Death of Cookies, Spyware Greatly Exaggerated? 498
securitas writes "The New York Times' Bob Tedeschi interviews several Internet marketing leaders who debate recent reports that Internet users are deleting cookies en masse and causing serious problems for advertisers. Among the interviewed is Eric Peterson, co-author of the Jupiter Research report that claims 39 percent of Internet users delete cookies. Slashdot has recently had stories about this supposed trend in June and July. A shorter version of the article at IHT. Who is telling the truth and who is deleting cookies? Are you?"
Yes (Score:5, Interesting)
Routinely and automatically. I don't need any help in remembering my ID, password, or credit card number, thank you. And I don't want any company tracking my every move on the net just so they can turn around and sell information about my personal habits, whatever those habits may be.
Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.
No, but... (Score:2, Interesting)
I accept cookies from about 10 sites (and yes...slashdot is one of them). And even those get deleted when I close firefox!
When I set up others' computers, I only allow cookies from the orinating website, so that cuts down on cookie retention as well.
No one needs to track me!
--LWM
Re:No, but... (Score:5, Insightful)
i went through a no-cookies allowed period a couple of years ago and i quickly found something out: they're actually useful and in a lot of cases, dare i say it, desireable.
call me lazy but i actually like my login forms prefilled (name only, of course). i like my template preferences recorded. when i go to ecommerce site 'x' i honestly find it convenient to see what i bought on my last trip.
and, above all, i want to be able to maintain sessions on a lot of sites. increasintly, if you don't have cookies, holding a session is impossible (unique id's on the getline are going the way of the dodo) and, increasingly, sites want you to maintain sessions to do anything useful.
Re:No, but... (Score:3, Informative)
well... durr... that's what session cookies are for... doesn't ie support them then??? who really cares, Konq and Firefox do... and that means I'm happy ;)
Re:No, but... (Score:5, Informative)
Get Firefox to turn ALL cookies into session cookies by deleting them "when I close Firefox" in options.
Then make exceptions for the sites you want to track you. I do this for
From the article;
This anticookie fervor also hurts the deleters, she says. For example, cookies help a computer limit how many times the user is exposed to annoying ads like a floating, animated message. Since when should you trust a site not to annoy you with ads, block popups and use Adblock and Flashblock.
"...So cookies are a really good thing for managing the user's experience," she said." If this was true, we'd all be installing adware on our computers to deliver 'interesting relevant and targetted' advertising to enrich our web experiences wouldn't we? Bah!
Re:No, but... (Score:3, Interesting)
You and I have much the same way of dealing with ads. However, the idea is that if you are going to see ads, you should see a different one each time. That way, instead of having one product shoved under your nose over and over, you get one look at a large number of products. This increases the chance that you will find at least one of the ads useful and lowers the chance that you will get so fed u
Re:No, but... (Score:3, Interesting)
Re:No, but... (Score:5, Informative)
For session tracking, cookies are now the standard, but there are other security precautions that can only accomplished by including a unique ID in every form.
Go read up about "session riding" or "cross-site request forgery". For example:
http://shiflett.org/articles/foiling-cross-site-a
See the code sample near the end of the page, under "Force the use of your own HTML forms".
Re:No, but... (Score:3, Interesting)
Block 3rd party cookies and allow the rest and you should have nothing to worry about. Unless you enjoy the paranoia.
Re:Yes (Score:5, Insightful)
Here's a challenge for all the companies (and individuals) out there who think it's perfectly acceptable to track and profit from every personal detail you can get your hands on of the people who interact with you. I'll let you track and profit from everything I do if you let me track and profit from everything you do. Complete discloser in both direction. Anything less is unacceptable.
I think there is an even better solution. The only reason I have a problem with the whole cookies thing is that what is being taken from me has a commercial value. If the people collecting my preferences can sell them to larger companies or profit by them by tailoring product lines and advertising, then money is being exchanged for my opinion.
If money is being exchanged or made from my opinion then the one individual that most deverves some or all of that financial gain is the original owner of the opinion/preference (me). However, through the cookies scheme, I'm the only one not getting paid.
If I own something that has value and someone else takes it and prevents me from profitting myself from it, that is theft, plain and simple. I don't want someone else's prefences in exchange for mine. I want the monetary value of my opinion.
Re:Yes (Score:5, Funny)
Here's your two friggin' cents... Some people, I tell you!
