete to ensure that doesn't happen and then you get a whole list of ones you need to keep or you accept/deny them when you go to a site and ... sorry ... but thats just too much like hard work and paranoia to m

  • So what if I'm deleting my cookies? They can't track what magazine's I pick up from the grocery store, what channels I watch on my crappy standard cable service, what I hear on Radio (the worst of the bunch, or what I see when I'm driving down the road.

    So why are these babies crying about the users finally being impowered and taking things into our own hands? Did they assume that we would never catch on? I guess we should remain blind and stupid consumers eh? Now where is my Food Lion MVP card?
    • So what if I'm deleting my cookies? They can't track what magazine's I pick up from the grocery store, what channels I watch on my crappy standard cable service, what I hear on Radio (the worst of the bunch, or what I see when I'm driving down the road.

      What? This hole must be plugged! We must immediatly:

      • Add a back channel to each TV and radio, telling the advertisers what ads were played.
      • Also, add a cam to those devices, so advertisers can check who actually recieved them. (Maybe you went to toilet during
  • Personally I keep konqueror set to ask me everytime a site attempts to set a permenant cookie, and show me the details of it.
    If I want/don't mind a cookie, I accept it, if not buh-buh cookie (webtrends, ads, anything that allows the page to render (thus has come from an image/ad), etc -> bit bucket)

    I have also done this for the machine my brother and mum use, and attempted to teach them why (although I don't know if they've turned it off).
  • Most people don't delete their flash shared objects, which can serve the same purpose as cookies.

    So they're still screwed.

    Does anyone know of a spyware removal program that kills shared object files?

    • Does anyone know of a spyware removal program that kills shared object files?

      not a program per say, but this [yardley.ca] works great as a Firefox extension, works on all the main platforms too.

      The author states the reason such an extension exists and provides links to marketeers bragging about how they can beat cookie deleters by using the capability, of course if you combine this extension with the Flashblock extension [mozilla.org] they rarely get the chance to abuse the localstore
    • I actually removed [macromedia.com] Flash from my work PC completely. And it turns out I don't miss it a bit. No more slow-loading, annoying animated ads. No more too-fancy mystery-meat website navigation. No more Homestarrunner or Flash games while I'm supposed to be working, either.
  • I've often wondered what kind of havoc would occur from editing cookies. I'd bet that most websites don't have input validation for read cookies because they assume they are just reading back the well-formed string they wrote to your machine.

    I'm surprised there aren't more news stories of exploits based on mal-formed/overflowed cookie strings. But maybe there are exploits out there and the sites are too embarrassed to admit they were hacked with their own cookies.
  • by llevity ( 776014 ) on Tuesday August 16, 2005 @08:47AM (#13329747)
    I see all these posts about people who delete them every day, every time they close their browser, or they don't accept them to begin with.

    Anyone just not give a damn? I mean, everyone's up in arms about privacy, and these lofty ideals of how it should be protected, etc. Just come out and say it. You don't want anyone else to see what porn sites you've been to.

    Personally, I don't care about cookies. I don't have many illusions of privacy to begin with. I'm just non-egotistical enough to know that no one really cares about what sites I go to, as an individual.

    They want to track my usage and habits? Fine. Throw me in a demographic, and call it a day. Use me as a statistic. Whatever.

    Is everyone here paranoid, or do I have any fellow compatriots in the nation of apathy?


  • I hope this doesn't get lost in the comments...

    What ever happened to that very useful "Allow Cookies From This Site" menu item in Firefox? I leave cookies disabled by default, but when I get to a site that simply wont work without them, I liked having a quick way to go enable them for the site.

    Now I have to go all through the preferences dialog, find the site in that long Allow/Block list and change it to Allow. Very annoying.

    Is there a quick (two clicks max) way to turn on/off cookies for whatever is the
  • I have firefox set to delete cookies at the end of every session. The only exception permanent cookies I have are for Slashdot and Google. I'm sure many Firefox users autoclear cookies every session.

    -
  • If a commerce or community site saves a cookie, then that's fine. There's a purpose for cookies on amazon and slashdot. But it seems that every little blog out there sets cookes, as do all little tech journals and so on. There's no reason for this.
  • by tsa ( 15680 )
    I never delete any cookies. I find it too much work and I'm not that concerned about my privacy.
  • It sounds like the marketers are whining becuase their new toys are broken.

    Heh.

    We were doing just fine before the advent of the cookie and malware. Now don't get me wrong, certain cookies are nice to have around to remember your preferences for newegg and slashdot. But we can do without the malware business, that's for sure.

    We have one perfect marketing method that predates even the printed word: That's Word of Mouth. These days we got our forums, blogs and IM's to distribute news of how good or bad a produ
  • No, I don't delete cookies - because they never get created in the first place. I have Moz+Multizilla set to ask me before creating a cookie, and unless *I* decide it is needed, the cookie is never created AND the site gets added to my "never accept cookies from this site" list.

