Fog Creek Software
Discussion Board




Dvorak on cookies

From a semi-recent John C. Dvorak column:

"Who ever thought that browser cookies were a good idea? I'm not even sure they're legal: I was under the impression that hacking was against the law. The last time I ran Ad-aware on my machine, it turned up 54 processes sending marketing data (and who knows what else) to various companies. I didn't give anyone permission to do this. Shame on companies—all of them—that insist on using cookies and demand that users allow them before they can access a site. You can be certain that when the Big One hits, cookies will somehow be involved."

...I'm ashamed to admit that I ever thought this guy was intelligent.

Sam Livingston-Gray
Saturday, February 28, 2004

This guy is smart alright but he appears to know nothing about coding or alike and sometimes he simply pops really weird sentences when programming reasons might be involved.

I have also heard him saying that the whole .NET Framework thing is just another stupid move of MS that stresses good ol' VB programmers for nothing (or something along this line anyway)

Cristian Cheran
Saturday, February 28, 2004

If you don't use cookies, users will be required to create an account on the server, and log on every time before they can use the site. Mmm...

Fred
Saturday, February 28, 2004

He missed his own point. By going to a site with cookies on, he _did_ agree to let them.  And it was not the cookies that created the spyware, but that may go to the reason the original poster questions his intelligence...

Anonanonanon
Saturday, February 28, 2004

Of course the real blame in all of this really goes to AdAware (i.e. LavaSoft) -- A "tracking cookie" (which is just a cookie from a defined list of "bad people" like Doubleclick) is treated with the same seriousness as a spyware trojan, so it's a bit understandable that the somewhat naive Dvorak was misled.

Dennis Forbes
Saturday, February 28, 2004

My hunch is most spyware is authorized by users. When was the last time you actually read through to the end, word for word, a EULA that was required to finish installing some freeware app? Most spyware scrubbers even remind users "wiping out the following processes may violate the EULA of some other app and cause it to stop operating correctly"

Like spam, most of the solution is already in the hands of the end user: the ridiculously, obscenely prosaic RTFM

seth
Saturday, February 28, 2004

EULA makes it OK? What a load of crap.

I'll support that position when you have to write your EULA in one paragraph of English a non-lawyer can understand.

How about "This program will install spyware and fuck up your system!"

As has been said elsewhere here, "But our sales would plummet" is precisely the reason it SHOULD be mandatory.

Sum Dum Gai
Sunday, February 29, 2004

A single sentence,'Crunchy Frog protocol applies.'

Simon Lucy
Sunday, February 29, 2004

----" A "tracking cookie" (which is just a cookie from a defined list of "bad people" like Doubleclick) is treated with the same seriousness as a spyware trojan,"-------

A tracking cookie is the same a spyware Trojan. It let's the advertiser know which web sites you visit.  Mozilla and IE6 let you disable cookies from third party websites, but it is a clear abuse to have tracking cookes in the first place.

There are sites that work perfectly without cookes; I have them disabled for this site, and have no problems.  Per-session cookies should be the most that is needed for all sites. Persistent cookies should be an option.

Stephen Jones
Sunday, February 29, 2004

The third parties cookies thing doesn't work for Doubleclick. Since Doubleclick opens inside a frame, they're first party links for Doubleclick.

Doubleclick then tracks what sites in their network you visit. Once you create an ID at one, wham - they've got you. Your name, address, and sites you visit.

Once again I'll relate the story of my sister browsing maternity sites and getting maternity ads when she logged on to her Yahoo mail.

So while these cookies can't execute code, they can in a very real sense send back information about you from your preferences to your mailing address.

I've been successfully blocking most of them by editing my Hosts file with known offenders. Various versions of the hosts file can be found online.

www.MarkTAW.com
Sunday, February 29, 2004

Oh, and I browse with Firebird which I've set to purge all cookies on exit. I use IE for sites like this where I want to have cookies & a history.

www.MarkTAW.com
Sunday, February 29, 2004

If you add lines like the following

127.0.0.1        ad.doubleclick.net

to your 'hosts' file, they'll never load because doubleclick isn't hosted on 127.0.0.1 (your localhost). You get a few 'file not found' messages in your pages which beats seeing ad crap all over the place.

