New Web Code - HTML 5 - Super Cookies

13 replies
  • OFF TOPIC
  • |
http://www.nytimes.com/2010/10/11/bu...me&ref=general


Very interesting but also another reason to be concerned about privacy and security. Although this is being tauted as a boon for marketers, I sure hope there is going to be some restraints.

(Last night Dateline had a show on websites that sell stolen Identity Information and how only 1% are ever caught or prosecuted - and it took only about 15 minutes from sale to wipe out an account balance from all over the globe.)

Soooooo, it wasn't a good day for me to read this article.
  • Profile picture of the author HeySal
    Pat - google "better privacy LSO remover" I can't remember where I got it - but I believe it's a firefox add on. It downloaded into my tools file at any rate. It will delete LSOs - a.k.a. Super Cookies off your machine when you close your browser or when you activate it from the tools file.

    BTW -- some lawsuits are pending on this as a privacy invasion so those who want to put super cookies on your machine might want to watch out - Better Privacy keeps a list of what they delete so if someone tries to hold someone hostage secretly, they can be found out at a click and turned into authorities.

    Now make my day and tell me I just made someone feel better.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[2713559].message }}
  • Profile picture of the author seasoned
    WOW, they speak about a new language that can reach outside of the processing area and space that it was INTENTIONALLY limited to originally. If true, it is unconscionable. Frankly, it has too much power NOW!

    Steve
    {{ DiscussionBoard.errors[2713631].message }}
  • Profile picture of the author Patrician
    Well Sal, thanks but the version isn't even here yet so I do not see how they have a tool to combat it. Maybe in it's current incarnation (HTML 4)

    "In the next few years, a powerful new suite of capabilities will become available to Web developers..."

    - From what the article says browsers will be powerless more or less at least at this point and hopefully they will think of something by the time the 'cookie crumbles'...

    " Even the most proficient software engineers and developers acknowledge that deleting that data is tricky and may require multiple steps."
    Signature
    {{ DiscussionBoard.errors[2713842].message }}
  • Profile picture of the author HeySal
    Well, if people don't want to listen to me, then maybe MajorGeeks.com will be more to your believability. MajorGeeks recommends Better Privacy to remove LSO's -- and yes - they are already out there and invading hard drives.

    LSO cookies - MajorGeeks Support Forums

    so while you are all still talking about the possibilities, I will probably be clearing my browser/hard drive of LSO cookies.

    And it IS a firefox add on.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[2713948].message }}
  • Profile picture of the author Patrician
    As I said Sal - these tools you are using are for the current version of HTML and what exists now - The article is talking about something that is coming in the next few years when they roll out the new language.

    I use all the tools available and am really careful - I have never had a virus so far or any identify theft except from a walk-in store. So I must be doing something right - especially since I do high-risk behavior in my work for my client.

    I hope most people would be aware of the common tools that are available and use them diligently.
    Signature
    {{ DiscussionBoard.errors[2716812].message }}
  • Profile picture of the author seasoned
    Patrician,

    Maybe the article is mistaken. The software heysal is talking about deals with DOM storage and speaks a lot about tricks using flash to use it. THAT makes sense, because of LONG flash programs, page navigation, games, etc... It PROBABLY uses the registry, and/or the flash directory and, as such, is kind of hidden.

    Your article also talks about LARGE cookies like they are something special. Ever see CLICKBANK'S cookie!?!?!? It can be HUGE! I wonder when they are going to redo their design, because it can't go like that FOREVER! Eventually, if they do a lot of business, they may start losing info, or people will complain that it is slow.

    Steve
    {{ DiscussionBoard.errors[2716847].message }}
  • Profile picture of the author Patrician
    The issue I believe with the Super Cookie in HTML 5 - is that it stores the data in several places and that is why it is believed several steps would be needed to clear it as well as BLOCK IT (OPT OUT).

    Like who doesn't know about the tools that we already have - and it does in fact mention that BROWSERS are not going to be able to handle it the same way - unless they think of something in time.

    ... and by the way identity theft is rampant - WITH THE TOOLS WE HAVE NOW. We need to do something DIFFERENT.

    I know we are all hostage to whatever the technology is right now for right now. The point to this is that if they are going to EXPAND the possibilities for our privacy and identity being compromised then they need to be RESPONSIBLE for making it more BULLET PROOF.

    again - HTML 5 IS NOT EVEN LAUNCHED YET - SO WE HAVE NOT SEEN IT.


    and by the way as far as FireFox - I have some of the security turned OFF - it is a huge NAG and I would rather be a little vulnerable than be NAGGED every time I click a link. (why I use both FF and Chrome). I have plenty of other security that actually allows me to function.
    Signature
    {{ DiscussionBoard.errors[2716893].message }}
  • Profile picture of the author seasoned
    patrician,

    The standard browser tools deal ONLY with the browser directory, NO other directories, and not the registry. So they fail even with the DOM model heysal is referring to. I REALLY hope your article is wrong. HTML is supposed to be SAFE! javascript is supposed to be fairly SAFE! Changing that attribute is STUPID! Of course, it has been done before! Look at M/S active X and the DOM! But at least THOSE gave us ***SOMETHING***!

