Cookie 相关
earlyfly
on the Web is formatted in a general, uniform format called HTML
(Hypertext Markup Language), and all information requests and
responses conform to a similarly standard protocol. When someone
accesses a server on the Web, such as the Library of Congress, the
user's Web browser will send an information request to the Library of
Congress' computer. This computer is called a Web server. The Web
server will respond to the request by transmitting the desired
information to the user's computer. There, the user's browser will
display the received information on the user's screen.
Cookies are pieces of information generated by a Web server and stored
in the user's computer, ready for future access. Cookies are embedded
in the HTML information flowing back and forth between the user's
computer and the servers. Cookies were implemented to allow user-side
customization of Web information. For example, cookies are used to
personalize Web search engines, to allow users to participate in WWW-
wide contests (but only once!), and to store shopping lists of items a
user has selected while browsing through a virtual shopping mall.
Essentially, cookies make use of user-specific information transmitted
by the Web server onto the user's computer so that the information
might be available for later access by itself or other servers. In
most cases, not only does the storage of personal information into a
cookie go unnoticed, so does access to it. Web servers automatically
gain access to relevant cookies whenever the user establishes a
connection to them, usually in the form of Web requests.
Cookies are based on a two-stage process. First the cookie is stored
in the user's computer without their consent or knowledge. For
example, with customizable Web search engines like My Yahoo!, a user
selects categories of interest from the Web page. The Web server then
creates a specific cookie, which is essentially a tagged string of
text containing the user's preferences, and it transmits this cookie
to the user's computer. The user's Web browser, if cookie-savvy,
receives the cookie and stores it in a special file called a cookie
list. This happens without any notification or user consent. As a
result, personal information (in this case the user's category
preferences) is formatted by the Web server, transmitted, and saved by
the user's computer.
During the second stage, the cookie is clandestinely and automatically
transferred from the user's machine to a Web server. Whenever a user
directs her Web browser to display a certain Web page from the server,
the browser will, without the user's knowledge, transmit the cookie
containing personal information to the Web server.
earlyfly
Using Find File, look for a file called cookies.txt (or MagicCookie if
you have a Mac machine). Using a text editor, open the file and take a
look. If you've been doing any browsing, the odds are about 80/20 that
you'll find a cookie in there from someone called "doubleclick.net".
If you're like me, you never went to a site called "doubleclick". So
how did they give you a cookie? After all, the idea of the cookie,
according to the specs published by Netscape, is to make a more
efficient connection between the server the delivers the cookie and
the client machine which receives it. But we have never connected to
"doubleclick".
Close MagicCookie, connect to the Internet, and jump to www.doubleclick.net
Read all about how they are going to make money giving us cookies we
don't know about, collecting data on all World Wide Web users, and
delivering targeted REAL TIME marketing based on our cookies and our
profiles. Pay special attention to the information at:advertising/
howads.htm You'll see that the folks at "doubleclick" make the point
that this entire transaction (between their server and your machine)
is transparent to the user. In plain English, that means you'll never
know what hit you. So what's happening is, subscribers to the
doubleclick service put a "cookie request" on their home page for the
DoubleClick Cookie.
When you hit such a site, it requests the cookie and take a look to
see who you are, and any other information in your cookie file. It
then sends a request to "doubleclick" with your ID, requesting all
available marketing information about you. (They're very coy about
where this information comes from, but it seems clear that at least
some of it comes from your record of hitting "doubleclick" enabled
sites.) You then receive specially targetted marketing banners from
the site. In other words, if Helmut Newton and I log on to the same
site at the exact same time, I'll see ads for wetsuits and
basketballs, and Helmut will see ads for cameras. If you log in to a
"doubleclick" enabled site, and it sends a request for your
"doubleclick" cookie, and you don't have one, why each and every one
of those sites will hand you a "doubleclick" cookie. Neat, huh? And
you can bet they're going to be rolling in the cookie dough.
The main concern is that all this is done without anyone's knowledge.
Some people may find the gathering of any information invasive to
their privacy, but to the average level headed personal, the use of
this information is harmless in itself as long as you know the
limitations of these networks, who is collecting what information and
for what purpose. On the other hand, what right should anyone have to
collect information about me without my knowledge, and why should they
break my right to privacy, you have to find the right balance between
these views. One of the main issues is awareness.
So much for making the "client-server negotiation more efficient",
whatever your view on tracking, the cookie protocol has certainly been
manipulated for this use, against its original intent. Note that
recent versions of Netscape have an option to show an alert before
accepting a cookie and they also allow you to block cookies
completely, see the Version 4 update and the Stopping Cookies page for
more detailed information.
This is what other surfers did to work around Cookies
A suggested way to handle this was to delete the file and then replace
it with a write-protected, zero-length file of the same name. It's not
my suggestion (and I don't remember who did suggested it) but I did
that on my system and that same zero-length, write protected file is
still there. I surf to literally hundreds of WWW pages per month and
if any of them handed me a "cookie", it sure didn't take. I can't
provide a guarantee that this will prevent someone from handing you a
"cookie" but if they do it will be very obvious by the non-zero length
file size.
In Internet Explorer
Actually, if you want to keep cookies but want rid of the double-click
place and other future invasions in the future, try this: Internet
Explorer 3.0 no longer has a single cookies.txt it has a folder in the
windows directory with lots of individual txt file inside. Find the
double-click one and corrupt it so that double-click recognizes and
doesn't replace it but it gives it no information. Then lock the
file.
In Netscape
I have found a way to protect myself from the "Cookie Monster". My
cookies.txt and netscape.hst files are set to 0 (zero) bytes and are
attributed as system, hidden, and read only. This seems to work very
well in Netscape Navigator 2.02 (32 bit). You can do the same thing,
if you choose. There seems to be a slight problem in some of the sites
that will allow you to configure them to your preferences, but I'll
trade security for convenience any day. I use an app from Privnet
called Internet Fast Forward. It will block out cookies (you can also
filter them selectively... let certain cookies for site preferences
through, block all others), ad images, images larger than a certain
size in KB, images that you select. It's currently in beta, but is a
very good app.