Re:Yes (Score:5, Insightful)
And how do you figure you "own" the information? You visit site X, doesn't the list of people who visit site X belong to site X? Do you "own" the fact that you drive to work every morning at 8am? Do you "own" the fact that I saw you walking your dog in front of my house this morning? Did the traffic reporter steal from you when he reported the congestion you were stuck in? Did the newscaster steal from you when he reprted the headcount of the "Million Moron March"?
You want to block cookies, fine. I'm sure you accept the consequences of your actions, no problems. The the concept that someone who is taking the effort to aggregate the behavior of millions is stealing from you personally is stupidity.
Re:Yes (Score:3, Insightful)
The number of people who visit site $x belongs to site $x. Any identifying information about those people belongs to the individual people who visit the site.
The fact that you saw "someone" walking "a dog" in front of your house this morning is fairly innocuous. Be very careful, though, when you start identifying who, or whose dog.
A good body of privacy law will be based on the notion that any and all identifying information about me, belongs exclusively to me, and my not be used, published, stored or
Re:Yes (Score:5, Interesting)
: The concept that someone who is taking the effort to aggregate the behavior of millions is stealing from you personally is stupidity.
It's just as nonsensical as the concept of advertisers losing money if people delete cookies. Or the concept of losing money on non-sales because of piracy. No money is changing hands, and no goods are stolen. Just business models that reach the end of their useful life.
Re:Yes (Score:4, Insightful)
Yes, you are getting paid. You get to use the website. Unless of course you'd like to pay for each time you click on a hyperlink?
Hosting a large website can be expensive, so I don't really object to SOME advertising / cookies. As long as the information is reasonably harmless to me, and the ads not too intrusive, I consider it fair.
Sounds resonab..wait what? (Score:4, Insightful)
Yet you post it to slashdot for all to see for free. Possibly you've even paid for the privilege.
Re:Yes (Score:2)
Re:Yes (Score:3, Insightful)
As a Slashdot reader who routinely removes all cookies, I don't have a problem with people that delete cookies for whate
Re:Yes (Score:3, Interesting)
Both accepting every cookie (as the marketers would prefer) and blindly deleting them all, (the simplest response) are just too extreme. The sweet spot for me is in the middle.
My cookie file is read-only at the file system level. It has fewer than 10 cookies in it, all of them hand filtered. This effectively makes every other cookie a session-based cookie, without having to to be nagged about it every time.
Each time I come across a site that offers me the opportunity to remember my login, I consider wh
You just.. (Score:3, Funny)
Re:cookie swapping? (Score:5, Interesting)
40% of the market is a problem (Score:3, Interesting)
Re:40% of the market is a problem (Score:3, Interesting)
I don't see any problems, aside from advertising dollars drying up. But that's a moot point considering bandwidth is so cheap and if you want to throw up some kind of large, bandwidth consuming site you can generally run it on donation. That, and anywhere that has a decent product or service seldom needs to advertise it and when they do they don't make the big bright flashy "YOU WON A FREE PIECE-OF-SHIT" bouncing all over the
Not that it would matter, but (Score:2)
Re:Not that it would matter, but (Score:5, Interesting)
Some, like Googles cookie, don't expire for ages!
(Googles cookie implodes some time around January 2039)
Re:Not that it would matter, but (Score:2)
Re:Not that it would matter, but (Score:2)
http://www.google.com/search?q=google+cookie [google.com]
(See result #1)
Firefox has poor cookie management (Score:5, Interesting)
There are some cookie management extensions out there, but for "normal" people to better manage their privacy (or even to realize they have privacy right that they can manage) I'd like to see "prompt always, deny third party" turned on by default, and a cookie toolbar/rightclick option that allows you to accept/decline/delete them. As a matter of fact, that would be a nice option for the Firefox installer: a checkbox that says something like "[ ] Help me manage my privacy rights online." We could debate whether or not it should be on or off by default.
Or, weirder yet, what about something like the infamous Clippy? "Hi, I'm Foxy, and I'm here to help you with online privacy so you don't become a victim of identity theft, or a pawn of corporate marketing strategies!"