    Steve
    {{ DiscussionBoard.errors[2716953].message }}
  • Profile picture of the author Patrician
    Yes Steve - that is exactly the point I am making - both that your simple simon tools that browsers have are only somewhat effectual - and even now we are vulnerable. It will just get worse the more "ability" they give us to track-

    Even right now with Chrome I can login to someone's host server at 9:am to test access -- and as long as I don't shut down Chrome, 8 hours later I get back in with no username and password to install their websites - just the control panel link or IP.

    Fast forward to some snarky 'cyber cafe' where joe dumb does his banking, Yo? Or checks Paypal? Lots of nightmare scenarios when something is going to save cookies for weeks at a chunk IN SEVERAL DIFFERENT PLACES OTHER THAN THE BROWSER.

    (although at least some apps don't let you use the BROWSER back arrow once you log out - even that in some cases could be a disaster - and Chrome has the ugliest back arrow of all - they cache everything but that!!! (you can only go back so far).

    The only person who can't learn something is the one who thinks they know everything.

    Me, I will continue learning because I know I don't know everything.

    So far so good.
    Signature
    {{ DiscussionBoard.errors[2717014].message }}
  • Profile picture of the author seasoned
    Patrician,

    People ask me if I know unix, etc... and I have to ask them what do they want. It changes like every day. I practically memorized all of POSIX, the last actual AT&T variant, most of the last actual BSD variant, a lot of the mid v2 LINUX, And some SCO, HP/UX, AIX, SUN. I USED to be even able to tell you which variant they used. But heck, even ls(to get a directory listing) has changed a LOT! You can have some variants show names in different colors, with differnt codes, to show different file types, for example. You can list them delimited, for example. When I started, there were only about 4 scripting languages. I learned the two most common, especially since one is almost a superset of the other. Today, how many are there? does ANYONE even know? As I recall, I know four. the 2 first ones, and perl and php which are newer. And perl and php have changed a LOT since I really looked at them. Heck, you're talking about HTML 5, and I barely looked at HTML 4!

    So NOPE, one would have to be pretty stupid to think they know EVERYTHING.

    Still, I am tired of learning needless stuff. They really should stop at some point and simply improve what they have. To think, when I started, everyone thought you were an IDIOT if you didn't just STICK with COBOL! I hated, and HATE, COBOL, but at least people were LOYAL to it! BTW I learned fortran, basic, 6502, cobol, pascal, c, Z80, bourne, korn, perl, php, etc... in about that order.

    And I had jobs in about EVERY one except pascal!

    Steve
    {{ DiscussionBoard.errors[2717276].message }}
  • Profile picture of the author Patrician
    I know Steve and the nighmare is when they try to link it all up. The last shop I worked in (bank) was on the front-end Tandem system which transferred files from customers to the IBM mainframe - there are all sorts of things banks do that make things more secure like that. Hail the 'CLOUD' or 'don't touch me there'.

    However for some aspects of these configurations, try to put out a report and they are literally pasting stuff together because they get one application built in one language and then the get another one with a different language (an upgrade dontcha know ha haha) and they don't talk to each other. Ludicrous. Hello can you say 'thinking ahead'?

    I am no programmer although I can dabble and do maintenance. I was trained in BASIC, COBOL and a little C+ - but tests were open book and guess what 'use it or lose it' - i lost it - too tedious for me anyway (although I do love details so go figure).

    I do great with HTML - I am a master of copy and paste! find a block of code that works, change the links, you are home free. LOL - as long as you know the basic principles and don't insult any of their tags you are good to go!

    Back to programming that is the idea with 4th gen languages - you are not supposed to get tedious - just know the code enough to make it work and let the program itself do the work.

    It is very humble of you to act like you don't know anything and you are an expert at computers. I am sure that you will always be able to learn something when it is necessary to listen up.
    Signature
    {{ DiscussionBoard.errors[2717559].message }}
    • Profile picture of the author seasoned
      Originally Posted by Patrician View Post

      It is very humble of you to act like you don't know anything and you are an expert at computers. I am sure that you will always be able to learn something when it is necessary to listen up.
      I said that NOT to claim to know everything, or that I am an expert, but to say that EVEN after having learned that, etc... I would not even claim to know everything about even one piece.

      It is almost like a computer I looked at today. It was NOTHING by today's standards YET, it had over TWICE the speed of my last desktop, 4 times the memory, a large LCD monitor, top of the line M/S windows, and it cost LESS than just the last monitor I bought, which I would have trouble selling today.

      Steve
      {{ DiscussionBoard.errors[2717636].message }}
  • Profile picture of the author Patrician
    Yeh Steve - I know - man are you paranoid even when someone agrees with you. My compliment was sincere.

    ... and yes that is another rant how we pay so much for hardware only to see it sold much cheaper the day after - that is why i am always one version older on everything - even cars - wait til next year and buy last years - well it works for cheaper/on sale, but my son has a cow because he says doing that I owe more than the blue book value the next day...

    oh well.
    Signature
    {{ DiscussionBoard.errors[2717785].message }}

Trending Topics