Moderators: [This is much more appropriate for the vuln-dev or privacy arena, so I am cross-posting to move it in that direction.] > -----Original Message----- > From: Continental Technologies, Inc. [mailto:ctincat_private] > Sent: Monday, November 12, 2001 1:56 PM > > Many firewalls already monitor cookie information allow you > to build an exemption list on the fly. That is, if you don't > mind the constant nagging of the accept/reject mechanism. > > Regards, > > Steven Kadesch > I guess my line of thought was more of a disclosure issue with known offenders. I am familiar with several "cookie blocking" mechanisms but this still begs for a centralized disclosure solution. Web-bugs are of course more destructive or intrusive rather, but my concern is with "popular" sites that may be collecting too much information on ALL visitors to their sites, and using IE "funstionality" to do so. A list of this sort would create a sense (somewhat) of fear in the offenders, as their name is mentioned in a negative light. Raised awareness of their intrusive nature may cause them to reevaluate their need for personal information such as SSN and CC's and weigh it against negative publicity. This may lead to their removing these "personal" portions of their cookies thus returning to a purely functional use. (pipedream?) With w3c and XML developments expanding in the near future, the meta-data should include DETAILED information on cookies and such being issued when a site is served. Who knows, that may be the solution to this disclosure issue, but in the meantime perhaps a simple blacklist is in order. Oliver P. Computer Security Specialist (IC) Near DC...
This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 14:51:32 PST