I love cookies (Score:5, Funny)
Re:I love cookies (Score:3, Funny)
Re:I love cookies (Score:2)
I, for one, don't bother with cookies anymore (Score:5, Interesting)
Re:I, for one, don't bother with cookies anymore (Score:4, Informative)
To allow new cookies
(when visiting new forums, etc)
- Allow sites to set cookies = on
- Keep cookies = ask me every time (when asked, obviously don't accept the ad cookies, to 99% easily identifiable)
To allow modifications to cookies earlier allowed to be set, and block the rest
(the by far most common and dialog-free setting)
- Allow sites to set cookies = off
^--- This configuration works, because that setting does not disable cookie usage to 100%, but still keep cookies you've allowed before to be both read and modified. You can review which those are later via "View Cookies". I always thought Firefox documented this behavior poorly in the dialog.
If something slipped in by you allowing too much, simply remove the cookies from the whitelist at "View Cookies" in Firefox. Cookies either not listed, or listed as "block" will be blocked by Firefox with "allow sites to set cookies = off", and the others listed as "allow" will always be allowed despite this setting.
Re:I, for one, don't bother with cookies anymore (Score:2)
I usually don't delete cookies ... (Score:5, Interesting)
Does the advertising industry also "lose" money because it cannot track if I am watching their ads on TV?
Re:I usually don't delete cookies ... (Score:2)
Re:I usually don't delete cookies ... (Score:4, Insightful)
It must suck being only able to get 13 basic channels. What kind of antenna are you using?
Yes, this was said with tongue-in-cheek, but if you have any sort of digital cable (or cable television at all for that matter), they know exactly what you're watching, for how long, and what channels you switch to, and at what intervals.
Sure, they might not yet be able to tell when you get up and work on your motorcycle in the garage for 2 hours while the TV is on in the house, but soon enough they'll be able to do that too.
Re:I usually don't delete cookies ... (Score:3, Informative)
The TV doesn't "send anything back", the tuner knows which channel you're tuned to. That signal strength can be detected on the provider's end. Call your analog cable provider and ask them (btw: there is no such thing as "analog" cable, its digital up to the point where your analog converter takes care of it, again, call your cable provider and ask).
Re:I usually don't delete cookies ... (Score:3, Informative)
-matthew
Re:I usually don't delete cookies ... (Score:3, Interesting)
How can they tell if I'm in the kitchen making a sandwich, or in the bathroom... or for that matter, whether I'm even home? I know a lot of people who leave the TV on 24/7 (maybe muted) whether they're even in the same room or not...
For that matter, what if I turn off the TV itself, but don
Cookies (Score:2)
Kewkies good (Score:2)
Re:Kewkies good (Score:3, Insightful)
I also agree with the AC who said that the vast majority of 'average' users don't even know what cookies are, let alone block or delete them.
-Rick
Cookie Monster says... (Score:4, Funny)
Firefox... (Score:2, Informative)
I guess that makes me a bad person.
Adblock (Score:2, Insightful)
The truth of the matter (Score:2)
http://www.msnbc.msn.com/id/7421924/ [msn.com]
I choose (Score:2, Interesting)
Personally, i do. (Score:2, Interesting)
A few months ago this was a different story, seeing about 400MB of cache/cookies taking up around a gig on the hdd because the files were so small changed it; and I dont mind having to re-login to sites every time, it means I am less likely to forget my various passwords!
Delete on exit (Score:2, Insightful)
Anti-Spyware deletes cookies (Score:2, Insightful)
The article is mentions the rise of anti-spyware and how it usually cleans up suspect cookies.
From my experience with average users, clients, co-workers and family, most users have no clue what the anti-spyware is actually doing, they just follow along blindly. Personally I think this a great improvement over the truely clueless who don't practice safe browsing of any sort.
Mangage THIS, yuppie scum! (Score:2, Interesting)
Clueless. Absolutly clueless. This goes straight to the heart of the matter. They can't understand why people don't want their 'experience managed'.
I can manage my own goddamned experience, thanks anyway. Keep your filthy paws offa me.
Re:Mangage THIS, yuppie scum! (Score:3, Interesting)
The majority of their users probably DO want (or don't care about) their "experience managed". They most likely think that the small majority of people who oppose it will go ahead and block the cookies anyway.
I suspect the percentages of people deleting cookies are not people that are actively deleting them because they are worried about their privacy. Its most likely that the cookies are getting caught up in a spyware removal tool.
In short, they are saying: If you don'
Let's put it like this (Score:5, Interesting)
Re:Let's put it like this (Score:2)
Cookieculler (Score:3, Interesting)
Not deleting, but selectively storing (Score:2)
Looking at the content of cookies, which Firefox allows demonstrates some interesting things, like my IP address more often than comfortable. Of course I love the "badly" written sites that try to hand me a PHP or ASP session cookie on the first page of the website. I usually nix those. At
Re:Not deleting, but selectively storing (Score:2)
so what (Score:2)
Besides, there are other ways to track users without cookies. Or at least, most users don't use anonymous proxies anyway.
