Cookies don't behave that way. They are not a security risk. They
only allow websites to lookup data which was already sent you from
the same site. Your example simply doesn't work.
On Amazon, when I log in, they send me a cookie with an ID string.
When the page loads, they get back that ID string and nothing more.
They use that ID string to lookup my information from their existing
database - data I provided them when I created my account - and get
my name Thom McGrath. Web browsers do not and generally cannot
provide personal information to web sites.
Cookies are very, very, very, very, very rarely a security risk. I
can't even provide personal information to Amazon, and have site x
look it up later.
The reason cookies are believed to be a security risk is simple. They
are typically stored in a text file on your computer. It is very easy
for a malicious program to look up your Amazon cookies and use that
to log in. But Amazon, and most sites, are not stupid enough to allow
this to actually work. It was an easy trick years ago, which is why
cookies got a bad rap, but these days it would be pointless.
I cannot stress this enough: Cookies themselves are in no way a
security risk.
Amazon affiliates know who I am because of that Amazon cookie, but
the page itself does not get access to the cookie. Only amazon's site
does. This works using iframes, where the amazon page is actually
loaded separately and included inline with the page. The website
you're visiting *never* actually gets the data loaded by that
"donate" box or whatever it may be. It's almost identical to opening
a separate browser window, removing the toolbars, and positioning it
in place.
--
Thom McGrath, <http://www.thezaz.com/>
"You don't need eyes to see, you need vision" - Maxi Jazz in
"Reverence" by Faithless
On Apr 29, 2007, at 8:56 PM, Andy Dent wrote:
> nope, it can be done through cookies.
>
> not sure of entire details but something along the lines of
> - site X sets cookie GotchaMate, being part of a group that harvests
> email addresses
> - site Y sees you have cookie GotchaMate, uses it to index your
> details from group database
>
> There are probably more subtle variations on the theme.
>
> Amazon affiliates use something similar but in their case will have a
> "how do I know you're Thom McGrath button?" visible.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives:
<http://support.realsoftware.com/listarchives/lists.html>
|