    So the sites that get hit the hardest by this are the sites that, by default, attempt to set a cookie whenever you visit the site. I take the attitude of "You shouldn't need a cookie for routine viewing, so buh-bye!".

    Now, sites like
  • With deleting all cookies many people are doing themselves a big disfavour, because session IDs then mostly get embeded into URLs instead (= you loose the logging feature, while sites could still track you).

    What's always left out in these discussions is the differentiation between good cookies and tracking cookies (especially long-lasting session ids). See also cookies(5) [freshmeat.net]. Lack of user education and bayesian cookie filters in browsers IMO.

  • "Death of Cookies, Spyware Greatly Exaggerated?"

    I for one, kind folks pray it hasn't been.

    D wah wah wah.. imagine users exercising thier rights.. wah wah wah.. :)

  • You guys all talk about cookies as if the only thing they are used for is making advertisers more money.... The fact is cookies have a real and valuable use. They can track useful information for other kinds of applications. And most cookies (at least the ones I create in my web apps) do not contain user information, instead they contain a GUID key to a database record that contains non-personal information about that users session on the website.... The kind of stuff that is useful for the user, like what
  • by caudron ( 466327 ) on Tuesday August 16, 2005 @08:57AM (#13329822) Homepage
    All I did was write a simple script that cleans out my cookies and cache. I've set it to run daily on logout. Change $user to your username and $profile with your profile string and use it:

    echo "drop firefox cache and history"
    shred -u /home/$user/.mozilla/firefox/$profile/Cache/*
    shred -u /home/$user/.mozilla/firefox/$profile/history.*

    echo "grab all valid firefox cookies"
    cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep slashdot >/home/$user/.mozilla/firefox/$profile/cookiesnew. txt
    cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep mapquest >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt
    cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep mywebgrocer >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt
    cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep news.google >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt
    cat /home/$user/.mozilla/firefox/$profile/cookies.txt |grep netflix >>/home/$user/.mozilla/firefox/$profile/cookiesnew .txt

    echo "get rid of all cookies not explicitly kept above"
    shred -u /home/$user/.mozilla/firefox/$profile/cookies.txt
    mv /home/$user/.mozilla/firefox/$profile/cookiesnew.t xt /home/$user/.mozilla/firefox/$profile/cookies.txt

    echo "done"

    Just add a new line for each cookie that you want kept in the "grab all valid firefox cookies" section just as I did (noting the > vs >> piping).

    I mean, it works for me, at least. Why do I shred instead of rm? Because I'm one of the lunatic fringe that likes the idea of actually deleting files that I tell to be deleted.

    Coupled with Firefox's AdBlock add-on, I'm pretty comfortable with my browsing experience.
  • by Blitzenn ( 554788 ) * on Tuesday August 16, 2005 @09:10AM (#13329915) Homepage Journal
    I feel so sorry for the advertisers, NOT! They can't track my buying habits and see what sites I frequent. Too f'ing bad! If they can't learn to keep stats on their end of the machine (server side), then perhaps they need better programmers and should start paying their own staff better. There is absolutely no need for an advertiser to keep information on MY machine unless they are trying to track me personally. That is over the limit, out of bounds, in my book. Cookies are great for login information and per session information containers as is noted in a number of comments here, but when advertisers abuse them by tracking my personal and cross session information, they create a problem. They made their own bed, now they have to deal with it. I find it hilarious that they are whining about not being able to try individual users and trying to spin it as a bad thing for users for them to lose this ability. They don't need personal/individual information. They can use their server side information just fine.
  • Delete them daily (Score:5, Informative)

    by MobyDisk ( 75490 ) on Tuesday August 16, 2005 @09:10AM (#13329919) Homepage
    Cookies aren't evil. They are just misused, and misunderstood.

    There's nothing wrong with using cookies to prevent me from having to logon to Slashdot 10 times a day. And there is nothing wrong with cookies telling Amazon.com that people who buy Movie X also like to buy Book Y. That is useful anonymous marketing information. I actually LIKE it when Amazon recommends things to me, because they are usually right!

    The problem is when the cookie stays around for days and you never get a login prompt: that's a security problem. Or when marketers build long-term profiles on you, then try to grab identifying information from other sites you use.

    I have Mozilla set to delete cookies every day, which seems to be the best balance. (Firefox unfortunately does not have this option).

    • by vertinox ( 846076 )
      Or when marketers build long-term profiles on you, then try to grab identifying information from other sites you use.

      Look... If a marketer wants to somehow make money off me making posts on /., reading webcomics and looking a pics of whiny cam girls on LJ all day, then more power to him. I just feel sorry for the poor sod who buys the data from him.

  • by OpenGLFan ( 56206 ) on Tuesday August 16, 2005 @10:24AM (#13330554) Homepage
    About once a week or two I'll get a few idle minutes, playing with my laptop while making dinner, and I'll just start opening up cookies and changing the data in there. Not to try to impersonate someone else, but just as every person's duty to scribble nonsense on some moron's database.

    It's fun. It probably doesn't do anything, but it kills a minute or two of time, and it's more fun than "bejewled".

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...