Re: LYNX-DEV quote.yahoo.com, and cookies in general

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV quote.yahoo.com, and cookies in general

From:	Foteos Macrides
Subject:	Re: LYNX-DEV quote.yahoo.com, and cookies in general
Date:	Tue, 02 Dec 1997 19:06:29 -0500 (EST)

Matt Ackeret <address@hidden> wrote to me instead of lynx-dev:
>On Tue, 2 Dec 1997, Foteos Macrides wrote:
>>      Interestingly enough, not a single participant in this thread
>>has used TRACE mode to see what Lynx reports to help you understand the
>>"problem" (Siiigh..  something's strange here, that even long-time
>>lynx-dev regulars have not yet learned to do that).
>
>I forgot about that, but thought I probably wouldn't understand it since
>I'm not an HTML guru.

        That comment wasn't directed to you, but to the long-time
lynx-dev regulars (at least, I don't recognize you as one :), who
were leading you around in circles with misinformation.  You're
dogged quest for valid information, and willingness to expend time
and energy actually checking out (mis)information you obtained,
is the image of Lynx users I had in my mind's eye when I was an
active Lynx developer.

        I'm CCing this to lynx-dev, because I prefer that all
discussion about Lynx in which I participate be archived, and
please send any followup there, rather than as private email
to me.

 
>>based on this in all of the IETF cookie drafts and RFC, e.g., from
>>the current draft:
>>
>>[...]
>>4.3.2  Rejecting Cookies  To prevent possible security or privacy
>>violations, a user agent rejects a cookie (shall not store its
>>information) if any of the following is true of the attributes
>>explicitly present in the Set-Cookie2 response header:
>>[...]
>>   * The request-host is a HDN (not IP address) and has the form HD,
>>     where D is the value of the Domain attribute, and H is a string
>>     that contains one or more dots.
>>[...]
>>Examples:
>>
>>   * A Set-Cookie2 from request-host y.x.foo.com for Domain=.foo.com
>>     would be rejected, because H is y.x and contains a dot.
>>[...]
>>
>>
>>      The H in this case is "edit.my", and contains a dot.
>
>So whose fault is this?  Is this Yahoo's fault?  Should it be reported to them?
>
>THANKS FOR THE useful info!!

        I'm not sure it's an issue of "fault", rather than "values".  I've
modified that section in LYCookie.c so that Lynx now prompts you whether
or not to accept such cookies, rather than rejecting them silently (plus
a prompt string definition in LYMessages_en.h)  The mods are in lynx271f.zip
accessible (probably until a few days before Christmas) in:

        http://www.slcc.edu/lynx/fote/patches/
and:    gopher://gopher.wfbr.edu/11/_fileserv/_lynx

You can swap the mods into any version of Lynx with cookie support, if you
have any C programming skill and want to try it.  They will allow you to
register, and proceed with a stateful session.  One the cookies codes your
username and password.  If it isn't available for a future Lynx session,
the yahoo cover page lets you login explicitly, which will get you a new
set of cookies for that session. 

        You also could just #ifdef NOTDEFINED out that section, and
get past the security/privacy filter silently, but I don't advise you
to do that.  Yahoo is one of the sites which derive revenue via
sale of information about you to firms such as DoubleClick, which
uses that information for "targetted" advertising via rotating
banners whenever you access Web pages.  In the course of "registering"
at yahoo, you are roped into providing your name, email address, sex,
age, and employment category.  You are also passed cookies (including
the invalid ones by IETF standards) so that you can be tracked when
accessing *any* yahoo pages, and your visits and searches correlated
with that personal information.  Other sites which rope you into
providing personal information also may sell it to, e.g., DoubleClick,
which can then try to cross-correlate for, from their perspective,
yet more "effective" targetted advertizing.  But in effect, you now
have a "hidden camera" (a.k.a., Big Brother) focussed on you as you
surf the Web.  So beware, and be smart, about the candy that the
kindly folks as sites like yahoo offer you.   One way to be smart
is to give misinformation in those "registrations", and different
misinformation at different sites (but they still might outsmart
you, in one way or another :).

                                Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================

[Prev in Thread]

Current Thread

[Next in Thread]

Re: LYNX-DEV quote.yahoo.com, and cookies in general, Marcus, 1997/11/30
- Re: LYNX-DEV quote.yahoo.com, and cookies in general, Larry W. Virden, x2487, 1997/12/01
  - Re: LYNX-DEV quote.yahoo.com, and cookies in general, Marcus, 1997/12/01
    - Re: LYNX-DEV quote.yahoo.com, and cookies in general, Matt Ackeret, 1997/12/01
- Re: LYNX-DEV quote.yahoo.com, and cookies in general, Foteos Macrides, 1997/12/02
  - Re: LYNX-DEV quote.yahoo.com, and cookies in general, David Woolley, 1997/12/04
- Re: LYNX-DEV quote.yahoo.com, and cookies in general, Foteos Macrides <=

Prev by Date: Re: LYNX-DEV quote.yahoo.com, and cookies in general
Next by Date: LYNX-DEV O(w)nerous question
Previous by thread: Re: LYNX-DEV quote.yahoo.com, and cookies in general
Next by thread: Re: LYNX-DEV proxy and 'z'apped transfer
Index(es):
- Date
- Thread