Adaware (Score:2)
This is caused by Helpdesk. (Score:3, Informative)
Not regularly, can I report that as a bug? (Score:2)
I wish I wanted to waste that time, but I can't. I recently deleted them.
What we REALLY need is anti-advercookie features in our browsers, preferably Firefox, so we don't need to delete the advertising, we can have the software do it. Think of it like modern anti-virus, but it scans and removes ad cookies. Oh sure, accept it for a session, but when the session ends, the cookie is deleted automatically
Advertising / unwanted cookies only. Slashdot cookies must stay.
Periodically (Score:2)
I tried selectively allowing cookies (making liberal use of the "always accept from this site" and "always deny from this site" buttons), but it was a pain, and
My cookie settings (Score:2)
I have to re-enter passwords when I restart my browser—but that's what password manager is for.
Re:My cookie settings (Score:2)
adware removers (Score:2)
Personally, I leave them accepted. I don't give a crap if some database somewhere infers what my computer has been browsing.
I use Opera, which doesn't normally have it's cookies infiltrated by xoftspy and ad-aware.
But Opera kicks ass anyway.
In Soviet Russia (Score:2, Redundant)
My Cookie Usage (Score:2)
Session cookies are a great way for websites to track authenticated users (better than the HTTP authentication mechanisms, anyway). Other than that, cookies are mostly used in ways I don't want them to be used:
- Remembering authentication information. No thanks. If I wanted that, I'd get some software that remembered authentication information.
- Remembering preferences. Better stored on the server side in almost all cases, IMO.
- The privacy-inv
Cookies (Score:2)
No, because it's too much time and effort, I can't be arsed and a whole bunch of sites will randomly break and I'll have to remember all the usernames/passwords and configuration settings again. So i'd have to be selective about what I delete to ensure that doesn't happen and then you get a whole list of ones you need to keep or you accept/deny them when you go to a site and ... sorry ... but thats just too much like hard work and paranoia to m
Magazine, Radio, TV, Roadside, Word of Mouth.. (Score:2)
So why are these babies crying about the users finally being impowered and taking things into our own hands? Did they assume that we would never catch on? I guess we should remain blind and stupid consumers eh? Now where is my Food Lion MVP card?
Re:Magazine, Radio, TV, Roadside, Word of Mouth.. (Score:2)
What? This hole must be plugged! We must immediatly:
Keep what I want, ignore what I don't (Score:2)
If I want/don't mind a cookie, I accept it, if not buh-buh cookie (webtrends, ads, anything that allows the page to render (thus has come from an image/ad), etc -> bit bucket)
I have also done this for the machine my brother and mum use, and attempted to teach them why (although I don't know if they've turned it off).
Flash shared objects (Score:2)
So they're still screwed.
Does anyone know of a spyware removal program that kills shared object files?
Re:Flash shared objects (Score:2)
Does anyone know of a spyware removal program that kills shared object files?
not a program per say, but this [yardley.ca] works great as a Firefox extension, works on all the main platforms too.
The author states the reason such an extension exists and provides links to marketeers bragging about how they can beat cookie deleters by using the capability, of course if you combine this extension with the Flashblock extension [mozilla.org] they rarely get the chance to abuse the localstore
Re:Flash shared objects (Score:2)
What about editing cookies? (Score:2)
I'm surprised there aren't more news stories of exploits based on mal-formed/overflowed cookie strings. But maybe there are exploits out there and the sites are too embarrassed to admit they were hacked with their own cookies.
Anyone NOT deleting their cookies? (Score:5, Insightful)
Anyone just not give a damn? I mean, everyone's up in arms about privacy, and these lofty ideals of how it should be protected, etc. Just come out and say it. You don't want anyone else to see what porn sites you've been to.
Personally, I don't care about cookies. I don't have many illusions of privacy to begin with. I'm just non-egotistical enough to know that no one really cares about what sites I go to, as an individual.
They want to track my usage and habits? Fine. Throw me in a demographic, and call it a day. Use me as a statistic. Whatever.
Is everyone here paranoid, or do I have any fellow compatriots in the nation of apathy?
Re:Anyone NOT deleting their cookies? (Score:5, Funny)
You do, but they're all to apathetic to bother replying...