Interaction Architect
Sunday, February 29, 2004

You can download a pre-built Hosts file with exceptions from http://accs-net.com/hosts/

John Topley (www.johntopley.com)
Monday, March 01, 2004

"EULA makes it OK? What a load of crap"

Talk about a load of crap: "I didn't read the contract I signed so I'm not legally bound by its content."

If you sign a contract your understanding of said contract is implied. If you don't understand a contract don't sign the damn thing!!

seth
Monday, March 01, 2004

Perhaps my experience is atypical, but I have never signed a EULA.

Zahid
Tuesday, March 02, 2004

Well Zahid, this is your lucky day; consider your ignorance abolished.

If, while installing some software on your computer, a dialog box appears on your screen asking if you agree to the terms of an End User License Agreement (in my experience always immediately available for reading) and you click the OK/Yes/I Agree button you have just signed a contract agreeing to the terms of the EULA. If you don't agree to the terms of the EULA (i.e. you choose not to click the 'I Agree' button) the software won't install so by fact of the software having been installed it can be shown that you agreed to the terms of the EULA.

A signature is not limited to scribbling one's name onto a piece of paper.

seth
Tuesday, March 02, 2004

Dear seth,
                Do you seriously tnink anybody will return you the money for the software because you claimed you didn't sign the EULA. Get real!

Stephen Jones
Tuesday, March 02, 2004

Seth says, "A signature is not limited to scribbling one's name onto a piece of paper."

Of course it is limited to that.  It's absurd to think that clicking on a dialog box button can make an individual contractually obligated to follow whatever the software maker says you have to do.

Considering a six year old child can click on an "I Agree" button just as well as a sixty year old, such "contracts" are obviously void.  Contracts signed by minors must also be cosigned by at least one adult.  Since a child can easily circumvent this requirement of legal contracts, EULA's are essential null and void.

tether
Tuesday, March 02, 2004

Stephen - probably not but, if I had had that type of experience I would question every other offer of software.

I've never had the experience of spyware being attached to spyware. I got hit with a bunch of spy ware after loading some shareware. I ran some scrubbing software and while it was doing its thing I read the vendor's website and it was there I found out about the EULA agreement trick. I started reading EULAs after that.

seth
Tuesday, March 02, 2004

tether -

the details are still being hammered out in the courts but digital signatures are quickly becoming accepted in the courts. like it or not - clicking on a button IS in fact an agreement. mentioning the fact that a six year old can also click on a button is a juvenille diversion. if your hypothetical toddler runs up your phone bill do you think the phone company will let you off the hook? (sorry - bad pun)

All I'm saying is we have a lot of power right now and being proactive is better than playing the victim card.

seth
Tuesday, March 02, 2004

In the case of the misbehaving toddler, the parents have already signed a real, pen-to-paper contract saying that they're responsible for all calls made with the phone.  Here, the phone company receives an actual piece of paper with a real signature on it to this effect.  Believe me, if a toddler signed a contract with the phone company without parental permission, the contract would be null and void.  It's tough luck for the phone company, but they should know better than to enter into agreements with infants.

Not so with software licenses.  EULA's are unbelievably silly concepts because the software maker isn't even usually notified that a user "signed" anything!  How does that even make sense?  Imagine a user installing Microsoft Bob on a computer and that the user "agrees" to some dialog box with a license in it.  Bizarrely, Microsoft is never notified that such an agreement ever took place.

So, what are users doing when they click "I Agree" on a EULA dialog box?  They're doing nothing other than to cause the installer program to increment an instruction pointer somewhere.  Microsoft never receives confirmation that a user clicked anything.  How can the concept of a "contract" make sense when the issuer of the contract never receives the contract back?  Essentially, EULA's are based on the honor system .  To call them "contracts" is disingenuous at best.

tether
Wednesday, March 03, 2004

Here's something for you:

http://www.privoxy.org/

Crunches cookies, zaps ads, works wonders. Seriously. Wouldn't leave localhost without it.

Jonas B.
Wednesday, March 03, 2004

*  Recent Topics

*  Fog Creek Home