Firefox question (Score:2)
I hope this doesn't get lost in the comments...
What ever happened to that very useful "Allow Cookies From This Site" menu item in Firefox? I leave cookies disabled by default, but when I get to a site that simply wont work without them, I liked having a quick way to go enable them for the site.
Now I have to go all through the preferences dialog, find the site in that long Allow/Block list and change it to Allow. Very annoying.
Is there a quick (two clicks max) way to turn on/off cookies for whatever is the
Firefox (Score:2)
-
Cookies are overused and meaningless (Score:2)
Never (Score:2)
A new set of diapers please (Score:2)
Heh.
We were doing just fine before the advent of the cookie and malware. Now don't get me wrong, certain cookies are nice to have around to remember your preferences for newegg and slashdot. But we can do without the malware business, that's for sure.
We have one perfect marketing method that predates even the printed word: That's Word of Mouth. These days we got our forums, blogs and IM's to distribute news of how good or bad a produ
No, I don't delete them - they never get created (Score:2)
So the sites that get hit the hardest by this are the sites that, by default, attempt to set a cookie whenever you visit the site. I take the attitude of "You shouldn't need a cookie for routine viewing, so buh-bye!".
Now, sites like
Good cookies and bad cookies (Score:2, Informative)
What's always left out in these discussions is the differentiation between good cookies and tracking cookies (especially long-lasting session ids). See also cookies(5) [freshmeat.net]. Lack of user education and bayesian cookie filters in browsers IMO.
/me crosses fingers (Score:2)
I for one, kind folks pray it hasn't been.
D wah wah wah.. imagine users exercising thier rights.. wah wah wah.. :)
Knee-Jerk Reaction (Score:2)
A simple way to do automated cleanup (Score:3, Interesting)
echo "drop firefox cache and history"
shred -u
shred -u
echo "grab all valid firefox cookies"
cat
cat
cat
cat
cat
echo "get rid of all cookies not explicitly kept above"
shred -u
mv
echo "done"
Just add a new line for each cookie that you want kept in the "grab all valid firefox cookies" section just as I did (noting the > vs >> piping).
I mean, it works for me, at least. Why do I shred instead of rm? Because I'm one of the lunatic fringe that likes the idea of actually deleting files that I tell to be deleted.
Coupled with Firefox's AdBlock add-on, I'm pretty comfortable with my browsing experience.
Poor, poor advertisers (Score:3, Insightful)
Delete them daily (Score:5, Informative)
There's nothing wrong with using cookies to prevent me from having to logon to Slashdot 10 times a day. And there is nothing wrong with cookies telling Amazon.com that people who buy Movie X also like to buy Book Y. That is useful anonymous marketing information. I actually LIKE it when Amazon recommends things to me, because they are usually right!
The problem is when the cookie stays around for days and you never get a login prompt: that's a security problem. Or when marketers build long-term profiles on you, then try to grab identifying information from other sites you use.
I have Mozilla set to delete cookies every day, which seems to be the best balance. (Firefox unfortunately does not have this option).
Re:Delete them daily (Score:3, Insightful)
Look... If a marketer wants to somehow make money off me making posts on
Delete 'em? Nope, I poison 'em! (Score:5, Funny)
It's fun. It probably doesn't do anything, but it kills a minute or two of time, and it's more fun than "bejewled".
Re:Purge the evil (Score:4, Informative)
Re:Purge the evil (Score:2)
Thing is, I'll have firefox open for days at a time sometimes. They should probably add an option in addition to the existing 'Keep cookies: until I close Firefox' along the lines of 'until I close Firefox, or [XX] hours. Whichever comes first.'
That way, I could set it for 4 hours to allow hassle free session management - but not have tracking cookies hanging out if I happen to leave my browser open for a week.
Re:Purge the evil (Score:3, Interesting)
Re:Legit sites getting hit in crossfire (Score:2)
Re:Legit sites getting hit in crossfire (Score:2)
As a web developer, I'll call bull-puckey on this.
Every developer working in the online industry by now knows that cookies are, at best, an unreliable solution to solving the statelessness of the web. Why would you encourage anyone to keep cookies on their systems, knowing that a large segment of the online community is going to put those cookies to unethical use? Because "legit" sites will get caught in the crossfire? No. Legit sites should design a strat
Re:I don't (Score:2)
What kind of porn sites are you looking at?
Re:what cookies? (Score:2)
Re:Tough luck for advertisers (Score:3, Informative)